Unix for Beginners
Unix Shell Programming
Advanced Unix
Unix Useful References
Unix Useful Resources
Selected Reading
© 2011 TutorialsPoint.COM
|
racoon - Unix, Linux Command
NAME
racoon
- IKE (ISAKMP/Oakley) key management daemon
SYNOPSIS
racoon
.Bk -words
[-46BdFLv]
.Ek
.Bk -words
[-f configfile]
.Ek
.Bk -words
[-l logfile]
.Ek
.Bk -words
[-P isakmp-natt-port]
.Ek
.Bk -words
[-p isakmp-port]
.Ek
DESCRIPTION
racoon
speaks the IKE
(ISAKMP/Oakley)
key management protocol,
to establish security associations with other hosts.
The SPD
(Security Policy Database)
in the kernel usually triggers
racoon.
racoon
usually sends all informational messages, warnings and error messages to
syslogd(8)
with the facility
LOG_DAEMON
and the priority
LOG_INFO.
Debugging messages are sent with the priority
LOG_DEBUG.
You should configure
syslog.conf(5)
appropriately to see these messages.
Tag | Description |
-4
-6
| |
Specify the default address family for the sockets.
|
-B
|
Install SA(s) from the file which is specified in
racoon.conf(5).
|
-d
|
Increase the debug level.
Multiple
-d
arguments will increase the debug level even more.
|
-F
|
Run
racoon
in the foreground.
|
-f configfile
| |
Use
configfile
as the configuration file instead of the default.
|
-L
|
Include
file_name:line_number:function_name
in all messages.
|
-l logfile
| |
Use
logfile
as the logging file instead of
syslogd(8).
|
-P isakmp-natt-port
| |
Use
isakmp-natt-port
for NAT-Traversal port-floating.
The default is 4500.
|
-p isakmp-port
| |
Listen to the ISAKMP key exchange on port
isakmp-port
instead of the default port number, 500.
|
-v
|
This flag causes the packet dump be more verbose, with higher
debugging level.
|
racoon
assumes the presence of the kernel random number device
rnd(4)
at
/dev/urandom.
RETURN VALUES
The command exits with 0 on success, and non-zero on errors.
FILES
Tag | Description |
/etc/racoon.conf
| |
default configuration file.
|
SEE ALSO
racoon.conf(5),
syslog.conf(5),
setkey(8),
syslogd(8)
HISTORY
The
racoon
command first appeared in the
"YIPS"
Yokogawa IPsec implementation.
SECURITY CONSIDERATIONS
The use of IKE phase 1 aggressive mode is not recommended,
as described in
http://www.kb.cert.org/vuls/id/886601.
|
|
|