NAME
racoon
- IKE (ISAKMP/Oakley) key management daemon
SYNOPSIS
racoon
[-46BdFLv]
[-f configfile]
[-l logfile]
[-P isakmp-natt-port]
[-p isakmp-port]
DESCRIPTION
racoon
speaks the IKE
(ISAKMP/Oakley)
key management protocol,
to establish security associations with other hosts.
The SPD
(Security Policy Database)
in the kernel usually triggers
.
racoon
usually sends all informational messages, warnings and error messages to
syslogd(8)
with the facility
LOG_DAEMON
and the priority
LOG_INFO
.
Debugging messages are sent with the priority
LOG_DEBUG
.
You should configure
syslog.conf(5)
appropriately to see these messages.
- -4
-
- -6
-
Specify the default address family for the sockets.
- -B
-
Install SA(s) from the file which is specified in
racoon.conf(5).
- -d
-
Increase the debug level.
Multiple
-d
arguments will increase the debug level even more.
- -F
-
Run
racoon
in the foreground.
- -f configfile
-
Use
configfile
as the configuration file instead of the default.
- -L
-
Include
file_name:line_number:function_name
in all messages.
- -l logfile
-
Use
logfile
as the logging file instead of
syslogd(8).
- -P isakmp-natt-port
-
Use
isakmp-natt-port
for NAT-Traversal port-floating.
The default is 4500.
- -p isakmp-port
-
Listen to the ISAKMP key exchange on port
isakmp-port
instead of the default port number, 500.
- -v
-
This flag causes the packet dump be more verbose, with higher
debugging level.
racoon
assumes the presence of the kernel random number device
rnd(4)
at
/dev/urandom
.
RETURN VALUES
The command exits with 0 on success, and non-zero on errors.
FILES
/etc/racoon.conf
-
default configuration file.
SEE ALSO
ipsec(4),
racoon.conf(5),
syslog.conf(5),
setkey(8),
syslogd(8)
HISTORY
The
racoon
command first appeared in the
``YIPS''
Yokogawa IPsec implementation.
SECURITY CONSIDERATIONS
The use of IKE phase 1 aggressive mode is not recommended,
as described in
http://www.kb.cert.org/vuls/id/886601
.