1.\" $NetBSD: racoon.8,v 1.10 2006/09/09 16:22:10 manu Exp $ 2.\" 3.\" Id: racoon.8,v 1.4 2005/04/18 11:07:55 manubsd Exp 4.\" 5.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6.\" All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 3. Neither the name of the project nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.Dd November 20, 2000 33.Dt RACOON 8 34.Os 35.\" 36.Sh NAME 37.Nm racoon 38.Nd IKE (ISAKMP/Oakley) key management daemon 39.\" 40.Sh SYNOPSIS 41.Nm racoon 42.Bk -words 43.Op Fl 46BdFLv 44.Ek 45.Bk -words 46.Op Fl f Ar configfile 47.Ek 48.Bk -words 49.Op Fl l Ar logfile 50.Ek 51.Bk -words 52.Op Fl P Ar isakmp-natt-port 53.Ek 54.Bk -words 55.Op Fl p Ar isakmp-port 56.Ek 57.\" 58.Sh DESCRIPTION 59.Nm 60speaks the IKE 61.Pq ISAKMP/Oakley 62key management protocol, 63to establish security associations with other hosts. 64The SPD 65.Pq Security Policy Database 66in the kernel usually triggers 67.Nm . 68.Nm 69usually sends all informational messages, warnings and error messages to 70.Xr syslogd 8 71with the facility 72.Dv LOG_DAEMON 73and the priority 74.Dv LOG_INFO . 75Debugging messages are sent with the priority 76.Dv LOG_DEBUG . 77You should configure 78.Xr syslog.conf 5 79appropriately to see these messages. 80.Bl -tag -width Ds 81.It Fl 4 82.It Fl 6 83Specify the default address family for the sockets. 84.It Fl B 85Install SA(s) from the file which is specified in 86.Xr racoon.conf 5 . 87.It Fl d 88Increase the debug level. 89Multiple 90.Fl d 91arguments will increase the debug level even more. 92.It Fl F 93Run 94.Nm 95in the foreground. 96.It Fl f Ar configfile 97Use 98.Ar configfile 99as the configuration file instead of the default. 100.It Fl L 101Include 102.Ar file_name:line_number:function_name 103in all messages. 104.It Fl l Ar logfile 105Use 106.Ar logfile 107as the logging file instead of 108.Xr syslogd 8 . 109.It Fl P Ar isakmp-natt-port 110Use 111.Ar isakmp-natt-port 112for NAT-Traversal port-floating. 113The default is 4500. 114.It Fl p Ar isakmp-port 115Listen to the ISAKMP key exchange on port 116.Ar isakmp-port 117instead of the default port number, 500. 118.It Fl v 119This flag causes the packet dump be more verbose, with higher 120debugging level. 121.El 122.Pp 123.Nm 124assumes the presence of the kernel random number device 125.Xr rnd 4 126at 127.Pa /dev/urandom . 128.\" 129.Sh RETURN VALUES 130The command exits with 0 on success, and non-zero on errors. 131.\" 132.Sh FILES 133.Bl -tag -width /etc/racoon.conf -compact 134.It Pa /etc/racoon.conf 135default configuration file. 136.El 137.\" 138.Sh SEE ALSO 139.Xr ipsec 4 , 140.Xr racoon.conf 5 , 141.Xr syslog.conf 5 , 142.Xr setkey 8 , 143.Xr syslogd 8 144.\" 145.Sh HISTORY 146The 147.Nm 148command first appeared in the 149.Dq YIPS 150Yokogawa IPsec implementation. 151.\" 152.Sh SECURITY CONSIDERATIONS 153The use of IKE phase 1 aggressive mode is not recommended, 154as described in 155.Pa http://www.kb.cert.org/vuls/id/886601 . 156