NAME
racoonctl
- racoon administrative control tool
SYNOPSIS
racoonctl
reload-config
racoonctl
show-schedule
racoonctl
[-l[ -l]]
show-sa
[isakmp|esp|ah|ipsec]
racoonctl
flush-sa
[isakmp|esp|ah|ipsec]
racoonctl
delete-sa
saopts
racoonctl
establish-sa
[-u identity]
saopts
racoonctl
vpn-connect
[-u identity]
vpn_gateway
racoonctl
vpn-disconnect
vpn_gateway
racoonctl
show-event
[-l]
racoonctl
logout-user
login
DESCRIPTION
racoonctl
is used to control
racoon(8)
operation, if ipsec-tools was configured with adminport support.
Communication between
racoonctl
and
racoon(8)
is done through a UNIX socket.
By changing the default mode and ownership
of the socket, you can allow non-root users to alter
racoon(8)
behavior, so do that with caution.
The following commands are available:
- reload-config
-
This should cause
racoon(8)
to reload its configuration file.
- show-schedule
-
Unknown command.
- show-sa[ isakmp|esp|ah|ipsec]
-
Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
Use
-l
to increase verbosity.
- flush-sa[ isakmp|esp|ah|ipsec]
-
is used to flush all SAs if no SA class is provided, or a class of SAs,
either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
- Xo establish-sa
-
[-u usernamesaopts]
Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
The optional
-u username
can be used when establishing an ISAKMP SA while hybrid auth is in use.
racoonctl
will prompt you for the password associated with
username
and these credentials will be used in the Xauth exchange.
saopts
has the following format:
- isakmp {inet|inet6} src dst
-
- {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
-
{icmp|tcp|udp|any}
- Xo vpn-connect
-
[-u usernamevpn_gateway]
This is a particular case of the previous command.
It will establish an ISAKMP SA with
vpn_gateway.
- delete-sa saopts
-
Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
- vpn-disconnect vpn_gateway
-
This is a particular case of the previous command.
It will kill all SAs associated with
vpn_gateway.
- show-event[ -l]
-
Dump all events reported by
racoon(8),
then quit.
The
-l
flag causes
racoonctl
to not stop once all the events have been read, but rather to loop
awaiting and reporting new events.
- logout-user login
-
Delete all SA established on behalf of the Xauth user
login.
Command shortcuts are available:
- rc
-
reload-config
- ss
-
show-sa
- sc
-
show-schedule
- fs
-
flush-sa
- ds
-
delete-sa
- es
-
establish-sa
- vc
-
vpn-connect
- vd
-
vpn-disconnect
- se
-
show-event
- lu
-
logout-user
RETURN VALUES
The command should exit with 0 on success, and non-zero on errors.
FILES
/var/racoon/racoon.sock
or-
/var/run/racoon.sock
-
racoon(8)
control socket.
SEE ALSO
ipsec(4),
racoon(8)
HISTORY
Once was
kmpstat
in the KAME project.
It turned into
racoonctl
but remained undocumented for a while.
Emmanuel Dreyfus <manu@NetBSD.org>
wrote this man page.