Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
IPSECCTL(8)		FreeBSD	System Manager's Manual		   IPSECCTL(8)

NAME
     ipsecctl -- control flows for IPsec

SYNOPSIS
     ipsecctl [-cdFkmnv] [-D macro=value] [-f file] [-i	fifo] [-s modifier]

DESCRIPTION
     The ipsecctl utility controls flows that determine	which packets are to
     be	processed by IPsec.  It	allows ruleset configuration, and retrieval of
     status information	from the kernel's SPD (Security	Policy Database) and
     SAD (Security Association Database).  It also can control isakmpd(8) and
     establish tunnels using automatic keying with isakmpd(8).	The ruleset
     grammar is	described in ipsec.conf(5).

     The options are as	follows:

     -c	     Use in combination	with the -s option to collapse flow output.

     -D	macro=value
	     Define macro to be	set to value on	the command line.  Overrides
	     the definition of macro in	the ruleset.

     -d	     When the -d option	is set,	specified flows	will be	deleted	from
	     the SPD.  Otherwise, ipsecctl will	add flows.

     -F	     The -F option flushes the SPD and the SAD.

     -f	file
	     Load the rules contained in file.

     -i	fifo
	     If	given, the -i option specifies an alternate FIFO instead of
	     /var/run/isakmpd.fifo, used to talk to isakmpd(8).

     -k	     Show secret keying	material when printing the active SAD entries.

     -m	     Continuously display all PF_KEY messages exchanged	with the ker-
	     nel.

     -n	     Do	not actually load rules, just parse them.

     -s	modifier
	     Show the kernel's databases, specified by modifier	(may be	abbre-
	     viated):

	     -s	flow	    Show the ruleset loaded into the SPD.
	     -s	sa	    Show the active SAD	entries.
	     -s	all	    Show all of	the above.

     -v	     Produce more verbose output.  A second use	of -v will produce
	     even more verbose output.

SEE ALSO
     ipsec(4), tcp(4), ipsec.conf(5), isakmpd(8)

HISTORY
     The ipsecctl program first	appeared in OpenBSD 3.8.

FreeBSD	13.0		       November	20, 2017		  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | SEE ALSO | HISTORY

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ipsecctl&sektion=8&manpath=OpenBSD+6.9>

home | help