Scroll to navigation

SWANCTL(8) strongSwan SWANCTL(8)


swanctl - strongSwan configuration, control and monitoring command line interface.


swanctl command [option ...]
swanctl -h | --help


swanctl is a cross-platform command line utility to configure, control and monitor the strongSwan IKE daemon. It is a replacement for the aging starter, ipsec and stroke tools.

swanctl uses a configuration file called swanctl.conf(5) to parse configurations and credentials. Private keys, certificates and other PKI related credentials are read from specific directories.

To communicate with the IKE daemon, swanctl uses the VICI protocol, the Versatile IKE Configuration Interface. This stable interface is usable by other tools and is often preferable than scripting swanctl and parsing its output.


initiate a connection
terminate a connection
rekey an SA
redirect an IKE_SA
install a trap or shunt policy
uninstall a trap or shunt policy
list currently active IKE_SAs
list currently installed policies
(re-)load certification authorities information
list loaded configurations
list loaded certification authorities information
list stored certificates
list loaded pool configurations
list loaded algorithms and their implementation
(re-)load credentials, pools, authorities and connections
(re-)load connection configuration
(re-)load credentials
(re-)load pool configuration
trace logging output
show daemon infos and statistics
flush cached certificates
reload strongswan.conf(5) configuration
show daemon version information
show usage information



2015-11-20 5.9.4