Usage examples of rockhopper command (Management tool).


rockhopper (/usr/local/sbin/rockhopper) is a command-line tool to manage Rockhopper.
[Version 0.2.b1-019 -- ]

- Show usage (HELP)

$ rockhopper -h

*Showing information by 'less' command.
Enter 'q' to quit.

[ Usage ]
% rockhopper <command> ...
 [-admin <admin_id> -password <password>]
 [-port <admin_port>] [-xml] [-no_pager]

 command:
  help <command>  Show help info.

  connect         Connect VPN.
  disconnect      Disconnect VPN.

  vpn             Show VPN status.
  bridge          Show internal Bridge(MAC) table.
  arp             Show internal ARP table.(IPv4)
  neigh           Show internal Neighbors table.(IPv6)
  address-pool    Show or flush address-pool. [Remote Cfg Server]
  source-if       Show source network interface.
  tuntap-if       Show TUN/TAP interface.
  if              Show network interface.

  flush-bridge    Flush MAC and ARP/Neigh cache.
  clear-all-conn  Clear all VPN connections.
  rt-check        Start routability check. (MOBIKE Initiator)
  clear-eap-key-cache Clear cached EAP's password. (EAP Client)
  reset-qcd-key   Reset IKEv2 QCD key.
  reset-sess-resume-key Reset IKEv2 Session Resumption keys.

  peer-key        Configure remote peer's ID/key.(PSK/EAP)
  my-key          Configure this node's ID/key.(PSK/EAP)
  my-cert         Update or show this node's certificate.(RSA-Sig)
  ca-cert         Update or show CA's certificate.(RSA-Sig)
  peer-cert       Show remote peer's certificate.(RSA-Sig)
  crl             Update or show CRL.(RSA-Sig)
  realm           Enable or disable realm's config.
  show-realm      Show realm's status summary.
  show-cfg        Show config. [XML]
  show-global-cfg Show global config. [XML]

  admin           Configure administrator's ID/key.
  web-mng         Configure address/port of Web Management Service.
  cfg-archive     Save, upload or extract config archive(backup).

% rockhopper <command> -h   Show help info.
q

$ rockhopper help vpn
$ rockhopper vpn -h
[ Usage ]
% rockhopper vpn -realm <realm_no>
 [-peerid_type <fqdn/email/dn/eap-mschapv2> -peerid <peerid>]
 [-uid <vpn_uid>] [-detail]
 [-port <admin_port>]
 [-no_pager]

- Show VPN realm's brief information. 

$ rockhopper show-realm -detail
 Name(Admin): admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

 Realm:10  Sales Dep. [Bridge] enabled
  Description: Config for Sales Dep.
 Realm:20  Dev Dep. [Bridge] enabled
  Description: Config for Dev Dep.
q

- Configure administrator's ID and password. 

$ rockhopper admin -h
[ Usage ]
% rockhopper admin <add/update/delete/show>
 -admin_id <admin_id> ...
 [-realm <realm_no>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper admin <add/update> -admin_id <admin_id>
 [-admin_password <new_admin_passowrd>] [-realm <new_realm_no>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper admin delete -admin_id <admin_id>
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper admin show -admin_id <admin_id>
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]
 [-no_pager]
 

(Show admin's information.)
$ rockhopper admin show 
 Admin Name: admin
 Password: 
 
 *Showing information by 'less' command.
Enter 'q' to quit.

Name: admin     Realm: any
Name: admin2    Realm: 10
q

(Add a new admin 'admin3' or update the admin's password.)
$ rockhopper admin update -admin_id admin3 
 Enter new admin password: 
 Retype new admin password: 

 Admin Name: admin
 Password: 


(Delete 'admin3'.)
$ rockhopper admin delete -admin_id admin3 
 Admin Name: admin
 Password:

- Configure address/port of Web Management Service.


See also Installation on the non-GUI environment. 

$ rockhopper web-mng -h
[ Usage ]
% rockhopper web-mng [-mng_address <ipv4>]
 [-mng_address_v6 <ipv6>]
 [-mng_port <listening_port>]
 [-allowed_address <IPv4>/<IPv4/PrefixLength>]
 [-allowed_address_v6 <IPv6>/<IPv6/PrefixLength>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

% rockhopper web-mng reset
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]


(Open a Web management service on a remotely accessible address.)
$ ip ad s dev eth0
2: eth0:  mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether 00:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 scope link 
       valid_lft forever preferred_lft forever
$
$ rockhopper web-mng -mng_address 192.168.1.10
 Admin Name: admin
 Password: 

(You can specify an allowed client's address. [e.g.] From Firefox on a different Computer[192.168.1.15].)  
$ rockhopper web-mng -mng_address 192.168.1.10 -allowed_addreess 192.168.1.15
 Admin Name: admin
 Password: 

(Similarly, you can specify allowed clients as a subnet address.)  
$ rockhopper web-mng -mng_address 192.168.1.10 -allowed_addreess 192.168.1.0/24
 Admin Name: admin
 Password: 
 
 
(Reset settings for a Web management service.)
$ rockhopper web-mng reset
 Admin Name: admin
 Password:  
 
 
 
(Restart Rockhopper service to actually apply the above settings.)
$ sudo /etc/init.d/rockhopper restart 
or
$ sudo systemctl restart rockhopper

- Save or upload a configuration backup. 

$ rockhopper cfg-archive -h
[ Usage ]
% rockhopper cfg-archive <save/upload/extract> 
 [-archive_password <password>] [-file <file_name>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper cfg-archive save
 [-file <output_archive_file>]
 [-archive_password <password>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper cfg-archive upload
 -file <saved_archive_file>
 [-archive_password <password>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper cfg-archive extract
 -file <saved_archive_file>
 [-archive_password <password>]


(Save a configuratin backup including all settings, certificates and keys as a single file.)
$ rockhopper cfg-archive save
 Enter archive's password: 
 Retype archive's password: 

 Admin Name: admin
 Password: 
Generating configuration's archive...
Configuration's archive was saved as ./rockhopper.rcfg.


(Upload a backup file to restore the configuration.)
$ rockhopper cfg-archive upload -file ./rockhopper.rcfg
 Enter archive's password: 

 Admin Name: admin
 Password: 

Uploading the configuration's archive...

The configuration archive was successfully uploaded
and extracted. Please reboot system or restart
Rockhopper to actually apply the configuration. 

(Restart Rockhopper service.)
$ sudo /etc/init.d/rockhopper restart 
or
$ sudo systemctl restart rockhopper

- Connect or disconnect VPN.

$ rockhopper connect -h
[ Usage ]
% rockhopper connect -realm <realm_no>
 [-peerid_type <fqdn/email/dn> -peerid <peerid>]
 [-eap_method mschapv2]
 [-eap_id <username/id> -eap_key <passowrd/key>]
 [-port <admin_port>]

$
$ rockhopper connect -realm 500 -peerid_type fqdn -peerid gateway1.example.com
[EAP-MSCHAPv2] User name: alice.sales
[EAP-MSCHAPv2] Password: 
VPN is successfully connected.


$
$ rockhopper disconnect -h
[ Usage ]
% rockhopper disconnect -realm <realm_no>
 [-peerid_type <fqdn/email/dn> -peerid <peerid>]
 [-port <admin_port>]

$
$ rockhopper disconnect -realm 500 -peerid_type fqdn -peerid gateway1.example.com

- Show connected VPN information.

$ rockhopper vpn -h
[ Usage ]
% rockhopper vpn -realm <realm_no>
 [-peerid_type <fqdn/email/dn/eap-mschapv2> -peerid <peerid>]
 [-uid <vpn_uid>] [-detail]
 [-port <admin_port>]
 [-no_pager]
 
$
$ rockhopper vpn -realm 500
 Name(Admin): admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

VPN[0]: Realm(sales:500)  UID:0x0000000000000000f9e5a0dfab18bb62
  Peer ID : gateway1.example.com(fqdn) Alt: gateway1.example.com(fqdn)
       IP : 2001:db8:10::5
  Local IP: 2001:db8:2:0:3077:c984:6174:7c7b(eth1)
  [IN] Local IP: 192.168.100.20/24
                 fe80::fc7e:29ff:fec2:a0d1/64
                 2001:db8:100::20/64
  [IN] Peer IP: N/A
  IKE SA: established  CHILD SA: established
q
$
$ rockhopper vpn -realm 500 -detail
 Name(Admin): admin
 Password: 

VPN[0]: Realm(sales:500)
  Local ID: alice.sales(eap) fd65:6025:4778:aaf9:8b21:d6fd:6d06:5216(ipv6)
        IP: 2001:db8:2:0:89ce:e983:f305:126c(eth1).4500
  Peer ID : gateway1.example.com(fqdn) Alt: gateway1.example.com(fqdn)
       IP : 2001:db8:10::5.4500   AP QCD Rockhopper
  [NAT_T] BOTH: BEHIND_A_NAT
  [IN] Local IP: rhpvif500 ikev2cfg
                 172.16.4.24/16
                 2001:db8:100::24/64
  [IN] Peer IP: unknown
  [IN] MAC:ee:68:ac:59:99:68 MTU:1492
  [IN] Remote Network: GW(v4:172.16.0.10 v6:2001:db8:100::10)
                       192.168.0.0/24
                       192.168.201.0/24
                       192.168.200.0/24
                       2001:db8::/64
                       2001:db8:201::/64
                       2001:db8:200::/64
  [IN] DNS Server: v4:192.168.0.101 v6:2001:db8::101
       DNS Suffix: .example.com
  [MOBIKE] Peer IP: 10.0.0.5
                    20.0.0.5
                    2001:db8:20::5
  initiator Encap:etherip MOBIKE QCD
  Elapsed(274) Created IKE SAs(2) & Child SAs(3)
  UID:0x0000000000000000dc5bb5371b96727f

  *IKE SA[1]:
   SPI I:5832401011643063821(0x50f0d9d1969d1e0d)
       R:11960463794553175672(0xa5fc1a73af433e78)
   initiator established/completed(eap)
   Rekeyed(1) Elapsed(74) Lifetime(Rekey:106 Exp:20026)
   Auth: Local:EAP(mschapv2) Peer:rsa-sig
   Prop[1] PRF:hmac_sha2_512 DH:14 Integ:hmac_sha2_512_256 Encr:aes_cbc(256)

  *CHILD SA[1]: SPI IN:3535239000(0xd2b77758)OUT:3563429134(0xd4659d0e)
   initiator established
   mode:transport Rekeyed(2) Elapsed(19) Lifetime(Rekey:101 Exp:3701)
   Prop[1] Integ:hmac_sha2_512_256 Encr:aes_cbc(256)
   PMTU(Def:1492, Cache:1358) ESN Anti-Replay UDP-Encap
   [TS: Local ==> Peer]:
    [1] proto:ANY, port:ANY, ANY (ipv4)
    [2] proto:ANY, port:ANY, ANY (ipv6)

   [TS: Peer ==> Local]:
    [1] proto:ANY, port:ANY, ANY (ipv4)
    [2] proto:ANY, port:ANY, ANY (ipv6)

   [Anti-Replay]:
   Tx: Seq: 2
   Rx: WinSize 64, Seq B: 1, Seq T: 12
   Rx: WinMask
            1         2         3         4         5         6    
   1---+----01---+----01---+----01---+----01---+----01---+----01---
   1111111111110000000000000000000000000000000000000000000000000000
q


AP: Access Point (Gateway/Concentrator)
QCD: Quick Crash Detection
CFG-SVR: Remote Configuration Server
EAP-SVR: EAP Server (Authenticator)
HTTP-CERT: HTTP Certification Lookup
FRAG: IKEv2 Message Fragmentation
UID: VPN connection's unique ID
GW: Gateway
[NAT_T]: NAT Traversal
[IN]: Internal Network protected by IPsec-VPN
[MOBIKE]: Additional peer's addresses
Encap: Encapsulation Mode (etherip or ipip)
ikev2cfg: IKEv2 Remote Configuration
UDP-Encap: UDP-Encapsulation (NAT-Traversal)

- Show network information.

$ rockhopper arp -realm 500 -detail

*Showing information by 'less' command.
Enter 'q' to quit.

[ARP table] Rlm(500)
 [0] 172.16.0.100 00:0c:29:27:e6:57 vpn gateway1.example.com(fqdn) dynamic Elapsed(143)
 [1] 172.16.4.24 ee:68:ac:59:99:68 protected dynamic Elapsed(143)
q

$
$ rockhopper neigh -realm 500 -detail

*Showing information by 'less' command.
Enter 'q' to quit.

[Neigh table] Rlm(500)
 [0] 2001:db8:100::100 00:0c:29:27:e6:57 vpn gateway1.example.com(fqdn) dynamic Elapsed(6)
 [1] 2001:db8:100::24 ee:68:ac:59:99:68 protected dynamic Elapsed(6)
 [2] 2001:db8:100::21 3a:c4:01:fb:35:a4 vpn gateway1.example.com(fqdn) dynamic Elapsed(1065)
 [3] fe80::10d2:bdac:8b14:c5a6 26:d0:59:5c:ed:36 protected v6_aux_link_local Elapsed(13895)
q

$
$ rockhopper bridge -realm 500 -detail

*Showing information by 'less' command.
Enter 'q' to quit.

 [0] 3a:c4:01:fb:35:a4 vpn     gateway1.example.com(fqdn) dynamic Elapsed(740)
 [1] 00:50:56:c0:00:06 vpn     gateway1.example.com(fqdn) dynamic Elapsed(140)
 [2] 00:0c:29:5d:8d:1f vpn     gateway1.example.com(fqdn) dynamic Elapsed(140)
 [3] 00:0c:29:27:e6:57 vpn     gateway1.example.com(fqdn) dynamic Elapsed(140)
 [4] ee:68:ac:59:99:68 protected dynamic Elapsed(140)
 [5] 26:d0:59:5c:ed:36 protected v6_aux_link_local Elapsed(13934)
q

$
$ rockhopper source-if -realm 500

*Showing information by 'less' command.
Enter 'q' to quit.

 [0] eth1 (up, ipv4/ipv6, default route)
  MAC: 00:0c:29:c1:cf:86 MTU: 1500
  Priority: 1, Cfg-priority: 2147483647
  IP: 192.168.2.111/24
      2001:db8:2:0:89ce:e983:f305:126c/64
      2001:db8:2:0:20c:29ff:fec1:cf86/64
      fe80::20c:29ff:fec1:cf86/64

 [1] eth2 (down, ipv4, default route)
  MAC: 00:0c:29:c1:cf:90 MTU: 1500
  Priority: 2, Cfg-priority: 2147483647
q

$
$ rockhopper tuntap-if -realm 500

*Showing information by 'less' command.
Enter 'q' to quit.

[0] rhpvif500: Realm(500)  ikev2cfg
 MAC: ee:68:ac:59:99:68 MTU(1492) Index(155)
 Aux-MAC: 26:d0:59:5c:ed:36  Aux-IPv6: fe80::10d2:bdac:8b14:c5a6
 Fixed MTU(1492) Default MTU(1500)
 IP:172.16.4.24/16
    2001:db8:100::24/64
q

$
$ rockhopper if

*Showing information by 'less' command.
Enter 'q' to quit.

[0] eth1: *USED
 MAC: 00:0c:29:c1:cf:86 MTU(1500) Index(3)
 IP:192.168.2.111/24
    2001:db8:2:0:89ce:e983:f305:126c/64
    2001:db8:2:0:20c:29ff:fec1:cf86/64
    fe80::20c:29ff:fec1:cf86/64

[1] eth2: *USED
 MAC: 00:0c:29:c1:cf:90 MTU(1500) Index(4)

[2] lo:
 MAC: 00:00:00:00:00:00 MTU(65536) Index(1)
 IP:127.0.0.1/8
    ::1/128
q

$
$ rockhopper address-pool -realm 10 -detail
 Admin Name: admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

  [0] alice.sales(eap)
   IPv4: 192.168.100.21 IPv6: 2001:db8:100::21
   Peer ID: 2001:db8:2:0:88dd:971b:eedd:a8eb(ipv6)
   EAP ID: alice.sales
   Status: In-Use

  [1] C = JP, ST = Tokyo, L = Minatoku, O = example, OU = sales, CN = remotehost1, 
      emailAddress = remotehost1@sales.example.com(dn)
   IPv4: 192.168.100.20 IPv6: 2001:db8:100::20
   Peer ID: C = JP, ST = Tokyo, L = Minatoku, O = example, OU = sales, CN = remotehost1, 
            emailAddress = remotehost1@sales.example.com(dn)
   Peer ID(Alt): remotehost1@sales.example.com(email)
   Status: Cached (Expire:2821)
q

- Flush MAC(bridge) and ARP/Neigh cache.

$ rockhopper flush-bridge -realm 500
 Name(Admin): admin
 Password:

- Forcedly clear all VPN connections.

$ rockhopper clear-all-conn -realm 500
 Name(Admin): admin
 Password:

- Start routability check and show the results. (MOBIKE Initiator)

$ rockhopper rt-check restart -realm 500 -peerid_type fqdn -peerid gateway1.example.com

*Showing information by 'less' command.
Enter 'q' to quit.

Now routability check is ongoing. It may take several seconds...

Routability check process finished.

VPN[0]: Realm(sales:500)  UID:0x0000000000000000dc5bb5371b96727f
  Local ID: alice.sales(eap) fd65:6025:4778:aaf9:8b21:d6fd:6d06:5216(ipv6)
        IP: 2001:db8:2:0:89ce:e983:f305:126c(eth1).4500
  Peer ID : gateway1.example.com(fqdn) Alt: gateway1.example.com(fqdn)
       IP : 2001:db8:10::5.4500 AP
  *IKE SA[1]  : initiator established/completed(eap)
  *CHILD SA[1]: initiator established

 [1] Local:  2001:db8:2:0:89ce:e983:f305:126c/64 (eth1)
     Remote: 2001:db8:10::5 (config) *REACHABLE

 [2] Local:  2001:db8:2:0:20c:29ff:fec1:cf86/64 (eth1)
     Remote: 2001:db8:10::5 (config) *REACHABLE

 [3] Local:  2001:db8:3:0:20c:29ff:fec1:cf90/64 (eth2)
     Remote: 2001:db8:10::5 (config) *REACHABLE

 [4] Local:  2001:db8:3:0:f930:645:f6a4:82e7/64 (eth2)
     Remote: 2001:db8:10::5 (config) *REACHABLE

 [5] Local:  192.168.2.111/24 (eth1)
     Remote: 10.0.0.5 (config) *REACHABLE

 [6] Local:  192.168.3.125/24 (eth2)
     Remote: 10.0.0.5 (config) FAILED

 [7] Local:  2001:db8:2:0:89ce:e983:f305:126c/64 (eth1)
     Remote: 2001:db8:20::5 (additional) *REACHABLE

 [8] Local:  2001:db8:2:0:20c:29ff:fec1:cf86/64 (eth1)
     Remote: 2001:db8:20::5 (additional) *REACHABLE

 [9] Local:  2001:db8:3:0:20c:29ff:fec1:cf90/64 (eth2)
     Remote: 2001:db8:20::5 (additional) *REACHABLE

 [10] Local:  2001:db8:3:0:f930:645:f6a4:82e7/64 (eth2)
     Remote: 2001:db8:20::5 (additional) *REACHABLE

 [11] Local:  192.168.2.111/24 (eth1)
      Remote: 20.0.0.5 (additional) *REACHABLE

 [12] Local:  192.168.3.125/24 (eth2)
      Remote: 20.0.0.5 (additional) FAILED
q

- Manage this node's ID and Key (Password). [PSK/EAP]

$ rockhopper my-key -h
[ Usage ]
% rockhopper my-key <update/delete/show>
 -realm <realm_no> ...
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ] *Update this node's ID and Key.
% rockhopper my-key update -realm <realm_no>
 -myid_type <fqdn/email/eap-mschapv2>
 -myid <myid>
 [-key <pre_shared_key(PSK)/password>]
 [-keygen <num of characters>]
 [-cache_eap_key] [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ] *Delete this node's ID and Key. (EAP)
% rockhopper my-key delete -realm <realm_no>
 -myid_type <eap-mschapv2>
 [-cache_eap_key] [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ] *Show this node's ID.
% rockhopper my-key show [-realm <realm_no>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]
 [-no_pager]


$ rockhopper my-key show
 Admin Name: admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

 *Realm(500)
 Auth Method: eap
 ID Type: mschapv2
 ID:      alice.sales

 *Realm(501)
 Auth Method: rsa-sig
 ID Type: cert_auto

 *Realm(502)
 Auth Method: psk
 ID Type: email
 ID:      bob@sales.example.com
q


(Update your EAP-MSCHAPv2 username and password.)
$ rockhopper my-key update -realm 500 -myid_type eap-mschapv2 -myid alice.sales
 Enter new my key: 
 Retype new my key: 

 Admin Name: admin
 Password: 

(If '-keygen' is specified, a random key value is generated.)
$ rockhopper my-key update -realm 500 -myid_type eap-mschapv2 -myid alice.sales -keygen 10
 Admin Name: admin
 Password: 
=
My ID Type:    mschapv2
My ID:         alice.sales
Generated key: KTywCYaEIV
=
(If you want to write the generated key to a file, do like this.)
$ rockhopper my-key update -realm 500 -myid_type eap-mschapv2 -myid alice.sales -keygen 10
-admin admin -password secret >> my_key.txt


(Update your ID and PSK.)
$ rockhopper my-key update -realm 502 -myid_type email -myid bob@sales.example.com
 Enter new my key: 
 Retype new my key: 

 Admin Name: admin
 Password: 

(If '-keygen' is specified, a random key value is generated.)
$ rockhopper my-key update -realm 502 -myid_type email -myid bob@sales.example.com 
-keygen 10
 Admin Name: admin
 Password: 
=
My ID Type:    email
My ID:         bob@sales.example.com
Generated key: TgmHDHHkII
=
(If you want to write the generated key to a file, do like this.)
$ rockhopper my-key update -realm 502 -myid_type email -myid bob@sales.example.com 
-keygen 10 -admin admin -password secret >> my_key.txt


(Clear your EAP-MSCHAPv2 ID and password.)
$ rockhopper my-key delete -realm 500 -myid_type eap-mschapv2
 Admin Name: admin
 Password:

- Manage a remote peer's ID (username) and PSK (password). [PSK/EAP]

$ rockhopper peer-key -h
[ Usage ]
% rockhopper peer-key <add/update/delete/show>
 -realm <realm_no> ...
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ] *Update a remote peer's ID and Key.
% rockhopper peer-key <add/update>
 -realm <realm_no>
 -peerid_type <fqdn/email/any/eap-mschapv2>
 -peerid <peerid>
 [-key <pre_shared_key(PSK)/password>]
 [-keygen <num of characters>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ] *Delete a remote peer's ID and Key.
% rockhopper peer-key delete -realm <realm_no>
 -peerid_type <fqdn/email/any/eap-mschapv2>
 -peerid <peerid>
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ] *Show remote peer IDs and Keys.  
% rockhopper peer-key show [-realm <realm_no>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]
 [-no_pager]


$ rockhopper peer-key show
 Admin Name: admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

 *Realm(10)
[0] ID Type: mschapv2   ID: alice.sales
[1] ID Type: mschapv2   ID: bob.sales
[2] ID Type: email      ID: remotehost1@sales.example.com
[3] ID Type: fqdn       ID: remotegw1.sales.example.com

 *Realm(20)
[0] ID Type: mschapv2   ID: taro.dev
[1] ID Type: mschapv2   ID: hanako.dev
[2] ID Type: email      ID: remotehost1@dev.example.com
[3] ID Type: fqdn       ID: remotegw1.dev.example.com
q
(If you want to write the information to a file, do like this.)
$ rockhopper peer-key show -no_pager -admin admin -password secret >> peer_keys.txt


(Update a remote peer's username and password. [EAP-MSCHAPv2])
$ rockhopper peer-key update -realm 10 -peerid_type eap-mschapv2 -peerid alice.sales
 Enter new peer's key: 
 Retype new peer's key: 

 Admin Name: admin
 Password: 

(If '-keygen' is specified, a random key value is generated.)
$ rockhopper peer-key update -realm 10 -peerid_type eap-mschapv2 -peerid alice.sales -keygen 10
 Admin Name: admin
 Password: 
=
Peer ID Type:  mschapv2
Peer ID:       alice.sales
Generated key: uVombrQvJS
=
(If you want to write the generated key to a file, do like this.)
$ rockhopper peer-key update -realm 10 -peerid_type eap-mschapv2 -peerid alice.sales 
-keygen 10 -admin admin -password secret >> peer_keys.txt


(Update a remote peer's ID and PSK.)
$ rockhopper peer-key update -realm 10 -peerid_type email -peerid bob@sales.example.com
 Enter new peer's key: 
 Retype new peer's key: 

 Admin Name: admin
 Password: 

(If '-keygen' is specified, a random key value is generated.)
$ rockhopper peer-key update -realm 10 -peerid_type email -peerid bob@sales.example.com
-keygen 10
 Admin Name: admin
 Password: 
=
Peer ID Type:  email
Peer ID:       bob@sales.example.com
Generated key: HvCqnZ7NoO
==
(If you want to write the generated key to a file, do like this.)
$ rockhopper peer-key update -realm 10 -peerid_type email -peerid bob@sales.example.com 
-keygen 10 -admin admin -password secret >> peer_keys.txt


(Delete a remote peer's username and password. [EAP-MSCHAPv2])
$ rockhopper peer-key delete -realm 10 -peerid_type eap-mschapv2 -peerid alice.sales
 Admin Name: admin
 Password: 

(Delete a remote peer's ID and PSK.)
$ rockhopper peer-key delete -realm 10 -peerid_type email -peerid bob@sales.example.com
 Admin Name: admin
 Password:

- Manage this node's certificate/key and CA's certificate.

$ rockhopper my-cert -h
[ Usage ]
% rockhopper my-cert <show/update>
 -realm <realm_no> ...
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper my-cert show -realm <realm_no>
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]
 [-no_pager]

[ Usage ]
*PKCS12
% rockhopper my-cert update -realm <realm_no>
 -pkcs12_file <pkcs12_file>
 [-priv_key_password <password>]
 [-myid_type <dn/san/auto>]
 [-accept_expired_cert <enable/disable>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
*PEM
% rockhopper my-cert update -realm <realm_no>
 -pem_cert_file <cert_pem_file>
 -pem_priv_key_file <priv_key_pem_file>
 [-priv_key_password <password>]
 [-myid_type <dn/san/auto>]
 [-accept_expired_cert <enable/disable>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

(Show this node's cerficate.)
$ rockhopper my-cert show -realm 10
 Admin Name: admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=JP, ST=Tokyo, L=Minatoku, O=example, OU=netmng, 
                CN=testca/emailAddress=testca@example.com
        Validity
            Not Before: Mar  7 00:50:00 2015 GMT
            Not After : Mar  7 00:50:00 2016 GMT
        Subject: C=JP, ST=Tokyo, L=Minatoku, O=example, OU=netmng, CN=gateway1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:96:ef:f4:1b:25:14:ac:c4:ec:8e:4c:c1:f2:c6:
                    6a:f5:6c:20:77:92:fa:c4:a6:70:06:f0:3d:68:08:
                    ...
                    8c:fb:9f:3d:aa:78:42:13:9d:35:04:ca:da:f2:74:
                    78:d2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
            X509v3 Subject Alternative Name: 
                DNS:gateway1.example.com
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                xca certificate
    Signature Algorithm: sha1WithRSAEncryption
         1c:51:5c:a9:30:34:29:2b:38:4c:4d:2d:60:20:70:7f:c7:0b:
         2e:4e:b7:fa:c3:60:fe:46:6d:fe:ae:73:c1:d4:6e:b9:eb:7f:
         ...
         09:0d:77:70:8e:83:83:5f:3a:88:8d:5c:9a:e8:78:dd:df:1e:
         62:86:cb:61:eb:a0:3e:60
q
(If you want to write the information to a file, do like this.)
$ rockhopper my-cert show -no_pager -admin admin -password secret >> my_cert.txt


(Update this node's cerficates and key. [PKCS#12] )
$ rockhopper my-cert update -realm 10 -pkcs12_file ./gateway1.p12
 Enter private key's password:
 Retype private key's password:

 Admin Name: admin
 Password:


(Update this node's cerficates and key. [PEM] )
$ rockhopper my-cert update -realm 10 -pem_cert_file ./gateway1.crt 
-pem_priv_key_file ./gateway1.key
 Enter private key's password:
 Retype private key's password:

 Admin Name: admin
 Password:
 

$ rockhopper ca-cert -h
[ Usage ]
% rockhopper ca-cert <show/update-pem>
 -realm <realm_no> ...
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

[ Usage ]
% rockhopper ca-cert show -realm <realm_no>
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]
 [-no_pager]

[ Usage ]
*PEM
% rockhopper ca-cert update -realm <realm_no>
 -pem_file <cert_pem_file>
 [-accept_expired_cert <enable/disable>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]
 
 
(Show CA's cerficate.)
$ rockhopper my-cert show -realm 10
 Admin Name: admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=JP, ST=Tokyo, L=Minatoku, O=example, OU=netmng, 
                CN=testca/emailAddress=testca@example.com
        Validity
            Not Before: Mar  7 00:39:00 2015 GMT
            Not After : Mar  7 00:39:00 2025 GMT
        Subject: C=JP, ST=Tokyo, L=Minatoku, O=example, OU=netmng, 
                 CN=testca/emailAddress=testca@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:bb:0c:df:5b:20:4f:e2:73:57:a6:e4:30:61:22:
                    94:0f:44:d1:98:81:a7:0e:c6:4f:17:2d:f5:21:3c:
                    ...
                    11:04:c7:0b:2a:91:cf:87:ef:8d:cb:3c:55:03:03:
                    b1:da:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:TRUE
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            X509v3 Subject Alternative Name: 
                email:testca@example.com
            Netscape Cert Type: 
                SSL CA, S/MIME CA, Object Signing CA
            Netscape Comment: 
                xca certificate
    Signature Algorithm: sha1WithRSAEncryption
         74:2c:94:3d:4f:8f:da:08:2b:67:82:29:53:e0:3e:43:c2:67:
         95:43:4b:b0:b1:dd:c1:84:8b:bd:c1:2d:45:d4:ce:5e:2d:6a:
         ...
         b3:26:b7:c4:5e:57:19:88:f5:20:0f:84:c6:b1:90:49:4b:3f:
         22:08:c2:b4:04:74:1f:63
q
(If you want to write the information to a file, do like this.)
$ rockhopper ca-cert show -no_pager -admin admin -password secret >> ca_cert.txt


(Update CA's cerficates. [PEM] )
$ rockhopper ca-cert update -realm 10 -pem_file ./TestCA.crt
 Admin Name: admin
 Password:

- Show a remote peer's certificate.

$ rockhopper peer-cert -h
[ Usage ]
% rockhopper peer-cert -realm <realm_no>
 [-peerid_type <fqdn/email/dn> -peerid <peerid>]
 [-uid <vpn_uid>] [-detail]
 [-port <admin_port>]
 [-no_pager]

(First, connect VPN with the remote peer.) 
;$ rockhopper connect -realm 500 -peerid_type fqdn -peerid gateway1.example.com
 
(Show the remote peer's certificate.) 
$ rockhopper peer-cert -realm 500 -peerid_type fqdn -peerid gateway1.example.com
 Admin Name: admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=JP, ST=Tokyo, L=Minatoku, O=example, OU=netmng, 
                CN=testca/emailAddress=testca@example.com
        Validity
            Not Before: Mar  7 00:50:00 2015 GMT
            Not After : Mar  7 00:50:00 2016 GMT
        Subject: C=JP, ST=Tokyo, L=Minatoku, O=example, OU=netmng, CN=gateway1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:96:ef:f4:1b:25:14:ac:c4:ec:8e:4c:c1:f2:c6:
                    6a:f5:6c:20:77:92:fa:c4:a6:70:06:f0:3d:68:08:
                    ...
                    a3:6c:46:4f:46:55:3a:de:30:b7:44:61:d3:6f:46:
                    8c:fb:9f:3d:aa:78:42:13:9d:35:04:ca:da:f2:74:
                    78:d2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
            X509v3 Subject Alternative Name: 
                DNS:gateway1.example.com
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                xca certificate
    Signature Algorithm: sha1WithRSAEncryption
         1c:51:5c:a9:30:34:29:2b:38:4c:4d:2d:60:20:70:7f:c7:0b:
         2e:4e:b7:fa:c3:60:fe:46:6d:fe:ae:73:c1:d4:6e:b9:eb:7f:
         ...
         09:0d:77:70:8e:83:83:5f:3a:88:8d:5c:9a:e8:78:dd:df:1e:
         62:86:cb:61:eb:a0:3e:60
q
(If you want to write the information to a file, do like this.)
$ rockhopper peer-cert -realm 500 -peerid_type fqdn -peerid gateway1.example.com 
-no_pager -admin admin -password secret >> gateway1_cert.txt


Back to Top