swanctl --initiate (-i) initiate a connection --terminate (-t) terminate a connection --rekey (-R) rekey an IKE or CHILD_SA --uninstall (-u) uninstall a trap or shunt policy --install (-p) install a trap or shunt policy --redirect (-d) redirect an IKE_SA --list-sas (-l) list currently active IKE_SAs --list-pols (-P) list currently installed policies --list-conns (-L) list loaded configurations --list-authorities (-B) list loaded certification authorities information --list-certs (-x) list stored certificates --list-pools (-A) list loaded pool configurations --list-algs (-g) list loaded algorithms and their implementation --load-all (-q) (re-)load credentials, pools authorities and connections --load-authorities (-b) (re-)load certification authorities information --load-conns (-c) (re-)load connection configuration --load-creds (-s) (re-)load credentials --load-pools (-a) (re-)load pool configuration --log (-T) trace logging output --flush-certs (-f) flush cached certificates --reload-settings (-r) reload strongswan.conf(5) configuration --stats (-S) show daemon infos and statistics --counters (-C) list or reset IKE event counters --version (-v) show version information --help (-h) show usage information
Each subcommand has additional options. Pass --help to a subcommand to get additional information.
--list|load-authorities commands were added with 5.3.3.
--redirect commands were added with 5.4.0.
--flush-certs command was added with 5.5.1.
--rekey command was added with 5.5.2.
--counters command was added with 5.6.1.
Since 5.7.0 the loaded file may be specified for each command explicitly via the
--file argument, and since 5.7.2 the credential directories are accessed relative to the actually loaded file and the default directory may be set via
SWANCTL_DIR environment variable.
--load-creds command also reads file based credentials, such as private keys and certificates, from a set of pre-defined sub-directories of the swanctl configuration directory.