xref: /netbsd-src/crypto/dist/ipsec-tools/src/racoon/racoonctl.8 (revision aa73cae19608873cc4d1f712c4a0f8f8435f1ffa) 
1.\"	$NetBSD: racoonctl.8,v 1.1.1.3 2005/02/24 20:53:56 manu Exp $
2.\"
3.\" Id: racoonctl.8,v 1.2.4.1 2005/02/24 18:04:42 manubsd Exp
4.\"
5.\" Copyright (C) 2004 Emmanuel Dreyfus
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\"    notice, this list of conditions and the following disclaimer in the
15.\"    documentation and/or other materials provided with the distribution.
16.\" 3. Neither the name of the project nor the names of its contributors
17.\"    may be used to endorse or promote products derived from this software
18.\"    without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.Dd November 16, 2004
33.Dt RACOONCTL 8
34.\"
35.Sh NAME
36.Nm racoonctl
37.Nd racoon administrative control tool
38.\"
39.Sh SYNOPSIS
40.Nm
41reload-config
42.Nm
43show-schedule
44.Nm
45.Op Fl l Op Fl l
46show-sa
47.Op isakmp|esp|ah|ipsec
48.Nm
49flush-sa
50.Op isakmp|esp|ah|ipsec
51.Nm
52delete-sa
53.Ar saopts
54.Nm
55establish-sa
56.Op Fl u Ar identity
57.Ar saopts
58.Nm
59vpn-connect
60.Op Fl u identity
61.Ar vpn_gateway
62.Nm
63vpn-disconnect
64.Ar vpn_gateway
65.Nm
66show-event
67.Op Fl l
68.\"
69.Sh DESCRIPTION
70.Nm
71is used to control
72.Xr racoon 8
73operation, if ipsec-tools was configured with adminport support.
74Communication between
75.Nm
76and
77.Xr racoon 8
78is done through a UNIX socket. By changing the default mode and ownership
79of the socket, you can allow non root users to alter
80.Xr racoon 8
81behavior, so do that with caution.
82.Pp
83The following commands are available:
84.Bl -tag -width Ds
85.It reload-config
86This should cause
87.Xr racoon 8
88to reload its configuration file. This seems completely broken at the time
89this man page is written.
90.It show-schedule
91Unknown command.
92.It show-sa Op isakmp|esp|ah|ipsec
93Dump the SA: All the SA if no SA class is provided, or either ISAKMP SA,
94IPsec ESP SA, or IPsec AH SA, or all IPsec SA.
95Use
96.Fl l
97to increase verbosity.
98.It flush-sa Op isakmp|esp|ah|ipsec
99is used to flush all SA if no SA class is provided, or a class of SA,
100either ISAKMP SA, IPsec ESP SA, or IPsec AH SA, or all IPsec SA.
101.It Xo establish-sa
102.Oo Fl u Ar username
103.Oc Ar saopts
104.Xc
105Establish a SA, either a ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The
106optionnal
107.Fl u Ar username
108can be used when establishing an ISAKMP SA while hybrid auth is in use.
109.Nm
110will prompt you for the password associated with
111.Ar username
112and theses credentials will be used in the Xauth exchange.
113.Pp
114.Ar saopts
115can have the following formats:
116.Bl -tag -width Bl
117.It isakmp {inet|inet6} Ar src Ar dst
118.It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port
119{icmp|tcp|udp|any}
120.El
121.It Xo vpn-connect
122.Oo Fl u Ar username
123.Oc Ar vpn_gateway
124.Xc
125This is a particular case of the previous command. It will establish an ISAKMP
126SA with
127.Ar vpn_gateway .
128.It delete-sa Ar saopts
129Delete a SA, either a ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
130.It vpn-disconnect Ar vpn_gateway
131This is a particular case of the previous command. It will kill all SA
132associated with
133.Ar vpn_gateway .
134.It show-event Op Fl l
135Dump all events reported by
136.Xr racoon 8 ,
137then quit.
138The
139.Fl l
140causes
141.Nm
142to not stop once all the events have been readen, but rather to loop
143awaiting and reporting new events.
144.El
145.Pp
146Command shortcuts are available:
147.Bl -tag -width Bl
148.It rc reload-config
149.It ss show-sa
150.It sc show-schedule
151.It fs flush-sa
152.It ds delete-sa
153.It es establish-sa
154.It vc vpn-connect
155.It vd vpn-disconnect
156.It se show-event
157.El
158.\"
159.Sh RETURN VALUES
160The command should exit with 0 on success, and non-zero on errors.
161.\"
162.Sh FILES
163.Bl -tag -width Bl
164.It Pa /var/racoon/racoon.sock or Pa /var/run/racoon.sock
165.Xr racoon 8
166control socket.
167.El
168.\"
169.Sh SEE ALSO
170.Xr ipsec 4 ,
171.Xr racoon 8 .
172.Sh HISTORY
173Once was
174.Xr kmpstat 8
175in the KAME project. It turned into
176.Xr racoonctl 8
177but remained undocumented for a while.
178.An Emmanuel Dreyfus Aq manu@netbsd.org
179wrote this man page.
180