|
|
This manual page is for Mac OS X version 10.6.3If you are running a different version of Mac OS X, view the documentation locally:
Reading manual pagesManual pages are intended as a quick reference for people who already understand a technology.
|
RACOONCTL(8) BSD System Manager's Manual RACOONCTL(8)
NAME
racoonctl -- racoon administrative control tool
SYNOPSIS
racoonctl reload-config
racoonctl show-schedule
racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec]
racoonctl flush-sa [isakmp|esp|ah|ipsec]
racoonctl delete-sa saopts
racoonctl establish-sa [-u identity] saopts
racoonctl vpn-connect [-u -identity] vpn_gateway
racoonctl vpn-disconnect vpn_gateway
racoonctl show-event [-l]
racoonctl logout-user login
DESCRIPTION
racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support.
Communication between racoonctl and racoon(8) is done through a UNIX socket. By changing the default
mode and ownership of the socket, you can allow non-root users to alter racoon(8) behavior, so do that
with caution.
The following commands are available:
reload-config
This should cause racoon(8) to reload its configuration file.
show-schedule
Unknown command.
show-sa [isakmp|esp|ah|ipsec]
Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec
AH SAs, or all IPsec SAs. Use -l to increase verbosity.
flush-sa [isakmp|esp|ah|ipsec]
is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs,
IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
establish-sa [-u username] saopts
Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The optional -u username
can be used when establishing an ISAKMP SA while hybrid auth is in use. racoonctl will prompt
you for the password associated with username and these credentials will be used in the Xauth
exchange.
saopts has the following format:
isakmp {inet|inet6} src dst
{esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
{icmp|tcp|udp|any}
vpn-connect [-u username] vpn_gateway
This is a particular case of the previous command. It will establish an ISAKMP SA with
vpn_gateway.
delete-sa saopts
Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
vpn-disconnect vpn_gateway
This is a particular case of the previous command. It will kill all SAs associated with
vpn_gateway.
show-event [-l]
Dump all events reported by racoon(8), then quit. The -l flag causes racoonctl to not stop
once all the events have been read, but rather to loop awaiting and reporting new events.
logout-user login
Delete all SA established on behalf of the Xauth user login.
Command shortcuts are available:
rc reload-config
ss show-sa
sc show-schedule
fs flush-sa
ds delete-sa
es establish-sa
vc vpn-connect
vd vpn-disconnect
se show-event
lu logout-user
RETURN VALUES
The command should exit with 0 on success, and non-zero on errors.
FILES
/var/racoon/racoon.sock or
/var/run/racoon.sock racoon(8) control socket.
SEE ALSO
ipsec(4), racoon(8)
HISTORY
Once was kmpstat in the KAME project. It turned into racoonctl but remained undocumented for a while.
Emmanuel Dreyfus <manu@NetBSD.org> wrote this man page.
BSD November 16, 2004 BSD
|
The way to report a problem with this manual page depends on the type of problem: