<!DOCTYPE html> <html> <head> <meta charset="UTF-8"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="stylesheet" href="/mandoc.css" type="text/css" media="all"> <title>ipsecctl(8) - OpenBSD manual pages</title> </head> <body> <header> <section> <h1><a href="https://www.openbsd.org/">OpenBSD</a> manual page server</h1> </section> <form role="search" action="/" method="get" autocomplete="off" autocapitalize="none"> <fieldset> <legend>Manual Page Search Parameters</legend> <label>Search query: <input type="search" name="query" value="ipsecctl" size="40"> </label> <button type="submit" name="apropos" value="0">man</button> <button type="submit" name="apropos" value="1">apropos</button> <br/> <select name="sec" aria-label="Manual section"> <option value="0">All Sections</option> <option value="1">1 - General Commands</option> <option value="2">2 - System Calls</option> <option value="3">3 - Library Functions</option> <option value="3p">3p - Perl Library</option> <option value="4">4 - Device Drivers</option> <option value="5">5 - File Formats</option> <option value="6">6 - Games</option> <option value="7">7 - Miscellaneous Information</option> <option value="8" selected="selected">8 - System Manager's Manual</option> <option value="9">9 - Kernel Developer's Manual</option> </select> <select name="arch" aria-label="CPU architecture"> <option value="default" selected="selected">All Architectures</option> <option>amd64</option> <option>alpha</option> <option>armv7</option> <option>arm64</option> <option>hppa</option> <option>i386</option> <option>landisk</option> <option>loongson</option> <option>luna88k</option> <option>macppc</option> <option>mips64</option> <option>octeon</option> <option>powerpc64</option> <option>riscv64</option> <option>sparc64</option> <option>amiga</option> <option>arc</option> <option>armish</option> <option>arm32</option> <option>atari</option> <option>aviion</option> <option>beagle</option> <option>cats</option> <option>hppa64</option> <option>hp300</option> <option>ia64</option> <option>mac68k</option> <option>mvme68k</option> <option>mvme88k</option> <option>mvmeppc</option> <option>palm</option> <option>pc532</option> <option>pegasos</option> <option>pmax</option> <option>powerpc</option> <option>sgi</option> <option>socppc</option> <option>solbourne</option> <option>sparc</option> <option>sun3</option> <option>vax</option> <option>wgrisc</option> <option>x68k</option> <option>zaurus</option> </select> <select name="manpath" aria-label="Manual path"> <option selected="selected">OpenBSD-current</option> <option>OpenBSD-7.6</option> <option>OpenBSD-7.5</option> <option>OpenBSD-7.4</option> <option>OpenBSD-7.3</option> <option>OpenBSD-7.2</option> <option>OpenBSD-7.1</option> <option>OpenBSD-7.0</option> <option>OpenBSD-6.9</option> <option>OpenBSD-6.8</option> <option>OpenBSD-6.7</option> <option>OpenBSD-6.6</option> <option>OpenBSD-6.5</option> <option>OpenBSD-6.4</option> <option>OpenBSD-6.3</option> <option>OpenBSD-6.2</option> <option>OpenBSD-6.1</option> <option>OpenBSD-6.0</option> <option>OpenBSD-5.9</option> <option>OpenBSD-5.8</option> <option>OpenBSD-5.7</option> <option>OpenBSD-5.6</option> <option>OpenBSD-5.5</option> <option>OpenBSD-5.4</option> <option>OpenBSD-5.3</option> <option>OpenBSD-5.2</option> <option>OpenBSD-5.1</option> <option>OpenBSD-5.0</option> <option>OpenBSD-4.9</option> <option>OpenBSD-4.8</option> <option>OpenBSD-4.7</option> <option>OpenBSD-4.6</option> <option>OpenBSD-4.5</option> <option>OpenBSD-4.4</option> <option>OpenBSD-4.3</option> <option>OpenBSD-4.2</option> <option>OpenBSD-4.1</option> <option>OpenBSD-4.0</option> <option>OpenBSD-3.9</option> <option>OpenBSD-3.8</option> <option>OpenBSD-3.7</option> <option>OpenBSD-3.6</option> <option>OpenBSD-3.5</option> <option>OpenBSD-3.4</option> <option>OpenBSD-3.3</option> <option>OpenBSD-3.2</option> <option>OpenBSD-3.1</option> <option>OpenBSD-3.0</option> <option>OpenBSD-2.9</option> <option>OpenBSD-2.8</option> <option>OpenBSD-2.7</option> <option>OpenBSD-2.6</option> <option>OpenBSD-2.5</option> <option>OpenBSD-2.4</option> <option>OpenBSD-2.3</option> <option>OpenBSD-2.2</option> </select> </fieldset> </form> </header> <hr> <div class="head" role="doc-pageheader" aria-label="Manual header line"><span class="head-ltitle">IPSECCTL(8)</span> <span class="head-vol">System Manager's Manual</span> <span class="head-rtitle">IPSECCTL(8)</span></div> <main class="manual-text"> <section class="Sh"> <h2 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h2> <p class="Pp"><code class="Nm">ipsecctl</code> &#x2014; <span class="Nd" role="doc-subtitle">control flows for IPsec</span></p> </section> <section class="Sh"> <h2 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h2> <table class="Nm"> <tr> <td><code class="Nm">ipsecctl</code></td> <td>[<code class="Fl">-cdFkmnv</code>] [<code class="Fl">-D</code> <var class="Ar">macro</var>=<var class="Ar">value</var>] [<code class="Fl">-f</code> <var class="Ar">file</var>] [<code class="Fl">-i</code> <var class="Ar">fifo</var>] [<code class="Fl">-s</code> <var class="Ar">modifier</var>]</td> </tr> </table> </section> <section class="Sh"> <h2 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h2> <p class="Pp">The <code class="Nm">ipsecctl</code> utility controls flows that determine which packets are to be processed by IPsec. It allows ruleset configuration, and retrieval of status information from the kernel's SPD (Security Policy Database) and SAD (Security Association Database). It also can control <a class="Xr" href="/isakmpd.8" aria-label="isakmpd, section 8">isakmpd(8)</a> and establish tunnels using automatic keying with <a class="Xr" href="/isakmpd.8" aria-label="isakmpd, section 8">isakmpd(8)</a>. The ruleset grammar is described in <a class="Xr" href="/ipsec.conf.5" aria-label="ipsec.conf, section 5">ipsec.conf(5)</a>.</p> <p class="Pp">The options are as follows:</p> <dl class="Bl-tag"> <dt id="c"><a class="permalink" href="#c"><code class="Fl">-c</code></a></dt> <dd>Use in combination with the <code class="Fl">-s</code> option to collapse flow output.</dd> <dt id="D"><a class="permalink" href="#D"><code class="Fl">-D</code></a> <var class="Ar">macro</var>=<var class="Ar">value</var></dt> <dd>Define <var class="Ar">macro</var> to be set to <var class="Ar">value</var> on the command line. Overrides the definition of <var class="Ar">macro</var> in the ruleset.</dd> <dt id="d"><a class="permalink" href="#d"><code class="Fl">-d</code></a></dt> <dd>When the <code class="Fl">-d</code> option is set, specified flows will be deleted from the SPD. Otherwise, <code class="Nm">ipsecctl</code> will add flows.</dd> <dt id="F"><a class="permalink" href="#F"><code class="Fl">-F</code></a></dt> <dd>The <code class="Fl">-F</code> option flushes the SPD and the SAD.</dd> <dt id="f"><a class="permalink" href="#f"><code class="Fl">-f</code></a> <var class="Ar">file</var></dt> <dd>Load the rules contained in <var class="Ar">file</var>.</dd> <dt id="i"><a class="permalink" href="#i"><code class="Fl">-i</code></a> <var class="Ar">fifo</var></dt> <dd>If given, the <code class="Fl">-i</code> option specifies an alternate FIFO instead of <span class="Pa">/var/run/isakmpd.fifo</span>, used to talk to <a class="Xr" href="/isakmpd.8" aria-label="isakmpd, section 8">isakmpd(8)</a>.</dd> <dt id="k"><a class="permalink" href="#k"><code class="Fl">-k</code></a></dt> <dd>Show secret keying material when printing the active SAD entries.</dd> <dt id="m"><a class="permalink" href="#m"><code class="Fl">-m</code></a></dt> <dd>Continuously display all <code class="Dv">PF_KEY</code> messages exchanged with the kernel.</dd> <dt id="n"><a class="permalink" href="#n"><code class="Fl">-n</code></a></dt> <dd>Do not actually load rules, just parse them.</dd> <dt id="s"><a class="permalink" href="#s"><code class="Fl">-s</code></a> <var class="Ar">modifier</var></dt> <dd>Show the kernel's databases, specified by <var class="Ar">modifier</var> (may be abbreviated): <p class="Pp"></p> <dl class="Bl-tag Bl-compact"> <dt id="s~2"><a class="permalink" href="#s~2"><code class="Fl">-s</code></a> <code class="Cm">flow</code></dt> <dd>Show the ruleset loaded into the SPD.</dd> <dt id="s~3"><a class="permalink" href="#s~3"><code class="Fl">-s</code></a> <code class="Cm">sa</code></dt> <dd>Show the active SAD entries.</dd> <dt id="s~4"><a class="permalink" href="#s~4"><code class="Fl">-s</code></a> <code class="Cm">all</code></dt> <dd>Show all of the above.</dd> </dl> </dd> <dt id="v"><a class="permalink" href="#v"><code class="Fl">-v</code></a></dt> <dd>Produce more verbose output. A second use of <code class="Fl">-v</code> will produce even more verbose output.</dd> </dl> </section> <section class="Sh"> <h2 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE ALSO</a></h2> <p class="Pp"><a class="Xr" href="/ipsec.4" aria-label="ipsec, section 4">ipsec(4)</a>, <a class="Xr" href="/tcp.4" aria-label="tcp, section 4">tcp(4)</a>, <a class="Xr" href="/ipsec.conf.5" aria-label="ipsec.conf, section 5">ipsec.conf(5)</a>, <a class="Xr" href="/isakmpd.8" aria-label="isakmpd, section 8">isakmpd(8)</a></p> </section> <section class="Sh"> <h2 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h2> <p class="Pp">The <code class="Nm">ipsecctl</code> program first appeared in <span class="Ux">OpenBSD 3.8</span>.</p> </section> </main> <div class="foot" role="doc-pagefooter" aria-label="Manual footer line"><span class="foot-left"></span><span class="foot-date">November 20, 2017</span> <span class="foot-os">OpenBSD-current</span></div> </body> </html>