p
The following general options are available:
l -tag -width Ds t Fl d Debug mode.
Hexdump sent admin port commands.
t Fl l Increase verbosity.
Mainly for show-sa command.
t Fl s Ar socket Specify unix socket name used to connecting racoon.
.El
p The following commands are available: l -tag -width Ds t reload-config This should cause .Xr racoon 8 to reload its configuration file. t show-schedule Unknown command. t show-sa Op isakmp|esp|ah|ipsec Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. Use .Fl l to increase verbosity. t get-sa-cert Oo inet|inet6 Oc Ar src dst Output the raw certificate that was used to authenticate the phase 1 matching .Ar src and .Ar dst . t flush-sa Op isakmp|esp|ah|ipsec is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. t establish-sa Oo Fl w Oc Oo Fl n Ar remoteconf Oc Oo Fl u Ar username \ Oc Ar saopts Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The optional .Fl u Ar username can be used when establishing an ISAKMP SA while hybrid auth is in use. The exact remote block to use can be specified with .Fl n Ar remoteconf . .Nm will prompt you for the password associated with .Ar username and these credentials will be used in the Xauth exchange.
p Specifying .Fl w will make racoonctl wait until the SA is actually established or an error occurs.
p .Ar saopts has the following format: l -tag -width Bl t isakmp {inet|inet6} Ar src Ar dst t {esp|ah} {inet|inet6} Ar src/prefixlen/port Ar dst/prefixlen/port {icmp|tcp|udp|gre|any} .El t vpn-connect Oo Fl u Ar username Oc Ar vpn_gateway This is a particular case of the previous command. It will establish an ISAKMP SA with .Ar vpn_gateway . t delete-sa Ar saopts Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. t vpn-disconnect Ar vpn_gateway This is a particular case of the previous command. It will kill all SAs associated with .Ar vpn_gateway . t show-event Listen for all events reported by .Xr racoon 8 . t logout-user Ar login Delete all SA established on behalf of the Xauth user .Ar login . .El
p
Command shortcuts are available:
l -tag -width XXX -compact -offset indent t rc reload-config
t ss show-sa
t sc show-schedule
t fs flush-sa
t ds delete-sa
t es establish-sa
t vc vpn-connect
t vd vpn-disconnect
t se show-event
t lu logout-user
.El
.Sh RETURN VALUES
The command should exit with 0 on success, and non-zero on errors.
.Sh FILES
l -tag -width 30n -compact t Pa /var/racoon/racoon.sock No or t Pa /var/run/racoon.sock .Xr racoon 8
control socket.
.El
.Sh SEE ALSO
.Xr ipsec 4 ,
.Xr racoon 8
.Sh HISTORY
Once was
c kmpstat in the KAME project.
It turned into
.Nm
but remained undocumented for a while.
.An Emmanuel Dreyfus Aq manu (at] NetBSD.org
wrote this man page.