有关更多信息,请查看 ikeadm(1M) 手册页。本节中的命令仅在 IKEv2 或 IKEv1 守护进程运行时可用。
修改正在运行的 IKE 守护进程:
以下输出显示了 ikeadm 命令的参数,此命令可以修改守护进程的当前状态。有些参数特定于 IKEv2 或 IKEv1 守护进程。
% ikeadm help
...
set priv level
set debug level [filename]
add rule|preshared {definition}|filename
del p1|ikesa|rule|preshared identifier
flush p1|ikesa|certcache
write rule|preshared filename
token login|logout PKCS#11-Token-Object
显示 ikeadm 命令的特定参数的语法:
% ikeadm help add
This command adds items to in.iked's tables.
Objects that may be set include:
rule a phase 1 or IKE SA policy rule
preshared a preshared key
Objects may be entered on the command-line, as a
series of keywords and tokens contained in curly
braces ('{', '}'); or the name of a file containing
the object definition may be provided.
For security purposes, preshared keys may only be
entered on the command-line if ikeadm is running in
interactive mode.
使用 ikeadm 命令修改 IKEv2 守护进程:
# ikeadm add rule | preshared {definition} | filename
# ikeadm flush ikesa
# ikeadm del ikesa | rule | preshared identifier
# ikeadm set debug level
# ikeadm token login | logout PKCS#11-Token-Object
# ikeadm write rule | preshared filename
使用 ikeadm 命令修改 IKEv1 守护进程:
# ikeadm set debug level
# ikeadm set privlevel
# ikeadm add rule | preshared {definition} | filename
# ikeadm del p1 | rule | preshared identifier
# ikeadm flush p1 | certcache
# ikeadm del rule | preshared id
# ikeadm write rule | preshared filename