xref: /openbsd-src/sbin/ipsecctl/ipsecctl.8 (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1.\"	$OpenBSD: ipsecctl.8,v 1.28 2011/11/08 16:49:32 jmc Exp $
2.\"
3.\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.Dd $Mdocdate: November 8 2011 $
18.Dt IPSECCTL 8
19.Os
20.Sh NAME
21.Nm ipsecctl
22.Nd control flows for IPsec
23.Sh SYNOPSIS
24.Nm ipsecctl
25.Op Fl dFkmnv
26.Op Fl D Ar macro Ns = Ns Ar value
27.Op Fl f Ar file
28.Op Fl i Ar fifo
29.Op Fl s Ar modifier
30.Sh DESCRIPTION
31The
32.Nm
33utility controls flows that determine which packets are to be processed by
34IPsec.
35It allows ruleset configuration, and retrieval of status information from the
36kernel's SPD (Security Policy Database) and SAD (Security Association
37Database).
38It also can control
39.Xr isakmpd 8
40and establish tunnels using automatic keying with
41.Xr isakmpd 8 .
42The ruleset grammar is described in
43.Xr ipsec.conf 5 .
44.Pp
45The options are as follows:
46.Bl -tag -width Ds
47.It Fl D Ar macro Ns = Ns Ar value
48Define
49.Ar macro
50to be set to
51.Ar value
52on the command line.
53Overrides the definition of
54.Ar macro
55in the ruleset.
56.It Fl d
57When the
58.Fl d
59option is set, specified flows will be deleted from the SPD.
60Otherwise,
61.Nm
62will add flows.
63.It Fl F
64The
65.Fl F
66option flushes the SPD and the SAD.
67.It Fl f Ar file
68Load the rules contained in
69.Ar file .
70.It Fl i Ar fifo
71If given, the
72.Fl i
73option specifies an alternate FIFO instead of
74.Pa /var/run/isakmpd.fifo ,
75used to talk to
76.Xr isakmpd 8 .
77.It Fl k
78Show secret keying material when printing the active SAD entries.
79.It Fl m
80Continuously display all
81.Dv PF_KEY
82messages exchanged with the kernel.
83.It Fl n
84Do not actually load rules, just parse them.
85.It Fl s Ar modifier
86Show the kernel's databases, specified by
87.Ar modifier
88(may be abbreviated):
89.Pp
90.Bl -tag -width xxxxxxxxxxxxx -compact
91.It Fl s Cm flow
92Show the ruleset loaded into the SPD.
93.It Fl s Cm sa
94Show the active SAD entries.
95.It Fl s Cm all
96Show all of the above.
97.El
98.It Fl v
99Produce more verbose output.
100A second use of
101.Fl v
102will produce even more verbose output.
103.El
104.Sh SEE ALSO
105.Xr ipsec 4 ,
106.Xr tcp 4 ,
107.Xr ipsec.conf 5 ,
108.Xr isakmpd 8
109.\" .Sh STANDARDS
110.\" .Sh HISTORY
111.\" .Sh AUTHORS
112.\" .Sh CAVEATS
113.\" .Sh BUGS
114.Sh HISTORY
115The
116.Nm ipsecctl
117program first appeared in
118.Ox 3.8 .
119