Annotation of embedaddon/ipsec-tools/src/racoon/doc/FAQ, revision 1.1
1.1 ! misho 1: This document is derived from the KAME racoon FAQ. Some answers do not
! 2: apply to ipsec-tools (they are obsolete or not up to date). They are
! 3: tagged [KAME]
! 4:
! 5: Q: With what other IKE/IPsec implementation racoon is known to be interoperable?
! 6:
! 7: A: [KAME]
! 8: See "IMPLEMENTATION" document supplied with KAME kit, or:
! 9: http://www.kame.net/dev/cvsweb.cgi/kame/IMPLEMENTATION
! 10: As we have tested/got test reports in the past, and our end and
! 11: the other end may have changed their implemenations, we are not sure
! 12: if we can interoperate with them today (we hope them to interoperate,
! 13: but we are not sure).
! 14: Also note that, IKE interoperability highly depends on configuration
! 15: on both ends. You must configure both ends exactly the same.
! 16:
! 17: Q: How can I make racoon interoperate with <IKE/IPsec implementation>?
! 18:
! 19: A:
! 20: Configure both ends exactly the same. With just a tiny little
! 21: difference, you will be in trouble.
! 22:
! 23: Q: How to build racoon on my platform?
! 24:
! 25: A:
! 26: As usual: configure && make && make install
! 27: ipsec-tools is also available as a package in the NetBSD pkgsrc
! 28:
! 29: Q: Describe me the options to "configure".
! 30:
! 31: A:
! 32: --enable-adminport:
! 33: Lets racoon to listen to racoon admin port, which is to
! 34: be contacted by racoonctl(8).
! 35: --enable-natt:
! 36: Enable NAT-Traversal. This needs kernel support, which is
! 37: available on Linux. On NetBSD, NAT-Traversal kernel support
! 38: has not been integrated yet, you can get it from here:
! 39: http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff
! 40: If you live in a country where software patents are legal,
! 41: using NAT-Traversal might infringe a patent.
! 42: --enable-broken-natt:
! 43: When ipsec-tools is built with --enable-natt, racoon
! 44: sets IKE ports in SAD and SPD so that the kernel is
! 45: able to ditinguish peers hidden behind the same NAT.
! 46: Some kernel will not cope with that ports. Use that
! 47: option to force the ports to 0 in SAD ans SPD. Of
! 48: course this means that you cannot have multiple peers
! 49: behind the same NAT.
! 50: --enable-frag:
! 51: Enable IKE fragmentation, which is a workaround for
! 52: broken routers that drop fragmented packets
! 53: --enable-hybrid:
! 54: Enable hybrid authentication, and ISAKMP mode config and
! 55: Xauth as well. Note that plain Xauth (without hybrid auth)
! 56: is not implemented.
! 57: --with-libradius:
! 58: Enable the use of RADIUS with hybrid authentication on the
! 59: server side. RADIUS is used for authentication, configuration
! 60: and accounting.
! 61: --with-libpam:
! 62: Enable the use of PAM with hybrid authentication on the
! 63: server side. PAM can be used for authentication and accounting.
! 64: --enable-gssapi:
! 65: Enable GSS-API, for Kerberos V support.
! 66: --enable-stats:
! 67: Enable statistics logging function.
! 68: --enable-samode-unspec:
! 69: Enable to use unspecified a mode of SA.
! 70: --enable-ipv6:
! 71: Enable IPv6 support.
! 72: --with-kernel-headers:
! 73: Supply the location of Linux kernel headers.
! 74: --with-readline:
! 75: Support readline input (yes by default).
! 76: --with-openssl:
! 77: Specify OpenSSL directory.
! 78: --sysconfdir:
! 79: Where racoon config file goes. Default is /etc, which means
! 80: that racoon will look for /etc/racoon.conf
! 81: --localstatedir:
! 82: Where is the directory where racoon stores the control socket
! 83: (when using --enable-adminport). Default is /var, which
! 84: means racoon will use /var/racoon/racoon.sock
! 85: --prefix:
! 86: Where racoon gets installed.
! 87:
! 88: Q: How can I get help?
! 89:
! 90: A:
! 91: Always identify your operating system platforms, the versions you are
! 92: using (like "ipsec-tools-0.5"), and information to repeat the
! 93: problem. The more revelant information you supply, the better your
! 94: chances of getting help are. Useful informations include, depending
! 95: of the problem:
! 96: - version identification
! 97: - trace from racoon, taken by "racoon -d 0xffffffff"
! 98: (maximum debug level)
! 99: - configuration file you are using
! 100: - probabaly, tcpdump trace
! 101: http://orange.kame.net/dev/send-pr.html has the guideline.
! 102:
! 103: If your question is not confidential, send your questions to:
! 104: <ipsec-tools-devel@lists.sourceforge.net>
! 105:
! 106: If your question is confidential, send your questions to:
! 107: <ipsec-tools-core@lists.sourceforge.net>
! 108:
! 109: Q: Other documents to look at?
! 110:
! 111: A:
! 112: http://www.NetBSD.org/docs/network/ipsec/
! 113: http://www.kame.net/
! 114: http://www.kame.net/newsletter/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to FAQ CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / doc