IPSECCTL(8) System Manager's Manual IPSECCTL(8)
ipsecctl - control flows for IPsec
ipsecctl [-dFkmnv] [-D macro=value] [-f file] [-i fifo] [-s modifier]
The ipsecctl utility controls flows that determine which packets are to
be processed by IPsec. It allows ruleset configuration, and retrieval of
status information from the kernel's SPD (Security Policy Database) and
SAD (Security Association Database). It also can control isakmpd(8) and
establish tunnels using automatic keying with isakmpd(8). The ruleset
grammar is described in ipsec.conf(5).
The options are as follows:
Define macro to be set to value on the command line. Overrides
the definition of macro in the ruleset.
-d When the -d option is set, specified flows will be deleted from
the SPD. Otherwise, ipsecctl will add flows.
-F The -F option flushes the SPD and the SAD.
Load the rules contained in file.
If given, the -i option specifies an alternate FIFO instead of
/var/run/isakmpd.fifo, used to talk to isakmpd(8).
-k Show secret keying material when printing the active SAD entries.
-m Continuously display all PF_KEY messages exchanged with the
-n Do not actually load rules, just parse them.
Show the kernel's databases, specified by modifier (may be
-s flow Show the ruleset loaded into the SPD.
-s sa Show the active SAD entries.
-s all Show all of the above.
-v Produce more verbose output. A second use of -v will produce
even more verbose output.
ipsec(4), tcp(4), ipsec.conf(5), isakmpd(8)
The ipsecctl program first appeared in OpenBSD 3.8.
OpenBSD 5.9 November 8, 2011 OpenBSD 5.9
[Unix Hosting |
[Engineering & Automation |
Software Development |