NAME¶
racoon
—
IKE (ISAKMP/Oakley) key management daemon
SYNOPSIS¶
racoon |
[ -46BdFLVv ]
[-f configfile ]
[-l logfile ]
[-P isakmp-natt-port ]
[-p isakmp-port ] |
DESCRIPTION¶
racoon
speaks the IKE (ISAKMP/Oakley) key
management protocol, to establish security associations with other hosts. The
SPD (Security Policy Database) in the kernel usually triggers
racoon
.
racoon
usually sends all informational
messages, warnings and error messages to
syslogd(8) with the facility
LOG_DAEMON
and the priority
LOG_INFO
. Debugging messages are sent with
the priority
LOG_DEBUG
. You should
configure
syslog.conf(5) appropriately to see
these messages.
-4
-
-6
- Specify the default address family for the sockets.
-B
- Install SA(s) from the file which is specified in
racoon.conf(5).
-d
- Increase the debug level. Multiple
-d
arguments will increase the debug level even more.
-F
- Run
racoon
in the foreground.
-f
configfile
- Use configfile as the configuration file
instead of the default.
-L
- Include
file_name:line_number:function_name in
all messages.
-l
logfile
- Use logfile as the logging file instead
of syslogd(8).
-P
isakmp-natt-port
- Use isakmp-natt-port for NAT-Traversal
port-floating. The default is 4500.
-p
isakmp-port
- Listen to the ISAKMP key exchange on port
isakmp-port instead of the default port
number, 500.
-V
- Print racoon version and compilation options and exit.
-v
- This flag causes the packet dump be more verbose, with higher debugging
level.
racoon
assumes the presence of the kernel
random number device
rnd(4) at
/dev/urandom.
RETURN VALUES¶
The command exits with 0 on success, and non-zero on errors.
FILES¶
- /etc/racoon.conf
- default configuration file.
SEE ALSO¶
ipsec(4),
racoon.conf(5),
syslog.conf(5),
setkey(8),
syslogd(8)
HISTORY¶
The
racoon
command first appeared in the
“YIPS” Yokogawa IPsec implementation.
SECURITY CONSIDERATIONS¶
The use of IKE phase 1 aggressive mode is not recommended, as described in
http://www.kb.cert.org/vuls/id/886601.