NAME

racoon - IKE (ISAKMP/Oakley) key management daemon

SYNOPSIS

racoon [-46BdFLv] [-f configfile] [-l logfile] [-P isakmp-natt-port] [-p isakmp-port]

DESCRIPTION

racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with other hosts. The SPD (Security Policy Database) in the kernel usually triggers . racoon usually sends all informational messages, warnings and error messages to syslogd(8) with the facility LOG_DAEMON and the priority LOG_INFO. Debugging messages are sent with the priority LOG_DEBUG. You should configure syslog.conf(5) appropriately to see these messages.

-4

-6
Specify the default address family for the sockets.

-B
Install SA(s) from the file which is specified in racoon.conf(5).

-d
Increase the debug level. Multiple -d arguments will increase the debug level even more.

-F
Run racoon in the foreground.

-f configfile
Use configfile as the configuration file instead of the default.

-L
Include file_name:line_number:function_name in all messages.

-l logfile
Use logfile as the logging file instead of syslogd(8).

-P isakmp-natt-port
Use isakmp-natt-port for NAT-Traversal port-floating. The default is 4500.

-p isakmp-port
Listen to the ISAKMP key exchange on port isakmp-port instead of the default port number, 500.

-v
This flag causes the packet dump be more verbose, with higher debugging level.

racoon assumes the presence of the kernel random number device rnd(4) at /dev/urandom.

RETURN VALUES

The command exits with 0 on success, and non-zero on errors.

FILES

/etc/racoon.conf
default configuration file.

SEE ALSO

ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)

HISTORY

The racoon command first appeared in the ``YIPS'' Yokogawa IPsec implementation.

SECURITY CONSIDERATIONS

The use of IKE phase 1 aggressive mode is not recommended, as described in http://www.kb.cert.org/vuls/id/886601.