Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

racoon(8) [osx man page]

RACOON(8)						    BSD System Manager's Manual 						 RACOON(8)

NAME

     racoon -- IKE (ISAKMP/Oakley) key management daemon

SYNOPSIS

     racoon [-46BdFLv] [-f configfile] [-l logfile]

DESCRIPTION

     racoon is used to setup and maintain an IPSec tunnel or transport channel, between two devices, over which network traffic is conveyed
     securely.	This security is made possible by cryptographic keys and operations on both devices.  racoon relies on a standardized network pro-
     tocol (IKE) to automatically negotiate and manage the cryptographic keys (e.g. security associations) that are necessary for the IPSec tunnel
     or transport channel to function.	racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with
     other hosts.  The SPD (Security Policy Database) in the kernel usually triggers racoon.  racoon usually sends all informational messages,
     warnings and error messages to syslogd(8) with the facility LOG_DAEMON and the priority LOG_INFO.	Debugging messages are sent with the pri-
     ority LOG_DEBUG.  You should configure syslog.conf(5) appropriately to see these messages.

     -4

     -6      Specify the default address family for the sockets.

     -B      Install SA(s) from the file which is specified in racoon.conf(5).

     -d      Increase the debug level.	Multiple -d arguments will increase the debug level even more.

     -F      Run racoon in the foreground.

     -f configfile
	     Use configfile as the configuration file instead of the default.

     -L      Include file_name:line_number:function_name in all messages.

     -l logfile
	     Use logfile as the logging file instead of syslogd(8).

     -v      This flag causes the packet dump be more verbose, with higher debugging level.

     racoon assumes the presence of the kernel random number device rnd(4) at /dev/urandom.

RETURN VALUES

     The command exits with 0 on success, and non-zero on errors.

FILES

     /private/etc/racoon/racoon.conf	   default configuration file.
     /private/etc/racoon/psk.txt	   default pre-shared key file.

SEE ALSO

     ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)

HISTORY

     The racoon command first appeared in the ``YIPS'' Yokogawa IPsec implementation.

SECURITY CONSIDERATIONS

     The use of IKE phase 1 aggressive mode is not recommended, as described in http://www.kb.cert.org/vuls/id/886601.

BSD
								 November 20, 2000							       BSD

Check Out this Related Man Page

RACOONCTL(8)						    BSD System Manager's Manual 					      RACOONCTL(8)

NAME

     racoonctl -- racoon administrative control tool

SYNOPSIS

     racoonctl reload-config
     racoonctl show-schedule
     racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec]
     racoonctl flush-sa [isakmp|esp|ah|ipsec]
     racoonctl delete-sa saopts
     racoonctl establish-sa [-u identity] saopts
     racoonctl vpn-connect [-u -identity] vpn_gateway
     racoonctl vpn-disconnect vpn_gateway
     racoonctl show-event [-l]
     racoonctl logout-user login

DESCRIPTION

     racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket.  By changing the default mode and ownership of the socket, you can allow non-root users to alter
     racoon(8) behavior, so do that with caution.

     The following commands are available:

     reload-config
	     This should cause racoon(8) to reload its configuration file.

     show-schedule
	     Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
	     Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.	Use -l to
	     increase verbosity.

     flush-sa [isakmp|esp|ah|ipsec]
	     is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec
	     SAs.

     establish-sa [-u username] saopts
	     Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.  The optional -u username can be used when establishing an ISAKMP
	     SA while hybrid auth is in use.  racoonctl will prompt you for the password associated with username and these credentials will be
	     used in the Xauth exchange.

	     saopts has the following format:

	     isakmp {inet|inet6} src dst

	     {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
	       {icmp|tcp|udp|any}

     vpn-connect [-u username] vpn_gateway
	     This is a particular case of the previous command.  It will establish an ISAKMP SA with vpn_gateway.

     delete-sa saopts
	     Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
	     This is a particular case of the previous command.  It will kill all SAs associated with vpn_gateway.

     show-event [-l]
	     Dump all events reported by racoon(8), then quit.	The -l flag causes racoonctl to not stop once all the events have been read, but
	     rather to loop awaiting and reporting new events.

     logout-user login
	     Delete all SA established on behalf of the Xauth user login.

     Command shortcuts are available:
	   rc	reload-config
	   ss	show-sa
	   sc	show-schedule
	   fs	flush-sa
	   ds	delete-sa
	   es	establish-sa
	   vc	vpn-connect
	   vd	vpn-disconnect
	   se	show-event
	   lu	logout-user

RETURN VALUES

     The command should exit with 0 on success, and non-zero on errors.

FILES

     /var/racoon/racoon.sock or
     /var/run/racoon.sock	     racoon(8) control socket.

SEE ALSO

     ipsec(4), racoon(8)

HISTORY

     Once was kmpstat in the KAME project.  It turned into racoonctl but remained undocumented for a while.  Emmanuel Dreyfus <manu@NetBSD.org>
     wrote this man page.

BSD
								 November 16, 2004							       BSD
Man Page