Unix for Beginners
Unix Shell Programming
Advanced Unix
Unix Useful References
Unix Useful Resources
Selected Reading
© 2011 TutorialsPoint.COM
|
racoonctl - Unix, Linux Command
NAME
racoonctl
- racoon administrative control tool
SYNOPSIS
racoonctl
reload-config
racoonctl
show-schedule
racoonctl
[-l [-l]]
show-sa
[isakmp|esp|ah|ipsec]
racoonctl
flush-sa
[isakmp|esp|ah|ipsec]
racoonctl
delete-sa
saopts
racoonctl
establish-sa
[-u identity]
saopts
racoonctl
vpn-connect
[-u-identity ]
vpn_gateway
racoonctl
vpn-disconnect
vpn_gateway
racoonctl
show-event
[-l]
DESCRIPTION
racoonctl
is used to control
racoon(8)
operation, if ipsec-tools was configured with adminport support.
Communication between
racoonctl
and
racoon(8)
is done through a UNIX socket.
By changing the default mode and ownership
of the socket, you can allow non-root users to alter
racoon(8)
behavior, so do that with caution.
The following commands are available:
Tag | Description |
reload-config
| |
This should cause
racoon(8)
to reload its configuration file.
This seems completely broken at the time this man page is written.
|
show-schedule
| |
Unknown command.
|
show-sa [isakmp|esp|ah|ipsec]
| |
Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
Use
-l
to increase verbosity.
|
flush-sa [isakmp|esp|ah|ipsec]
| |
is used to flush all SAs if no SA class is provided, or a class of SAs,
either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
|
[-u username
saopts]
| |
Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
The optional
-u username
can be used when establishing an ISAKMP SA while hybrid auth is in use.
racoonctl
will prompt you for the password associated with
username
and these credentials will be used in the Xauth exchange.
saopts
has the following format:
|
isakmp {inet|inet6} src dst
{esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
| |
{icmp|tcp|udp|any}
|
Tag | Description |
[-u username
vpn_gateway]
| |
This is a particular case of the previous command.
It will establish an ISAKMP SA with
vpn_gateway.
|
delete-sa saopts
| |
Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
|
vpn-disconnect vpn_gateway
| |
This is a particular case of the previous command.
It will kill all SAs associated with
vpn_gateway.
|
show-event [-l]
| |
Dump all events reported by
racoon(8),
then quit.
The
-l
flag causes
racoonctl
to not stop once all the events have been read, but rather to loop
awaiting and reporting new events.
|
Command shortcuts are available:
Tag | Description |
rc
|
reload-config
|
ss
|
show-sa
|
sc
|
show-schedule
|
fs
|
flush-sa
|
ds
|
delete-sa
|
es
|
establish-sa
|
vc
|
vpn-connect
|
vd
|
vpn-disconnect
|
se
|
show-event
|
RETURN VALUES
The command should exit with 0 on success, and non-zero on errors.
FILES
Tag | Description |
/var/racoon/racoon.sock or
/var/run/racoon.sock
| |
racoon(8)
control socket.
|
SEE ALSO
racoon(8)
HISTORY
Once was
kmpstat
in the KAME project.
It turned into
racoonctl
but remained undocumented for a while.
.An Emmanuel Dreyfus Aq manu@NetBSD.org
wrote this man page.
|
|
|