manpagez: man pages & more
man racoon(8)
Home | html | info | man
racoon(8)                 BSD System Manager's Manual                racoon(8)


NAME

     racoon -- IKE (ISAKMP/Oakley) key management daemon


SYNOPSIS

     racoon [-46BdFLv] [-f configfile] [-l logfile]


DESCRIPTION

     racoon is used to setup and maintain an IPSec tunnel or transport chan-
     nel, between two devices, over which network traffic is conveyed
     securely.  This security is made possible by cryptographic keys and oper-
     ations on both devices.  racoon relies on a standardized network protocol
     (IKE) to automatically negotiate and manage the cryptographic keys (e.g.
     security associations) that are necessary for the IPSec tunnel or trans-
     port channel to function.  racoon speaks the IKE (ISAKMP/Oakley) key man-
     agement protocol, to establish security associations with other hosts.
     The SPD (Security Policy Database) in the kernel usually triggers racoon.
     racoon usually sends all informational messages, warnings and error mes-
     sages to syslogd(8) with the facility LOG_DAEMON and the priority
     LOG_INFO.  Debugging messages are sent with the priority LOG_DEBUG.  You
     should configure syslog.conf(5) appropriately to see these messages.

     -4

     -6      Specify the default address family for the sockets.

     -B      Install SA(s) from the file which is specified in racoon.conf(5).

     -d      Increase the debug level.  Multiple -d arguments will increase
             the debug level even more.

     -F      Run racoon in the foreground.

     -f configfile
             Use configfile as the configuration file instead of the default.

     -L      Include file_name:line_number:function_name in all messages.

     -l logfile
             Use logfile as the logging file instead of syslogd(8).

     -v      This flag causes the packet dump be more verbose, with higher
             debugging level.

     racoon assumes the presence of the kernel random number device rnd(4) at
     /dev/urandom.


RETURN VALUES

     The command exits with 0 on success, and non-zero on errors.


FILES

     /private/etc/racoon/racoon.conf       default configuration file.
     /private/etc/racoon/psk.txt           default pre-shared key file.


SEE ALSO

     ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)


HISTORY

     The racoon command first appeared in the ``YIPS'' Yokogawa IPsec imple-
     mentation.


SECURITY CONSIDERATIONS

     The use of IKE phase 1 aggressive mode is not recommended, as described
     in http://www.kb.cert.org/vuls/id/886601.

BSD                            November 20, 2000                           BSD

Mac OS X 10.7 - Generated Sat Sep 3 06:16:57 CDT 2011
© manpagez.com 2000-2017
Individual documents may contain additional copyright information.