1.\" $NetBSD: racoonctl.8,v 1.13 2006/09/09 16:22:10 manu Exp $ 2.\" 3.\" Id: racoonctl.8,v 1.6 2006/05/07 21:32:59 manubsd Exp 4.\" 5.\" Copyright (C) 2004 Emmanuel Dreyfus 6.\" All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 3. Neither the name of the project nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.Dd November 16, 2004 33.Dt RACOONCTL 8 34.Os 35.\" 36.Sh NAME 37.Nm racoonctl 38.Nd racoon administrative control tool 39.\" 40.Sh SYNOPSIS 41.Nm 42reload-config 43.Nm 44show-schedule 45.Nm 46.Op Fl l Op Fl l 47show-sa 48.Op isakmp|esp|ah|ipsec 49.Nm 50flush-sa 51.Op isakmp|esp|ah|ipsec 52.Nm 53delete-sa 54.Ar saopts 55.Nm 56establish-sa 57.Op Fl u Ar identity 58.Ar saopts 59.Nm 60vpn-connect 61.Op Fl u identity 62.Ar vpn_gateway 63.Nm 64vpn-disconnect 65.Ar vpn_gateway 66.Nm 67show-event 68.Op Fl l 69.Nm 70logout-user 71.Ar login 72.\" 73.Sh DESCRIPTION 74.Nm 75is used to control 76.Xr racoon 8 77operation, if ipsec-tools was configured with adminport support. 78Communication between 79.Nm 80and 81.Xr racoon 8 82is done through a UNIX socket. 83By changing the default mode and ownership 84of the socket, you can allow non-root users to alter 85.Xr racoon 8 86behavior, so do that with caution. 87.Pp 88The following commands are available: 89.Bl -tag -width Ds 90.It reload-config 91This should cause 92.Xr racoon 8 93to reload its configuration file. 94.It show-schedule 95Unknown command. 96.It show-sa Op isakmp|esp|ah|ipsec 97Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, 98IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. 99Use 100.Fl l 101to increase verbosity. 102.It flush-sa Op isakmp|esp|ah|ipsec 103is used to flush all SAs if no SA class is provided, or a class of SAs, 104either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. 105.It Xo establish-sa 106.Oo Fl u Ar username 107.Oc Ar saopts 108.Xc 109Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. 110The optional 111.Fl u Ar username 112can be used when establishing an ISAKMP SA while hybrid auth is in use. 113.Nm 114will prompt you for the password associated with 115.Ar username 116and these credentials will be used in the Xauth exchange. 117.Pp 118.Ar saopts 119has the following format: 120.Bl -tag -width Bl 121.It isakmp {inet|inet6} Ar src Ar dst 122.It {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port 123{icmp|tcp|udp|any} 124.El 125.It Xo vpn-connect 126.Oo Fl u Ar username 127.Oc Ar vpn_gateway 128.Xc 129This is a particular case of the previous command. 130It will establish an ISAKMP SA with 131.Ar vpn_gateway . 132.It delete-sa Ar saopts 133Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. 134.It vpn-disconnect Ar vpn_gateway 135This is a particular case of the previous command. 136It will kill all SAs associated with 137.Ar vpn_gateway . 138.It show-event Op Fl l 139Dump all events reported by 140.Xr racoon 8 , 141then quit. 142The 143.Fl l 144flag causes 145.Nm 146to not stop once all the events have been read, but rather to loop 147awaiting and reporting new events. 148.It logout-user Ar login 149Delete all SA established on behalf of the Xauth user 150.Ar login . 151.El 152.Pp 153Command shortcuts are available: 154.Bl -tag -width XXX -compact -offset indent 155.It rc 156reload-config 157.It ss 158show-sa 159.It sc 160show-schedule 161.It fs 162flush-sa 163.It ds 164delete-sa 165.It es 166establish-sa 167.It vc 168vpn-connect 169.It vd 170vpn-disconnect 171.It se 172show-event 173.It lu 174logout-user 175.El 176.\" 177.Sh RETURN VALUES 178The command should exit with 0 on success, and non-zero on errors. 179.\" 180.Sh FILES 181.Bl -tag -width 30n -compact 182.It Pa /var/racoon/racoon.sock No or 183.It Pa /var/run/racoon.sock 184.Xr racoon 8 185control socket. 186.El 187.\" 188.Sh SEE ALSO 189.Xr ipsec 4 , 190.Xr racoon 8 191.Sh HISTORY 192Once was 193.Ic kmpstat 194in the KAME project. 195It turned into 196.Nm 197but remained undocumented for a while. 198.An Emmanuel Dreyfus Aq manu@NetBSD.org 199wrote this man page. 200