1 .\" $Id: racoonctl.8,v 1.2 2004/11/21 16:46:53 manubsd Exp $
3 .\" Copyright (C) 2004 Emmanuel Dreyfus
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the project nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 .Nd racoon administrative control tool
45 .Op isakmp|esp|ah|ipsec
48 .Op isakmp|esp|ah|ipsec
71 operation, if ipsec-tools was configured with adminport support.
76 is done through a UNIX socket. By changing the default mode and ownership
77 of the socket, you can allow non root users to alter
79 behavior, so do that with caution.
81 The following commands are available:
86 to reload its configuration file. This seems completely broken at the time
87 this man page is written.
90 .It show-sa Op isakmp|esp|ah|ipsec
91 Dump the SA: All the SA if no SA class is provided, or either ISAKMP SA,
92 IPsec ESP SA, or IPsec AH SA, or all IPsec SA.
95 to increase verbosity.
96 .It flush-sa Op isakmp|esp|ah|ipsec
97 is used to flush all SA if no SA class is provided, or a class of SA,
98 either ISAKMP SA, IPsec ESP SA, or IPsec AH SA, or all IPsec SA.
99 .It establish-sa Oo Fl u Ar username Oc Ar saopts
100 Establish a SA, either a ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The
103 can be used when establishing an ISAKMP SA while hybrid auth is in use.
105 will prompt you for the password associated with
107 and theses credentials will be used in the Xauth exchange.
110 can have the following formats:
112 .It isakmp {inet|inet6} Ar src Ar dst
113 .It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
116 .It vpn-connect Oo Fl u Ar username Oc Ar vpn_gateway
117 This is a particular case of the previous command. It will establish an ISAKMP
120 .It delete-sa Ar saopts
121 Delete a SA, either a ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
122 .It vpn-disconnect Ar vpn_gateway
123 This is a particular case of the previous command. It will kill all SA
126 .It show-event Op Fl l
127 Dump all events reported by
134 to not stop once all the events have been readen, but rather to loop
135 awaiting and reporting new events.
138 Command shortcuts are available:
161 The command should exit with 0 on success, and non-zero on errors.
165 .It Pa /var/racoon/racoon.sock
176 in the KAME project. It turned into
177 .Xr racoonctl 8 but remained undocumented for a while.
178 .An Emmanuel Dreyfus Aq manu@netbsd.org