racoon(8)

Updated: 2022/Sep/29
Please read Privacy Policy. It's for your privacy.
RACOON(8)                   System Manager's Manual                  RACOON(8)

NAME
     racoon - IKE (ISAKMP/Oakley) key management daemon

SYNOPSIS
     racoon [-46BdFLVv] [-f configfile] [-l logfile] [-P isakmp-natt-port]
            [-p isakmp-port]

DESCRIPTION
     racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to
     establish security associations with other hosts.  The SPD (Security
     Policy Database) in the kernel usually triggers racoon.  racoon usually
     sends all informational messages, warnings and error messages to
     syslogd(8) with the facility LOG_DAEMON and the priority LOG_INFO.
     Debugging messages are sent with the priority LOG_DEBUG.  You should
     configure syslog.conf(5) appropriately to see these messages.

     -4

     -6      Specify the default address family for the sockets.

     -B      Install SA(s) from the file which is specified in racoon.conf(5).

     -d      Increase the debug level.  Multiple -d arguments will increase
             the debug level even more.

     -F      Run racoon in the foreground.

     -f configfile
             Use configfile as the configuration file instead of the default.

     -L      Include file_name:line_number:function_name in all messages.

     -l logfile
             Use logfile as the logging file instead of syslogd(8).

     -P isakmp-natt-port
             Use isakmp-natt-port for NAT-Traversal port-floating.  The
             default is 4500.

     -p isakmp-port
             Listen to the ISAKMP key exchange on port isakmp-port instead of
             the default port number, 500.

     -V      Print racoon version and compilation options and exit.

     -v      This flag causes the packet dump be more verbose, with higher
             debugging level.

     racoon assumes the presence of the kernel random number device rnd(4) at
     /dev/urandom.

RETURN VALUES
     The command exits with 0 on success, and non-zero on errors.

FILES
     /etc/racoon/racoon.conf
                       default configuration file.

SEE ALSO
     ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)

HISTORY
     The racoon command first appeared in the "YIPS" Yokogawa IPsec
     implementation.

SECURITY CONSIDERATIONS
     The use of IKE phase 1 aggressive mode is not recommended, as described
     in http://www.kb.cert.org/vuls/id/886601.

NetBSD 10.99                   January 23, 2009                   NetBSD 10.99