RACOONCTL(8)            NetBSD System Manager's Manual            RACOONCTL(8)

NAME
     racoonctl -- racoon administrative control tool

SYNOPSIS
     racoonctl [opts] reload-config
     racoonctl [opts] show-schedule
     racoonctl [opts] show-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] get-sa-cert [inet|inet6] src dst
     racoonctl [opts] flush-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] delete-sa saopts
     racoonctl [opts] establish-sa [-w] [-n remoteconf] [-u identity] saopts
     racoonctl [opts] vpn-connect [-u identity] vpn_gateway
     racoonctl [opts] vpn-disconnect vpn_gateway
     racoonctl [opts] show-event
     racoonctl [opts] logout-user login

DESCRIPTION
     racoonctl is used to control racoon(8) operation, if ipsec-tools was con-
     figured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket.  By changing the default mode
     and ownership of the socket, you can allow non-root users to alter
     racoon(8) behavior, so do that with caution.

     The following general options are available:

     -d      Debug mode.  Hexdump sent admin port commands.

     -l      Increase verbosity.  Mainly for show-sa command.

     -s socket
             Specify unix socket name used to connecting racoon.

     The following commands are available:

     reload-config
             This should cause racoon(8) to reload its configuration file.

     show-schedule
             Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
             Dump the SA: All the SAs if no SA class is provided, or either
             ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.  Use
             -l to increase verbosity.

     get-sa-cert [inet|inet6] src dst
             Output the raw certificate that was used to authenticate the
             phase 1 matching src and dst.

     flush-sa [isakmp|esp|ah|ipsec]
             is used to flush all SAs if no SA class is provided, or a class
             of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all
             IPsec SAs.

     establish-sa [-w] [-n remoteconf] [-u username] saopts
             Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH
             SA.  The optional -u username can be used when establishing an
             ISAKMP SA while hybrid auth is in use.  The exact remote block to
             use can be specified with -n remoteconf.  racoonctl will prompt
             you for the password associated with username and these creden-
             tials will be used in the Xauth exchange.

             Specifying -w will make racoonctl wait until the SA is actually
             established or an error occurs.

             saopts has the following format:

             isakmp {inet|inet6} src dst

             {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
               {icmp|tcp|udp|gre|any}

     vpn-connect [-u username] vpn_gateway
             This is a particular case of the previous command.  It will
             establish an ISAKMP SA with vpn_gateway.

     delete-sa saopts
             Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
             This is a particular case of the previous command.  It will kill
             all SAs associated with vpn_gateway.

     show-event
             Listen for all events reported by racoon(8).

     logout-user login
             Delete all SA established on behalf of the Xauth user login.

     Command shortcuts are available:
           rc   reload-config
           ss   show-sa
           sc   show-schedule
           fs   flush-sa
           ds   delete-sa
           es   establish-sa
           vc   vpn-connect
           vd   vpn-disconnect
           se   show-event
           lu   logout-user

RETURN VALUES
     The command should exit with 0 on success, and non-zero on errors.

FILES
     /var/racoon/racoon.sock or
     /var/run/racoon.sock            racoon(8) control socket.

SEE ALSO
     ipsec(4), racoon(8)

HISTORY
     Once was kmpstat in the KAME project.  It turned into racoonctl but
     remained undocumented for a while.  Emmanuel Dreyfus <manu@NetBSD.org>
     wrote this man page.

NetBSD 6.0                      March 12, 2009                      NetBSD 6.0

You can also request any man page by name and (optionally) by section:

Command: 
Section: 
Architecture: 
Collection: 
 

Use the DEFAULT collection to view manual pages for third-party software.


©1994 Man-cgi 1.15, Panagiotis Christias <christia@softlab.ntua.gr>
©1996-2014 Modified for NetBSD by Kimmo Suominen