1RACOON(8)                 BSD System Manager's Manual                RACOON(8)
2

NAME

4     racoon — IKE (ISAKMP/Oakley) key management daemon
5

SYNOPSIS

7     racoon [-46BdFLv] [-f configfile] [-l logfile] [-P isakmp-natt-port]
8            [-p isakmp-port]
9

DESCRIPTION

11     racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to estab‐
12     lish security associations with other hosts.  The SPD (Security Policy
13     Database) in the kernel usually triggers racoon.  racoon usually sends
14     all informational messages, warnings and error messages to syslogd(8)
15     with the facility LOG_DAEMON and the priority LOG_INFO.  Debugging mes‐
16     sages are sent with the priority LOG_DEBUG.  You should configure
17     syslog.conf(5) appropriately to see these messages.
18
19     -4
20
21     -6      Specify the default address family for the sockets.
22
23     -B      Install SA(s) from the file which is specified in racoon.conf(5).
24
25     -d      Increase the debug level.  Multiple -d arguments will increase
26             the debug level even more.
27
28     -F      Run racoon in the foreground.
29
30     -f configfile
31             Use configfile as the configuration file instead of the default.
32
33     -L      Include file_name:line_number:function_name in all messages.
34
35     -l logfile
36             Use logfile as the logging file instead of syslogd(8).
37
38     -P isakmp-natt-port
39             Use isakmp-natt-port for NAT-Traversal port-floating.  The
40             default is 4500.
41
42     -p isakmp-port
43             Listen to the ISAKMP key exchange on port isakmp-port instead of
44             the default port number, 500.
45
46     -v      This flag causes the packet dump be more verbose, with higher
47             debugging level.
48
49     racoon assumes the presence of the kernel random number device rnd(4) at
50     /dev/urandom.
51

RETURN VALUES

53     The command exits with 0 on success, and non-zero on errors.
54

FILES

56     /etc/racoon.conf  default configuration file.
57

SEE ALSO

59     ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)
60

HISTORY

62     The racoon command first appeared in the “YIPS” Yokogawa IPsec implemen‐
63     tation.
64

SECURITY CONSIDERATIONS

66     The use of IKE phase 1 aggressive mode is not recommended, as described
67     in http://www.kb.cert.org/vuls/id/886601.
68
69BSD                            November 20, 2000                           BSD
Impressum