Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
RACOONCTL(8)		  BSD System Manager's Manual		  RACOONCTL(8)

NAME
     racoonctl -- racoon administrative	control	tool

SYNOPSIS
     racoonctl [opts] reload-config
     racoonctl [opts] show-schedule
     racoonctl [opts] show-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] get-sa-cert [inet|inet6] src dst
     racoonctl [opts] flush-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] delete-sa	saopts
     racoonctl [opts] establish-sa [-w]	[-n remoteconf]	[-u identity] saopts
     racoonctl [opts] vpn-connect [-u identity]	vpn_gateway
     racoonctl [opts] vpn-disconnect vpn_gateway
     racoonctl [opts] show-event
     racoonctl [opts] logout-user login

DESCRIPTION
     racoonctl is used to control racoon(8) operation, if ipsec-tools was con-
     figured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket.  By changing the default mode
     and ownership of the socket, you can allow	non-root users to alter
     racoon(8) behavior, so do that with caution.

     The following general options are available:

     -d	     Debug mode.  Hexdump sent admin port commands.

     -l	     Increase verbosity.  Mainly for show-sa command.

     -s	socket
	     Specify unix socket name used to connecting racoon.

     The following commands are	available:

     reload-config
	     This should cause racoon(8) to reload its configuration file.

     show-schedule
	     Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
	     Dump the SA: All the SAs if no SA class is	provided, or either
	     ISAKMP SAs, IPsec ESP SAs,	IPsec AH SAs, or all IPsec SAs.	 Use
	     -l	to increase verbosity.

     get-sa-cert [inet|inet6] src dst
	     Output the	raw certificate	that was used to authenticate the
	     phase 1 matching src and dst.

     flush-sa [isakmp|esp|ah|ipsec]
	     is	used to	flush all SAs if no SA class is	provided, or a class
	     of	SAs, either ISAKMP SAs,	IPsec ESP SAs, IPsec AH	SAs, or	all
	     IPsec SAs.

     establish-sa [-w] [-n remoteconf] [-u username] saopts
	     Establish an SA, either an	ISAKMP SA, IPsec ESP SA, or IPsec AH
	     SA.  The optional -u username can be used when establishing an
	     ISAKMP SA while hybrid auth is in use.  The exact remote block to
	     use can be	specified with -n remoteconf.  racoonctl will prompt
	     you for the password associated with username and these creden-
	     tials will	be used	in the Xauth exchange.

	     Specifying	-w will	make racoonctl wait until the SA is actually
	     established or an error occurs.

	     saopts has	the following format:

	     isakmp {inet|inet6} src dst

	     {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
	       {icmp|tcp|udp|gre|any}

     vpn-connect [-u username] vpn_gateway
	     This is a particular case of the previous command.	 It will es-
	     tablish an	ISAKMP SA with vpn_gateway.

     delete-sa saopts
	     Delete an SA, either an ISAKMP SA,	IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
	     This is a particular case of the previous command.	 It will kill
	     all SAs associated	with vpn_gateway.

     show-event
	     Listen for	all events reported by racoon(8).

     logout-user login
	     Delete all	SA established on behalf of the	Xauth user login.

     Command shortcuts are available:
	   rc	reload-config
	   ss	show-sa
	   sc	show-schedule
	   fs	flush-sa
	   ds	delete-sa
	   es	establish-sa
	   vc	vpn-connect
	   vd	vpn-disconnect
	   se	show-event
	   lu	logout-user

RETURN VALUES
     The command should	exit with 0 on success,	and non-zero on	errors.

FILES
     /var/racoon/racoon.sock or
     /var/run/racoon.sock	     racoon(8) control socket.

SEE ALSO
     ipsec(4), racoon(8)

HISTORY
     Once was kmpstat in the KAME project.  It turned into racoonctl but re-
     mained undocumented for a while.  Emmanuel	Dreyfus	<manu@NetBSD.org>
     wrote this	man page.

BSD				March 12, 2009				   BSD

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | FILES | SEE ALSO | HISTORY

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=racoonctl&sektion=8&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help