1 | .\" $NetBSD: racoon.8,v 1.12 2009/01/24 10:42:31 wiz Exp $ |
---|
2 | .\" |
---|
3 | .\" Id: racoon.8,v 1.4 2005/04/18 11:07:55 manubsd Exp |
---|
4 | .\" |
---|
5 | .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
---|
6 | .\" All rights reserved. |
---|
7 | .\" |
---|
8 | .\" Redistribution and use in source and binary forms, with or without |
---|
9 | .\" modification, are permitted provided that the following conditions |
---|
10 | .\" are met: |
---|
11 | .\" 1. Redistributions of source code must retain the above copyright |
---|
12 | .\" notice, this list of conditions and the following disclaimer. |
---|
13 | .\" 2. Redistributions in binary form must reproduce the above copyright |
---|
14 | .\" notice, this list of conditions and the following disclaimer in the |
---|
15 | .\" documentation and/or other materials provided with the distribution. |
---|
16 | .\" 3. Neither the name of the project nor the names of its contributors |
---|
17 | .\" may be used to endorse or promote products derived from this software |
---|
18 | .\" without specific prior written permission. |
---|
19 | .\" |
---|
20 | .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
30 | .\" SUCH DAMAGE. |
---|
31 | .\" |
---|
32 | .Dd January 23, 2009 |
---|
33 | .Dt RACOON 8 |
---|
34 | .Os |
---|
35 | .\" |
---|
36 | .Sh NAME |
---|
37 | .Nm racoon |
---|
38 | .Nd IKE (ISAKMP/Oakley) key management daemon |
---|
39 | .\" |
---|
40 | .Sh SYNOPSIS |
---|
41 | .Nm racoon |
---|
42 | .Bk -words |
---|
43 | .Op Fl 46BdFLVv |
---|
44 | .Ek |
---|
45 | .Bk -words |
---|
46 | .Op Fl f Ar configfile |
---|
47 | .Ek |
---|
48 | .Bk -words |
---|
49 | .Op Fl l Ar logfile |
---|
50 | .Ek |
---|
51 | .Bk -words |
---|
52 | .Op Fl P Ar isakmp-natt-port |
---|
53 | .Ek |
---|
54 | .Bk -words |
---|
55 | .Op Fl p Ar isakmp-port |
---|
56 | .Ek |
---|
57 | .\" |
---|
58 | .Sh DESCRIPTION |
---|
59 | .Nm |
---|
60 | speaks the IKE |
---|
61 | .Pq ISAKMP/Oakley |
---|
62 | key management protocol, |
---|
63 | to establish security associations with other hosts. |
---|
64 | The SPD |
---|
65 | .Pq Security Policy Database |
---|
66 | in the kernel usually triggers |
---|
67 | .Nm . |
---|
68 | .Nm |
---|
69 | usually sends all informational messages, warnings and error messages to |
---|
70 | .Xr syslogd 8 |
---|
71 | with the facility |
---|
72 | .Dv LOG_DAEMON |
---|
73 | and the priority |
---|
74 | .Dv LOG_INFO . |
---|
75 | Debugging messages are sent with the priority |
---|
76 | .Dv LOG_DEBUG . |
---|
77 | You should configure |
---|
78 | .Xr syslog.conf 5 |
---|
79 | appropriately to see these messages. |
---|
80 | .Bl -tag -width Ds |
---|
81 | .It Fl 4 |
---|
82 | .It Fl 6 |
---|
83 | Specify the default address family for the sockets. |
---|
84 | .It Fl B |
---|
85 | Install SA(s) from the file which is specified in |
---|
86 | .Xr racoon.conf 5 . |
---|
87 | .It Fl d |
---|
88 | Increase the debug level. |
---|
89 | Multiple |
---|
90 | .Fl d |
---|
91 | arguments will increase the debug level even more. |
---|
92 | .It Fl F |
---|
93 | Run |
---|
94 | .Nm |
---|
95 | in the foreground. |
---|
96 | .It Fl f Ar configfile |
---|
97 | Use |
---|
98 | .Ar configfile |
---|
99 | as the configuration file instead of the default. |
---|
100 | .It Fl L |
---|
101 | Include |
---|
102 | .Ar file_name:line_number:function_name |
---|
103 | in all messages. |
---|
104 | .It Fl l Ar logfile |
---|
105 | Use |
---|
106 | .Ar logfile |
---|
107 | as the logging file instead of |
---|
108 | .Xr syslogd 8 . |
---|
109 | .It Fl P Ar isakmp-natt-port |
---|
110 | Use |
---|
111 | .Ar isakmp-natt-port |
---|
112 | for NAT-Traversal port-floating. |
---|
113 | The default is 4500. |
---|
114 | .It Fl p Ar isakmp-port |
---|
115 | Listen to the ISAKMP key exchange on port |
---|
116 | .Ar isakmp-port |
---|
117 | instead of the default port number, 500. |
---|
118 | .It Fl V |
---|
119 | Print racoon version and compilation options and exit. |
---|
120 | .It Fl v |
---|
121 | This flag causes the packet dump be more verbose, with higher |
---|
122 | debugging level. |
---|
123 | .El |
---|
124 | .Pp |
---|
125 | .Nm |
---|
126 | assumes the presence of the kernel random number device |
---|
127 | .Xr rnd 4 |
---|
128 | at |
---|
129 | .Pa /dev/urandom . |
---|
130 | .\" |
---|
131 | .Sh RETURN VALUES |
---|
132 | The command exits with 0 on success, and non-zero on errors. |
---|
133 | .\" |
---|
134 | .Sh FILES |
---|
135 | .Bl -tag -width /etc/racoon.conf -compact |
---|
136 | .It Pa /etc/racoon.conf |
---|
137 | default configuration file. |
---|
138 | .El |
---|
139 | .\" |
---|
140 | .Sh SEE ALSO |
---|
141 | .Xr ipsec 4 , |
---|
142 | .Xr racoon.conf 5 , |
---|
143 | .Xr syslog.conf 5 , |
---|
144 | .Xr setkey 8 , |
---|
145 | .Xr syslogd 8 |
---|
146 | .\" |
---|
147 | .Sh HISTORY |
---|
148 | The |
---|
149 | .Nm |
---|
150 | command first appeared in the |
---|
151 | .Dq YIPS |
---|
152 | Yokogawa IPsec implementation. |
---|
153 | .\" |
---|
154 | .Sh SECURITY CONSIDERATIONS |
---|
155 | The use of IKE phase 1 aggressive mode is not recommended, |
---|
156 | as described in |
---|
157 | .Pa http://www.kb.cert.org/vuls/id/886601 . |
---|