NAME
ipsecctl —
control flows for IPsec
SYNOPSIS
ipsecctl |
[-cdFkmnv] [-D
macro=value]
[-f file]
[-i fifo]
[-s modifier] |
DESCRIPTION
The ipsecctl utility controls flows that
determine which packets are to be processed by IPsec. It allows ruleset
configuration, and retrieval of status information from the kernel's SPD
(Security Policy Database) and SAD (Security Association Database). It also
can control isakmpd(8) and establish tunnels using automatic keying with
isakmpd(8). The ruleset grammar is described in
ipsec.conf(5).
The options are as follows:
-c- Use in combination with the
-soption to collapse flow output. -Dmacro=value- Define macro to be set to value on the command line. Overrides the definition of macro in the ruleset.
-d- When the
-doption is set, specified flows will be deleted from the SPD. Otherwise,ipsecctlwill add flows. -F- The
-Foption flushes the SPD and the SAD. -ffile- Load the rules contained in file.
-ififo- If given, the
-ioption specifies an alternate FIFO instead of /var/run/isakmpd.fifo, used to talk to isakmpd(8). -k- Show secret keying material when printing the active SAD entries.
-m- Continuously display all
PF_KEYmessages exchanged with the kernel. -n- Do not actually load rules, just parse them.
-smodifier- Show the kernel's databases, specified by modifier
(may be abbreviated):
-sflow- Show the ruleset loaded into the SPD.
-ssa- Show the active SAD entries.
-sall- Show all of the above.
-v- Produce more verbose output. A second use of
-vwill produce even more verbose output.
SEE ALSO
HISTORY
The ipsecctl program first appeared in
OpenBSD 3.8.