Appendix strongswanコマンド

環境

• RockyLinux 9

strongswanコマンド

[root@lpic303-rocky34 ~]#
[root@lpic303-rocky34 ~]# strongswan -h
/usr/sbin/strongswan: unknown command `-h' (`strongswan --help' for list)
[root@lpic303-rocky34 ~]# strongswan --help
strongswan command [arguments]

Commands:
        start|restart [arguments]
        update|reload|stop
        up|down|route|unroute <connectionname>
        down-srcip <start> [<end>]
        status|statusall [<connectionname>]
        listalgs|listpubkeys|listcerts [--utc]
        listcacerts|listaacerts|listocspcerts [--utc]
        listacerts|listgroups|listcainfos [--utc]
        listcrls|listocsp|listplugins|listall [--utc]
        listcounters|resetcounters [name]
        leases [<poolname> [<address>]]
        rereadsecrets|rereadcacerts|rereadaacerts
        rereadocspcerts|rereadacerts|rereadcrls|rereadall
        purgecerts|purgecrls|purgeike|purgeocsp
        pki
        stroke
        version

Refer to the strongswan(8) man page for details.
Some commands have their own man pages, e.g. pki(1).
[root@lpic303-rocky34 ~]#

swanctlコマンド

[root@lpic303-rocky34 ~]#
[root@lpic303-rocky34 ~]# swanctl --help
plugin 'sqlite': failed to load - sqlite_plugin_create not found and no plugin file available
strongSwan 5.9.10 swanctl
loaded plugins: pkcs11 aesni aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 fips-prf gmp curve25519 chapoly xcbc cmac hmac kdf ctr ccm gcm drbg newhope curl
usage:
  swanctl --reload-settings  (-r)  reload daemon strongswan.conf
  swanctl --stats            (-S)  show daemon stats information
  swanctl --version          (-v)  show version information
  swanctl --log              (-T)  trace logging output
  swanctl --load-pools       (-a)  (re-)load pool configuration
  swanctl --load-creds       (-s)  (re-)load credentials
  swanctl --load-conns       (-c)  (re-)load connection configuration
  swanctl --load-authorities (-b)  (re-)load authority configuration
  swanctl --load-all         (-q)  load credentials, authorities, pools and connections
  swanctl --flush-certs      (-f)  flush cached certificates
  swanctl --list-algs        (-g)  show loaded algorithms
  swanctl --list-pools       (-A)  list loaded pool configurations
  swanctl --list-certs       (-x)  list stored certificates
  swanctl --list-conns       (-L)  list loaded configurations
  swanctl --list-authorities (-B)  list loaded authority configurations
  swanctl --list-pols        (-P)  list currently installed policies
  swanctl --monitor-sa       (-m)  monitor for IKE_SA and CHILD_SA changes
  swanctl --list-sas         (-l)  list currently active IKE_SAs
  swanctl --install          (-p)  install a trap or shunt policy
  swanctl --uninstall        (-u)  uninstall a trap or shunt policy
  swanctl --redirect         (-d)  redirect an IKE_SA
  swanctl --rekey            (-R)  rekey an SA
  swanctl --terminate        (-t)  terminate a connection
  swanctl --initiate         (-i)  initiate a connection
  swanctl --counters         (-C)  list or reset IKE event counters
  swanctl --help             (-h)  show usage information
[root@lpic303-rocky34 ~]#