GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  RACOONCTL (8)

NAME

racoonctl - racoon administrative control tool

CONTENTS

Synopsis
Description
Return Values
Files
See Also
History

SYNOPSIS

racoonctl [opts] reload-config racoonctl [opts] show-schedule racoonctl [opts] show-sa [isakmp|esp|ah|ipsec] racoonctl [opts] get-sa-cert [inet|inet6] src dst racoonctl [opts] flush-sa [isakmp|esp|ah|ipsec] racoonctl [opts] delete-sa saopts racoonctl [opts] establish-sa [-w] [-n remoteconf] [-u identity] saopts racoonctl [opts] vpn-connect [-u identity] vpn_gateway racoonctl [opts] vpn-disconnect vpn_gateway racoonctl [opts] show-event racoonctl [opts] logout-user login

DESCRIPTION

racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support. Communication between racoonctl and racoon(8) is done through a UNIX socket. By changing the default mode and ownership of the socket, you can allow non-root users to alter racoon(8) behavior, so do that with caution.

The following general options are available:
-d Debug mode. Hexdump sent admin port commands.
-l Increase verbosity. Mainly for show-sa command.
-s socket
  Specify unix socket name used to connecting racoon.

The following commands are available:
reload-config
  This should cause racoon(8) to reload its configuration file.
show-schedule
  Unknown command.
show-sa [isakmp|esp|ah|ipsec]
  Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. Use -l to increase verbosity.
get-sa-cert[inet|inet6src dst]
  Output the raw certificate that was used to authenticate the phase 1 matching src and dst.
flush-sa [isakmp|esp|ah|ipsec]
  is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
establish-sa[-w[-nremoteconf[-uusername]]
  Oc Ar saopts Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The optional -u username can be used when establishing an ISAKMP SA while hybrid auth is in use. The exact remote block to use can be specified with -n remoteconf. racoonctl will prompt you for the password associated with username and these credentials will be used in the Xauth exchange.

Specifying -w will make racoonctl wait until the SA is actually established or an error occurs.

saopts has the following format:

isakmp {inet|inet6} src dst
{esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
  {icmp|tcp|udp|gre|any}
vpn-connect[-u usernamevpn_gateway]
  This is a particular case of the previous command. It will establish an ISAKMP SA with vpn_gateway.
delete-sa saopts
  Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
vpn-disconnect vpn_gateway
  This is a particular case of the previous command. It will kill all SAs associated with vpn_gateway.
show-event
  Listen for all events reported by racoon(8).
logout-user login
  Delete all SA established on behalf of the Xauth user login.

Command shortcuts are available:
rc reload-config
ss show-sa
sc show-schedule
fs flush-sa
ds delete-sa
es establish-sa
vc vpn-connect
vd vpn-disconnect
se show-event
lu logout-user

RETURN VALUES

The command should exit with 0 on success, and non-zero on errors.

FILES

/var/racoon/racoon.sock or
/var/run/racoon.sock
  racoon(8) control socket.

SEE ALSO

ipsec(4), racoon(8)

HISTORY

Once was kmpstat in the KAME project. It turned into racoonctl but remained undocumented for a while.
.An Emmanuel Dreyfus Aq manu@NetBSD.org wrote this man page.
Search for    or go to Top of page |  Section 8 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.