Man Linux: Main Page and Category List

NAME

     racoonctl - racoon administrative control tool

SYNOPSIS

     racoonctl reload-config
     racoonctl show-schedule
     racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec]
     racoonctl flush-sa [isakmp|esp|ah|ipsec]
     racoonctl delete-sa saopts
     racoonctl establish-sa [-u identity] saopts
     racoonctl vpn-connect [-u -identity] vpn_gateway
     racoonctl vpn-disconnect vpn_gateway
     racoonctl show-event [-l]
     racoonctl logout-user login

DESCRIPTION

     racoonctl is used to control racoon(8) operation, if ipsec-tools was
     configured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket.  By changing the default mode
     and ownership of the socket, you can allow non-root users to alter
     racoon(8) behavior, so do that with caution.

     The following commands are available:

     reload-config
             This should cause racoon(8) to reload its configuration file.

     show-schedule
             Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
             Dump the SA: All the SAs if no SA class is provided, or either
             ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.  Use
             -l to increase verbosity.

     flush-sa [isakmp|esp|ah|ipsec]
             is used to flush all SAs if no SA class is provided, or a class
             of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all
             IPsec SAs.

     establish-sa [-u username] saopts
             Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH
             SA.  The optional -u username can be used when establishing an
             ISAKMP SA while hybrid auth is in use.  racoonctl will prompt you
             for the password associated with username and these credentials
             will be used in the Xauth exchange.

             saopts has the following format:

             isakmp {inet|inet6} src dst

             {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
               {icmp|tcp|udp|any}

     vpn-connect [-u username] vpn_gateway
             This is a particular case of the previous command.  It will
             establish an ISAKMP SA with vpn_gateway.

     delete-sa saopts
             Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
             This is a particular case of the previous command.  It will kill
             all SAs associated with vpn_gateway.

     show-event [-l]
             Dump all events reported by racoon(8), then quit.  The -l flag
             causes racoonctl to not stop once all the events have been read,
             but rather to loop awaiting and reporting new events.

     logout-user login
             Delete all SA established on behalf of the Xauth user login.

     Command shortcuts are available:
           rc   reload-config
           ss   show-sa
           sc   show-schedule
           fs   flush-sa
           ds   delete-sa
           es   establish-sa
           vc   vpn-connect
           vd   vpn-disconnect
           se   show-event
           lu   logout-user

RETURN VALUES

     The command should exit with 0 on success, and non-zero on errors.

FILES

     /var/racoon/racoon.sock or
     /var/run/racoon.sock            racoon(8) control socket.

SEE ALSO

     ipsec(4), racoon(8)

HISTORY

     Once was kmpstat in the KAME project.  It turned into racoonctl but
     remained undocumented for a while.  Emmanuel Dreyfus 〈manu@NetBSD.org〉
     wrote this man page.