ipsec_ikeping(8) [debian man page]

IPSEC_IKEPING(8)						  [FIXME: manual]						  IPSEC_IKEPING(8)

NAME

       ipsec_ikeping - send/receive ISAKMP/IKE echo requests/replies

SYNOPSIS

       ipsec ikeping [--listen] [--verbose] [--wait time] [--exchangenum num] [--ikeport localport] [--ikeaddress address] [--inet] [--inet6]
	     destaddr [/dstport...]

DESCRIPTION

       Ikeping sends and receives ISAKMP/IKE echo request and echo reply packets. These packets are intended for diagnostics purposes, in a manner
       similar to ping(8) does for ICMP echo request/reply packets.

       At the time of this writing, the ISAKMP echo request/reply exchange is still an internet-draft (draft-richardson-ipsec-ikeping-00), and is
       therefore completely non-standard. The Openswan IKE daemon pluto does implement this draft, so ikeping can be used to test connectivity to
       an openswan ipsec server.

       Ikeping will bind to the local address given by --ikeaddress and the port number given by --ikeport defaulting to the wildcard address and
       the ISAKMP port 500. An ISAKMP exchange of type 244 (a private use number) is sent to each of the address/ports listed on the command line.
       The exchange number may be overridden by the --exchangenum option.

       Ikeping then listens for replies, printing them as they are received. Replies are of exchange type 245 or the specified exchange number
       plus 1.	Ikeping will keep listening until it either receives as many echo responses as it sent, or until the timeout period (5 seconds)
       has been reached. Receipt of a packet will reset the timer. The --wait option can be used to specify a different timeout period.

       If the --listen option is given, then ikeping will not send any packets. Instead, it will listen for them and reply to each request
       received.

       If the --natt option is given, then ikeping will set the socket to permit UDP encapsulated ESP packets. This is only useful in listen mode.

FILES

       no external files

SEE ALSO

       ping(8), ipsec_pluto(8)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by Michael Richardson.

[FIXME: source] 						    10/06/2010							  IPSEC_IKEPING(8)

RACOONCTL(8)						    BSD System Manager's Manual 					      RACOONCTL(8)

NAME

     racoonctl -- racoon administrative control tool

SYNOPSIS

     racoonctl reload-config
     racoonctl show-schedule
     racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec]
     racoonctl flush-sa [isakmp|esp|ah|ipsec]
     racoonctl delete-sa saopts
     racoonctl establish-sa [-u identity] saopts
     racoonctl vpn-connect [-u -identity] vpn_gateway
     racoonctl vpn-disconnect vpn_gateway
     racoonctl show-event [-l]
     racoonctl logout-user login

DESCRIPTION

     racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket.  By changing the default mode and ownership of the socket, you can allow non-root users to alter
     racoon(8) behavior, so do that with caution.

     The following commands are available:

     reload-config
	     This should cause racoon(8) to reload its configuration file.

     show-schedule
	     Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
	     Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.	Use -l to
	     increase verbosity.

     flush-sa [isakmp|esp|ah|ipsec]
	     is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec
	     SAs.

     establish-sa [-u username] saopts
	     Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.  The optional -u username can be used when establishing an ISAKMP
	     SA while hybrid auth is in use.  racoonctl will prompt you for the password associated with username and these credentials will be
	     used in the Xauth exchange.

	     saopts has the following format:

	     isakmp {inet|inet6} src dst

	     {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
	       {icmp|tcp|udp|any}

     vpn-connect [-u username] vpn_gateway
	     This is a particular case of the previous command.  It will establish an ISAKMP SA with vpn_gateway.

     delete-sa saopts
	     Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
	     This is a particular case of the previous command.  It will kill all SAs associated with vpn_gateway.

     show-event [-l]
	     Dump all events reported by racoon(8), then quit.	The -l flag causes racoonctl to not stop once all the events have been read, but
	     rather to loop awaiting and reporting new events.

     logout-user login
	     Delete all SA established on behalf of the Xauth user login.

     Command shortcuts are available:
	   rc	reload-config
	   ss	show-sa
	   sc	show-schedule
	   fs	flush-sa
	   ds	delete-sa
	   es	establish-sa
	   vc	vpn-connect
	   vd	vpn-disconnect
	   se	show-event
	   lu	logout-user

RETURN VALUES

     The command should exit with 0 on success, and non-zero on errors.

FILES

     /var/racoon/racoon.sock or
     /var/run/racoon.sock	     racoon(8) control socket.

SEE ALSO

     ipsec(4), racoon(8)

HISTORY

     Once was kmpstat in the KAME project.  It turned into racoonctl but remained undocumented for a while.  Emmanuel Dreyfus <manu@NetBSD.org>
     wrote this man page.

BSD
								 November 16, 2004							       BSD