1.\" $OpenBSD: ipsecctl.8,v 1.25 2007/05/31 19:19:44 jmc Exp $ 2.\" 3.\" Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: May 31 2007 $ 18.Dt IPSECCTL 8 19.Os 20.Sh NAME 21.Nm ipsecctl 22.Nd control flows for IPsec 23.Sh SYNOPSIS 24.Nm ipsecctl 25.Op Fl dFkmnv 26.Oo Fl D Ar macro Ns = 27.Ar value Oc 28.Op Fl f Ar file 29.Op Fl s Ar modifier 30.Sh DESCRIPTION 31The 32.Nm 33utility controls flows that determine which packets are to be processed by 34IPsec. 35It allows ruleset configuration, and retrieval of status information from the 36kernel's SPD (Security Policy Database) and SAD (Security Association 37Database). 38It also can control 39.Xr isakmpd 8 40and establish tunnels using automatic keying with 41.Xr isakmpd 8 . 42The ruleset grammar is described in 43.Xr ipsec.conf 5 . 44.Pp 45The options are as follows: 46.Bl -tag -width Ds 47.It Fl D Ar macro Ns = Ns Ar value 48Define 49.Ar macro 50to be set to 51.Ar value 52on the command line. 53Overrides the definition of 54.Ar macro 55in the ruleset. 56.It Fl d 57When the 58.Fl d 59option is set, specified flows will be deleted from the SPD. 60Otherwise, 61.Nm 62will add flows. 63.It Fl F 64The 65.Fl F 66option flushes the SPD and the SAD. 67.It Fl f Ar file 68Load the rules contained in 69.Ar file . 70.It Fl k 71Show secret keying material when printing the active SAD entries. 72.It Fl m 73Continuously display all 74.Dv PF_KEY 75messages exchanged with the kernel. 76.It Fl n 77Do not actually load rules, just parse them. 78.It Fl s Ar modifier 79Show the kernel's databases, specified by 80.Ar modifier 81(may be abbreviated): 82.Pp 83.Bl -tag -width xxxxxxxxxxxxx -compact 84.It Fl s Cm flow 85Show the ruleset loaded into the SPD. 86.It Fl s Cm sa 87Show the active SAD entries. 88.It Fl s Cm all 89Show all of the above. 90.El 91.It Fl v 92Produce more verbose output. 93A second use of 94.Fl v 95will produce even more verbose output. 96.El 97.Sh SEE ALSO 98.Xr ipsec 4 , 99.Xr tcp 4 , 100.Xr ipsec.conf 5 , 101.Xr isakmpd 8 102.\" .Sh STANDARDS 103.\" .Sh HISTORY 104.\" .Sh AUTHORS 105.\" .Sh CAVEATS 106.\" .Sh BUGS 107.Sh HISTORY 108The 109.Nm ipsecctl 110program first appeared in 111.Ox 3.8 . 112