RACOON(8) BSD System Manager's Manual RACOON(8)NAMEracoon — IKE (ISAKMP/Oakley) key management daemon
SYNOPSISracoon [-46BdFLv] [-f configfile] [-l logfile]
DESCRIPTIONracoon is used to setup and maintain an IPSec tunnel or transport chan‐
nel, between two devices, over which network traffic is conveyed
securely. This security is made possible by cryptographic keys and oper‐
ations on both devices. racoon relies on a standardized network protocol
(IKE) to automatically negotiate and manage the cryptographic keys (e.g.
security associations) that are necessary for the IPSec tunnel or trans‐
port channel to function. racoon speaks the IKE (ISAKMP/Oakley) key man‐
agement protocol, to establish security associations with other hosts.
The SPD (Security Policy Database) in the kernel usually triggers racoon.
racoon usually sends all informational messages, warnings and error mes‐
sages to syslogd(8) with the facility LOG_DAEMON and the priority
LOG_INFO. Debugging messages are sent with the priority LOG_DEBUG. You
should configure syslog.conf(5) appropriately to see these messages.
-4
-6 Specify the default address family for the sockets.
-B Install SA(s) from the file which is specified in racoon.conf(5).
-d Increase the debug level. Multiple -d arguments will increase
the debug level even more.
-F Run racoon in the foreground.
-f configfile
Use configfile as the configuration file instead of the default.
-L Include file_name:line_number:function_name in all messages.
-l logfile
Use logfile as the logging file instead of syslogd(8).
-v This flag causes the packet dump be more verbose, with higher
debugging level.
racoon assumes the presence of the kernel random number device rnd(4) at
/dev/urandom.
RETURN VALUES
The command exits with 0 on success, and non-zero on errors.
FILES
/private/etc/racoon/racoon.conf default configuration file.
/private/etc/racoon/psk.txt default pre-shared key file.
SEE ALSOipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)HISTORY
The racoon command first appeared in the “YIPS” Yokogawa IPsec implemen‐
tation.
SECURITY CONSIDERATIONS
The use of IKE phase 1 aggressive mode is not recommended, as described
in http://www.kb.cert.org/vuls/id/886601.
BSD November 20, 2000 BSD