Poster of Linux kernelThe best gift for a Linux geek
RACOONCTL

RACOONCTL

Section: Maintenance Commands (8)
Local index Up

BSD mandoc
 

NAME

racoonctl - racoon administrative control tool  

SYNOPSIS

reload-config
show-schedule
[-l [-l ] ] show-sa [isakmp|esp|ah|ipsec]
flush-sa [isakmp|esp|ah|ipsec]
delete-sa saopts
establish-sa [-u identity ] saopts
vpn-connect [-u identity ] vpn_gateway
vpn-disconnect vpn_gateway
show-event [-l ]
logout-user login  

DESCRIPTION

is used to control racoon(8) operation, if ipsec-tools was configured with adminport support. Communication between and racoon(8) is done through a UNIX socket. By changing the default mode and ownership of the socket, you can allow non-root users to alter racoon(8) behavior, so do that with caution.

The following commands are available:

reload-config
This should cause racoon(8) to reload its configuration file.
show-schedule
Unknown command.
show-sa [isakmp|esp|ah|ipsec]
Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. Use -l to increase verbosity.
flush-sa [isakmp|esp|ah|ipsec]
is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
establish-sa [-u username saopts ]
Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The optional -u username can be used when establishing an ISAKMP SA while hybrid auth is in use. will prompt you for the password associated with username and these credentials will be used in the Xauth exchange.

saopts has the following format:

isakmp {inet|inet6} src dst
{esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
{icmp|tcp|udp|any}

vpn-connect [-u username vpn_gateway ]
This is a particular case of the previous command. It will establish an ISAKMP SA with vpn_gateway
delete-sa saopts
Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
vpn-disconnect vpn_gateway
This is a particular case of the previous command. It will kill all SAs associated with vpn_gateway
show-event [-l ]
Dump all events reported by racoon(8), then quit. The -l flag causes to not stop once all the events have been read, but rather to loop awaiting and reporting new events.
logout-user login
Delete all SA established on behalf of the Xauth user login

Command shortcuts are available:

rc
reload-config
ss
show-sa
sc
show-schedule
fs
flush-sa
ds
delete-sa
es
establish-sa
vc
vpn-connect
vd
vpn-disconnect
se
show-event
lu
logout-user

 

RETURN VALUES

The command should exit with 0 on success, and non-zero on errors.  

FILES

/var/racoon/racoon.sock or
/var/run/racoon.sock
racoon(8) control socket.

 

SEE ALSO

ipsec(4), racoon(8)  

HISTORY

Once was kmpstat in the KAME project. It turned into but remained undocumented for a while. An Emmanuel Dreyfus Aq manu@NetBSD.org wrote this man page.


 

Index

NAME
SYNOPSIS
DESCRIPTION
RETURN VALUES
FILES
SEE ALSO
HISTORY

This document was created by man2html, using the manual pages.
Time: 22:02:13 GMT, April 16, 2011