strongswan_swanctl man page

swanctl — strongSwan configuration, control and monitoring command line interface.


swanctl command [option ...]
swanctl -h | --help


swanctl is a cross-platform command line utility to configure, control and monitor the strongSwan IKE daemon. It is a replacement for the aging starter, ipsec and stroke tools.

swanctl uses a configuration file called swanctl.conf(5) to parse configurations and credentials. Private keys, certificates and other PKI related credentials are read from specific directories.

To communicate with the IKE daemon, swanctl uses the VICI protocol, the Versatile IKE Configuration Interface. This stable interface is usable by other tools and is often preferable than scripting swanctl and parsing its output.


-i, --initiate
initiate a connection
-t, --terminate
--terminate terminate a connection
-d, --redirect
--redirect redirect an IKE_SA
-p, --install
install a trap or shunt policy
-u, --uninstall
uninstall a trap or shunt policy
-l, --list-sas
list currently active IKE_SAs
-P, --list-pols
list currently installed policies
-b, --load-authorities
(re-)load certification authorities information
-L, --list-conns
list loaded configurations
-B, --list-authorities
list loaded certification authorities information
-x, --list-certs
list stored certificates
-A, --list-pools
list loaded pool configurations
-g, --list-algs
list loaded algorithms and their implementation
-q, --load-all
(re-)load credentials, pools, authorities and connections
-c, --load-conns
(re-)load connection configuration
-s, --load-creds
(re-)load credentials
-a, --load-pools
(re-)load pool configuration
-T, --log
trace logging output
-S, --stats
show daemon infos and statistics
-r, --reload-settings
reload strongswan.conf(5) configuration
-v, --version
show daemon version information
-h, --help
show usage information

See Also



Explore man page connections for strongswan_swanctl(8).