ipsecctl



IPSECCTL(8)             OpenBSD System Manager's Manual            IPSECCTL(8)


NAME

     ipsecctl - control flows for IPsec


SYNOPSIS

     ipsecctl [-dFkmnv] [-D macro=value] [-f file] [-i fifo] [-s modifier]


DESCRIPTION

     The ipsecctl utility controls flows that determine which packets are to
     be processed by IPsec.  It allows ruleset configuration, and retrieval of
     status information from the kernel's SPD (Security Policy Database) and
     SAD (Security Association Database).  It also can control isakmpd(8) and
     establish tunnels using automatic keying with isakmpd(8).  The ruleset
     grammar is described in ipsec.conf(5).

     The options are as follows:

     -D macro=value
             Define macro to be set to value on the command line.  Overrides
             the definition of macro in the ruleset.

     -d      When the -d option is set, specified flows will be deleted from
             the SPD.  Otherwise, ipsecctl will add flows.

     -F      The -F option flushes the SPD and the SAD.

     -f file
             Load the rules contained in file.

     -i fifo
             If given, the -i option specifies an alternate FIFO instead of
             /var/run/isakmpd.fifo, used to talk to isakmpd(8).

     -k      Show secret keying material when printing the active SAD entries.

     -m      Continuously display all PF_KEY messages exchanged with the
             kernel.

     -n      Do not actually load rules, just parse them.

     -s modifier
             Show the kernel's databases, specified by modifier (may be
             abbreviated):

             -s flow        Show the ruleset loaded into the SPD.
             -s sa          Show the active SAD entries.
             -s all         Show all of the above.

     -v      Produce more verbose output.  A second use of -v will produce
             even more verbose output.


SEE ALSO

     ipsec(4), tcp(4), ipsec.conf(5), isakmpd(8)


HISTORY

     The ipsecctl program first appeared in OpenBSD 3.8.

OpenBSD 5.4                    November 8, 2011                    OpenBSD 5.4

[Unix Hosting | Open-Source | Contact Us]
[Engineering & Automation | Software Development | Server Applications]