racoon2-spmdctl man page

spmdctl — Control spmd

Synopsis

spmdctl [option] COMMAND

Description

spmdctl connects to the spmd interface which is specified in racoon2 configuration file, and requests operation to spmd.
Available operations are:

set, get, and delete DNS server address(es) for spmd DNS proxy function.

add IPsec Policy.

get spmd statistics.

The following options are available:
-d
Display all messages which exchanged with spmd.
-f FILE
Specify racoon2 configuration file name FILE.
The following COMMANDs are available:
ns add ADDRESS
Add DNS server address ADDRESS to spmd DNS server list.
ns delete ADDRESS
Delete DNS server address ADDRESS from spmd DNS server list.
ns list
Show DNS server address(es) in spmd DNS Server list. Top line is currently used.
policy add SELECTOR_INDEX LIFETIME {transport|tunnel| SP_SRC_IPADDR SP_DST_IPADDR [SA_SRC_IP_ADDR SA_DST_IPADDR]

Request spmd to add IPsec Security Policy to in-kernel IPsec Security Policy DataBase(SPD).

SELECTOR_INDEX is a selector index string which described in racoon2 configuration file.

LIFETIME is the lifetime duration(sec) for this IPsec Security Policy.

transport|tunnel transport means this IPsec Security Policy is transport mode. tunnel means tunnel mode.

SP_SRC_IPADDR is the source IP address for this IPsec Security Policy.

SP_DST_IPADDR is the destination IP address for this IPsec Security Policy.

SA_SRC_IPADDR is the IPsec SA source IP address associated with this IPsec Security Policy. This is only required in tunnel mode.

SA_DST_IPADDR is the IPsec SA destination IP address associated with this IPsec Security Policy. This is only required in tunnel mode.

policy delete SELECTOR_INDEX

Request spmd to delete IPsec Security Policy to in-kernel IPsec Security DataBase(SPD).

SELECTOR_INDEX is a selector index string which described in racoon2 configuration file.

policy show
Dump IPsec Security Policies. If 'selector=' field is empty in a displayed IPsec Security Policy entry, this Policy is out of racoon2 management.
interactive
Connect to spmd and just login. You can talk to spmd directly. This command is available when you compiled spmdctl with DEBUG_SPMD.
status
Show spmd statistics.

Files

racoon2.conf

Authors

WIDE Project, racoon2 project <http://www.racoon2.wide.ad.jp/>

Bugs

policy add command currently doesn't support tunnel mode.

See Also

spmd(8) racoon2.conf(5) racoon2(7).

Info

20050624