is used to control
operation, if ipsec-tools was configured with adminport support.
Communication between
and
is done through a UNIX socket.
By changing the default mode and ownership
of the socket, you can allow non-root users to alter
behavior, so do that with caution.
The following commands are available:
This should cause
to reload its configuration file.
Unknown command.
Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs,
IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
Use
to increase verbosity.
is used to flush all SAs if no SA class is provided, or a class of SAs,
either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.
Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
The optional
can be used when establishing an ISAKMP SA while hybrid auth is in use.
will prompt you for the password associated with
and these credentials will be used in the Xauth exchange.
has the following format:
{icmp|tcp|udp|any}
This is a particular case of the previous command.
It will establish an ISAKMP SA with
Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.
This is a particular case of the previous command.
It will kill all SAs associated with
Dump all events reported by
then quit.
The
flag causes
to not stop once all the events have been read, but rather to loop
awaiting and reporting new events.
Delete all SA established on behalf of the Xauth user
Command shortcuts are available:
reload-config
show-sa
show-schedule
flush-sa
delete-sa
establish-sa
vpn-connect
vpn-disconnect
show-event
logout-user
RETURN VALUES
The command should exit with 0 on success, and non-zero on errors.
FILES
control socket.
SEE ALSO
HISTORY
Once was
in the KAME project.
It turned into
but remained undocumented for a while.
wrote this man page.
