-p |
Performs a put, which writes to the database, based on the given XML-file.
- -F
- Forces a put, even if a specified tunnel, protection,
proposal, group, or pre-shared key would overwrite one that already exists
in the database. The default is for such put attempts
to fail.
- -s
- Swaps the local and remote IDs of all tunnels. This facilitates importing
a tunnel generated by a peer machine. This flag only affects tunnels. This
option is illegal if the remote ID of any tunnel is a group.
- -e entity-file
- Specifies the name of the file containing the <!ENTITY ...> lines as defined by entity-file. These lines
are added to the internal DTD and allow the user to include XML files in other
XML files.
- XML-file
- Specifies the XML-file to be used and must be
the last argument to be displayed in the command line. The XML-file determines whether the write is to a tunnel, protection, proposal,
group, pre-shared key, or all of these. If no XML-file is specified, input is read from stdin. A - (hyphen)
can also be used to specify stdin.
|
-g |
Performs a get, which displays what is stored in the IKE database. Output is sent to stdout and is in XML format, which is suitable for processing
with ikedb -p.
- -r
- Recursive. If this flag is specified for a phase 1 tunnel, information
is also returned for all associated phase 2 tunnels and all protections and
proposals associated with both sets of tunnels.
- -t type
- Specifies the type of output requested. Type can have the value of any of the XML elements under
AIX_VPN, such as IKETunnel, IPSecProtection, and so on. If omitted, the entire database is output.
- -n name
- Specifies the name of the requested object. Name can be the name of a proposal, protection, tunnel,
or group, depending on the value of the -t flag. The -n flag is valid with all values specified by the -t flag, except IKEPresharedKey. If omitted, all
objects of the specified type will be output.
- -i ID
- Specifies the ID associated with a pre-shared
key. The -i flag is only valid with the IKEPresharedKey value of the -t flag. If omitted,
all objects of the specified type will be output.
The -i flag must be used in conjunction with the -y flag.
- -y ID-type
- Specifies the ID-type defined by the -i flag. ID-type can be any of the legal types allowed in the XML file,
such as User_FQDN, IPV4_Address,
and so on. The -y flag must be used in conjunction with
the -i flag.
|
-d |
Performs a delete on the specified item from the database. The flags are the same as for
the -g flag, except that -r is
not supported. |
-c |
Performs a conversion from
a Linux IPSec configuration file to an AIX IPSec configuration file
in XML format. It requires as input one or two files from Linux, a configuration
file, and possibly a secrets file with pre-shared keys.
- -F
- Forces a put, even if a specified tunnel, protection,
proposal, group, or pre-shared key would overwrite one that already exists
in the database. The default is for such put attempts
to fail. The -F flag has no effect if the -f flag is also used.
- -l linux-file
- Specifies the Linux configuration file as define by linux-file. If no file is specified, the system looks for the ipsec.conf file in the current directory.
- -k secrets-file
- Specifies the Linux pre-shared keys file as defined by the secrets-file parameter. If no file is specified, the system looks for
the ipsec.secrets file in the current directory.
- -f XML-file
- Specifies the XML configuration file to which the Linux configuration
files are converted. The default behavior is to do a put directly to the IKE database. If the filename given is a hyphen (-),
the results are sent to stdout.
|
-x |
Performs an expunge on the database. This empties out the database. |
-o |
Performs an output of the DTD that specifies all elements and attributes for an XML
file that is used by the ikedb command. The DTD is sent
to stdout. |