|IPSECCTL(8)||System Manager's Manual||IPSECCTL(8)|
ipsecctlutility controls flows that determine which packets are to be processed by IPsec. It allows ruleset configuration, and retrieval of status information from the kernel's SPD (Security Policy Database) and SAD (Security Association Database). It also can control isakmpd(8) and establish tunnels using automatic keying with isakmpd(8). The ruleset grammar is described in ipsec.conf(5). The options are as follows:
-doption is set, specified flows will be deleted from the SPD. Otherwise,
ipsecctlwill add flows.
-Foption flushes the SPD and the SAD.
-ioption specifies an alternate FIFO instead of /var/run/isakmpd.fifo, used to talk to isakmpd(8).
PF_KEYmessages exchanged with the kernel.
-vwill produce even more verbose output.
ipsecctlprogram first appeared in OpenBSD 3.8.
|November 8, 2011||OpenBSD-6.0|