strongswan_swanctl - Man Page

strongSwan configuration, control and monitoring command line interface.


swanctlcommand [option ...]
swanctl-h | --help


swanctl is a cross-platform command line utility to configure, control and monitor the strongSwan IKE daemon. It is a replacement for the aging starter, ipsec and stroke tools.

swanctl uses a configuration file called swanctl.conf(5) to parse configurations and credentials. Private keys, certificates and other PKI related credentials are read from specific directories.

To communicate with the IKE daemon, swanctl uses the VICI protocol, the Versatile IKE Configuration Interface. This stable interface is usable by other tools and is often preferable than scripting swanctl and parsing its output.


-i,  --initiate

initiate a connection

-t,  --terminate

terminate a connection

-R,  --rekey

rekey an SA

-d,  --redirect

redirect an IKE_SA

-p,  --install

install a trap or shunt policy

-u,  --uninstall

uninstall a trap or shunt policy

-l,  --list-sas

list currently active IKE_SAs

-P,  --list-pols

list currently installed policies

-b,  --load-authorities

(re-)load certification authorities information

-L,  --list-conns

list loaded configurations

-B,  --list-authorities

list loaded certification authorities information

-x,  --list-certs

list stored certificates

-A,  --list-pools

list loaded pool configurations

-g,  --list-algs

list loaded algorithms and their implementation

-q,  --load-all

(re-)load credentials, pools, authorities and connections

-c,  --load-conns

(re-)load connection configuration

-s,  --load-creds

(re-)load credentials

-a,  --load-pools

(re-)load pool configuration

-T,  --log

trace logging output

-S,  --stats

show daemon infos and statistics

-f,  --flush-certs

flush cached certificates

-r,  --reload-settings

reload strongswan.conf(5) configuration

-v,  --version

show daemon version information

-h,  --help

show usage information

See Also



2015-11-20 5.9.11 strongSwan