-p
|
Performs a put, which writes to the database, based on the given
XML-file.
- -F
- Forces a put, even if a specified tunnel, protection, proposal,
group, or pre-shared key would overwrite one that already exists in the
database. The default is for such put attempts to
fail.
- -s
- Swaps the local and remote IDs of all tunnels. This facilitates
importing a tunnel generated by a peer machine. This flag only affects
tunnels. This option is illegal if the remote ID of any tunnel is a
group.
- -e entity-file
- Specifies the name of the file containing the <!ENTITY
...> lines as defined by
entity-file. These lines are added to the internal DTD and
allow the user to include XML files in other XML files.
- XML-file
- Specifies the XML-file to be used and must be the last argument
to appear in the command line. The XML-file determines
whether the write is to a tunnel, protection, proposal, group, pre-shared key,
or all of these. If no XML-file is specified, input is read
from stdin. A hyphen (-) can also be used to specify
stdin.
|
-g
| Performs a get, which displays what is stored in the IKE
database. Output is sent to stdout and is in XML format,
which is suitable for processing with ikedb -p.
- -r
- Recursive. If this flag is specified for a phase 1 tunnel,
information is also returned for all associated phase 2 tunnels and all
protections and proposals associated with both sets of tunnels.
- -t type
- Specifies the type of output requested. Type
can have the value of any of the XML elements under AIX_VPN, such as
IKETunnel, IPSecProtection, and so on. If
omitted, the entire database is output.
- -n name
- Specifies the name of the requested object.
Name can be the name of a proposal, protection, tunnel, or group,
depending on the value of the -t flag. The -n
flag is valid with all values specified by the -t flag, except
IKEPresharedKey. If omitted, all objects of the specified
type will be output.
- -i ID
- Specifies the ID associated with a pre-shared key. The
-i flag is only valid with the IKEPresharedKey value of
the -t flag. If omitted, all objects of the specified
type will be output. The -i flag must be used in
conjunction with the -y flag.
- -y ID-type
- Specifies the ID-type defined by the -i flag.
ID-type can be any of the legal types allowed in the XML file, such as
User_FQDN, IPV4_Address, and so on. The
-y flag must be used in conjunction with the -i
flag.
|
-d
| Performs a delete on the specified item from the
database. The flags are the same as for the -g flag, except
that -r is not supported.
|
-c
|
Performs a conversion from a Linux IPSec configuration file to an AIX IPSec
configuration file in XML format. It requires as input one or two files
from Linux, a configuration file, and possibly a secrets file with pre-shared
keys.
- -F
- Forces a put, even if a specified tunnel, protection, proposal,
group, or pre-shared key would overwrite one that already exists in the
database. The default is for such put attempts to
fail. The -F flag has no effect if the -f flag is
also used.
- -s
- Swaps the local and remote IDs of all tunnels. This facilitates
importing a tunnel generated by a peer machine. This flag only affects
tunnels.
- -l linux-file
- Specifies the Linux configuration file as define by
linux-file. If no file is specified, the system looks for
the ipsec.conf file in the current directory.
- -k secrets-file
- Specifies the Linux pre-shared keys file as defined by the
secrets-file parameter. If no file is specified, the system
looks for the ipsec.secrets file in the current
directory.
- -f XML-file
- Specifies the XML configuration file to which the Linux configuration
files are converted. The default behavior is to do a put
directly to the IKE database. If the filename given is a hyphen (-),
the results are sent to stdout.
|
-x
| Performs an expunge on the database. This empties out
the database.
|
-o
| Performs an output of the DTD that specifies all elements and
attributes for an XML file that is used by the ikedb
command. The DTD is sent to stdout.
|