whack¶
Command line debug tool to control the pluto dameon
The default installation directory is /usr/local/libexec/ipsec/
List commands¶
Displays the installed IKEv1/ESP algorithms, public keys, certficates ,groups ,etc.
syntax:
whack [--utc] [--listalgs] [--listpubkeys] [--listcerts] [--listcacerts] \
[--listacerts] [--listaacerts] [--listocspcerts] [--listgroups] \
[--listcainfos] [--listcrls] [--listocsp] [--listcards] [--listall]
Status commands¶
Displays the pluto dameon status & connection status
syntax:
whack [--name <connection_name>] --status|--statusall
Connection control commands¶
Initiates or terminates the connection. connection must be already configured using the commandline or defined in the ipsec.conf file.
syntax:
whack (--initiate | --terminate) --name <connection_name> [--asynchronous]
Connection configuration commands¶
Configure the connections & parameters by commandline. For establish the connection between the peers, use connection control commands.
syntax:
whack --name <connection_name> [--ipv4 | --ipv6] [--tunnelipv4 | --tunnelipv6] (--host <ip-address> | --id <identity>) \
[--cert <path>] [--ca <distinguished name>] [--sendcert <policy>] [--groups <access control groups>] [--ikeport <port-number>] \
[--nexthop <ip-address>] [--srcip <ip-address>] [--client <subnet> | --clientwithin <address range>] [--clientprotoport <protocol>/<port>] \
[--dnskeyondemand] [--updown <updown>] --to (--host <ip-address> | --id <identity>) [--cert <path>] [--ca <distinguished name>] \
[--sendcert <policy>] [--ikeport <port-number>] [--nexthop <ip-address>] [--srcip <ip-address>] [--client <subnet> | --clientwithin <address range>] \
[--clientprotoport <protocol>/<port>] [--dnskeyondemand] [--updown <updown>] [--psk] [--rsasig] [--encrypt] [--authenticate] [--compress] \
[--tunnel] [--pfs] [--ikelifetime <seconds>] [--ipseclifetime <seconds>] [--reykeymargin <seconds>] [--reykeyfuzz <percentage>] \
[--keyingtries <count>] [--esp <esp-algos>] [--dontrekey] [--dpdaction (none|clear|hold|restart)] [--dpddelay <seconds> --dpdtimeout <seconds>] \
[--initiateontraffic|--pass|--drop|--reject] [--failnone|--failpass|--faildrop|--failreject]