Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   11362 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

IPSECCTL(8)		OpenBSD System Manager's Manual		   IPSECCTL(8)

NAME
     ipsecctl - control flows for IPsec

SYNOPSIS
     ipsecctl [-dFkmnv] [-D macro= value] [-f file] [-s modifier]

DESCRIPTION
     The ipsecctl utility controls flows that determine which packets are to
     be processed by IPsec.  It allows ruleset configuration, and retrieval of
     status information from the kernel's SPD (Security Policy Database) and
     SAD (Security Association Database).  It also can control isakmpd(8) and
     establish tunnels using automatic keying with isakmpd(8).	The ruleset
     grammar is described in ipsec.conf(5).

     The options are as follows:

     -D macro=value
	     Define macro to be set to value on the command line.  Overrides
	     the definition of macro in the ruleset.

     -d	     When the -d option is set, specified flows will be deleted from
	     the SPD.  Otherwise, ipsecctl will add flows.

     -F	     The -F option flushes the SPD and the SAD.

     -f file
	     Load the rules contained in file.

     -k	     Show secret keying material when printing the active SAD entries.

     -m	     Continuously display all PF_KEY messages exchanged with the
	     kernel.

     -n	     Do not actually load rules, just parse them.

     -s modifier
	     Show the kernel's databases, specified by modifier (may be
	     abbreviated):

	     -s flow	    Show the ruleset loaded into the SPD.
	     -s sa	    Show the active SAD entries.
	     -s all	    Show all of the above.

     -v	     Produce more verbose output.  A second use of -v will produce
	     even more verbose output.

SEE ALSO
     ipsec(4), tcp(4), ipsec.conf(5), isakmpd(8)

HISTORY
     The ipsecctl program first appeared in OpenBSD 3.8.

OpenBSD 4.9			 May 31, 2007			   OpenBSD 4.9

Vote for polarhome