racoon (8) Linux Manual Page
racoon – IKE (ISAKMP/Oakley) key management daemon
Synopsis
racoon -words [-46BdFLVv -words ] [-f configfile ] -words [-l logfile ] -words [-P isakmp-natt-port ] -words [-p isakmp-port ]
Description
racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with other hosts. The SPD (Security Policy Database) in the kernel usually triggers . racoon usually sends all informational messages, warnings and error messages to syslogd(8) with the facility LOG_DAEMON and the priority LOG_INFO Debugging messages are sent with the priority LOG_DEBUG You should configure syslog.conf5 appropriately to see these messages.
-4-6- Specify the default address family for the sockets.
-B- Install SA(s) from the file which is specified in racoon.conf5.
-d- Increase the debug level. Multiple –
darguments will increase the debug level even more. -F- Run
racoonin the foreground. -fconfigfile- Use configfile as the configuration file instead of the default.
-L- Include file_name:line_number:function_name in all messages.
-llogfile- Use logfile as the logging file instead of syslogd(8).
-Pisakmp-natt-port- Use isakmp-natt-port for NAT-Traversal port-floating. The default is 4500.
-pisakmp-port- Listen to the ISAKMP key exchange on port isakmp-port instead of the default port number, 500.
-V- Print racoon version and compilation options and exit.
-v- This flag causes the packet dump be more verbose, with higher debugging level.
racoon assumes the presence of the kernel random number device rnd(4) at /dev/urandom
Return Values
The command exits with 0 on success, and non-zero on errors.
Files
/etc/racoon.conf- default configuration file.
See Also
ipsec(4), racoon.conf5, syslog.conf5, setkey(8), syslogd(8)
History
The racoon command first appeared in the “YIPS” Yokogawa IPsec implementation.
Security Considerations
The use of IKE phase 1 aggressive mode is not recommended, as described in http://www.kb.cert.org/vuls/id/886601