RACOON(8) BSD System Manager's Manual RACOON(8) NAME racoon(5,8) -- IKE (ISAKMP/Oakley) key management daemon SYNOPSIS racoon(5,8) [-BFvdL46] [-f configfile] [-l logfile] [-p isakmp-port] [-P isakmp-natt-port] DESCRIPTION racoon(5,8) speaks IKE (ISAKMP/Oakley) key management protocol, to establish security association with other hosts. SPD (Security Policy Database) in(1,8) the kernel usually triggers to start racoon(5,8). racoon(5,8) usually sends all of informational messages, warnings and error(8,n) messages to syslogd(8) with the facility LOG_DAEMON, the priority LOG_INFO. Debugging messages are sent with the priority LOG_DEBUG. You should configure syslog.conf(5) appropriately to see these messages. -B Install SA(s) from the file(1,n) which is specified in(1,8) racoon.conf(5). -F Run racoon(5,8) in(1,8) the foreground. -f configfile Use configfile as the configuration file(1,n) instead of the default. -l logfile Use logfile as the logging file(1,n) instead of syslogd(8). -p isakmp-port Listen to ISAKMP key exchange on port isakmp-port instead of the default port number, 500. -P isakmp-natt-port Use isakmp-natt-port for NAT-Traversal port-floating. The default is 4500. -v The flag causes the packet dump be more verbose, with higher debugging level. -d Increase the debug level. Multiple -d will increase the debug level even more. -L Include file_name:line_number:fuction_name location in(1,8) all mes- sages. -4 -6 Specifies the default address family for the sockets. racoon(5,8) assumes the presence of kernel random(3,4,6) number device rnd(4) at /dev/urandom. Informational messages are labeled info(1,5,n), and debugging messages are labeled debug. You have to configure syslog.conf(5) if(3,n) you want to see them in(1,8) a logging file. RETURN VALUES The command exits with 0 on success, and non-zero on errors. FILES /usr/local/v6/etc/racoon.conf default configuration file. SEE ALSO ipsec(5,8)(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8) HISTORY The racoon(5,8) command first appeared in(1,8) ``YIPS'' Yokogawa IPsec implementa- tion. SECURITY CONSIDERATIONS The use of IKE phase 1 aggressive mode is not recommended, as describved in(1,8) http://www.kb.cert.org/vuls/id/886601. KAME November 20, 2000 KAME