1RACOONCTL(8)              BSD System Manager's Manual             RACOONCTL(8)
2

NAME

4     racoonctl — racoon administrative control tool
5

SYNOPSIS

7     racoonctl reload-config
8     racoonctl show-schedule
9     racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec]
10     racoonctl flush-sa [isakmp|esp|ah|ipsec]
11     racoonctl delete-sa saopts
12     racoonctl establish-sa [-u identity] saopts
13     racoonctl vpn-connect [-u -identity] vpn_gateway
14     racoonctl vpn-disconnect vpn_gateway
15     racoonctl show-event [-l]
16

DESCRIPTION

18     racoonctl is used to control racoon(8) operation, if ipsec-tools was con‐
19     figured with adminport support.  Communication between racoonctl and
20     racoon(8) is done through a UNIX socket.  By changing the default mode
21     and ownership of the socket, you can allow non-root users to alter
22     racoon(8) behavior, so do that with caution.
23
24     The following commands are available:
25
26     reload-config
27             This should cause racoon(8) to reload its configuration file.
28             This seems completely broken at the time this man page is writ‐
29             ten.
30
31     show-schedule
32             Unknown command.
33
34     show-sa [isakmp|esp|ah|ipsec]
35             Dump the SA: All the SAs if no SA class is provided, or either
36             ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.  Use
37             -l to increase verbosity.
38
39     flush-sa [isakmp|esp|ah|ipsec]
40             is used to flush all SAs if no SA class is provided, or a class
41             of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all
42             IPsec SAs.
43
44     establish-sa [-u username] saopts
45             Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH
46             SA.  The optional -u username can be used when establishing an
47             ISAKMP SA while hybrid auth is in use.  racoonctl will prompt you
48             for the password associated with username and these credentials
49             will be used in the Xauth exchange.
50
51             saopts has the following format:
52
53             isakmp {inet|inet6} src dst
54
55             {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
56               {icmp|tcp|udp|any}
57
58     vpn-connect [-u username] vpn_gateway
59             This is a particular case of the previous command.  It will
60             establish an ISAKMP SA with vpn_gateway.
61
62     delete-sa saopts
63             Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
64
65     vpn-disconnect vpn_gateway
66             This is a particular case of the previous command.  It will kill
67             all SAs associated with vpn_gateway.
68
69     show-event [-l]
70             Dump all events reported by racoon(8), then quit.  The -l flag
71             causes racoonctl to not stop once all the events have been read,
72             but rather to loop awaiting and reporting new events.
73
74     Command shortcuts are available:
75           rc   reload-config
76           ss   show-sa
77           sc   show-schedule
78           fs   flush-sa
79           ds   delete-sa
80           es   establish-sa
81           vc   vpn-connect
82           vd   vpn-disconnect
83           se   show-event
84

RETURN VALUES

86     The command should exit with 0 on success, and non-zero on errors.
87

FILES

89     /var/racoon/racoon.sock or
90     /var/run/racoon.sock            racoon(8) control socket.
91

SEE ALSO

93     ipsec(4), racoon(8)
94

HISTORY

96     Once was kmpstat in the KAME project.  It turned into racoonctl but
97     remained undocumented for a while.  Emmanuel Dreyfus <manu@NetBSD.org>
98     wrote this man page.
99
100BSD                            November 16, 2004                           BSD
Impressum