Annotation of embedaddon/ipsec-tools/src/racoon/doc/FAQ, revision 1.1.1.1
1.1 misho 1: This document is derived from the KAME racoon FAQ. Some answers do not
2: apply to ipsec-tools (they are obsolete or not up to date). They are
3: tagged [KAME]
4:
5: Q: With what other IKE/IPsec implementation racoon is known to be interoperable?
6:
7: A: [KAME]
8: See "IMPLEMENTATION" document supplied with KAME kit, or:
9: http://www.kame.net/dev/cvsweb.cgi/kame/IMPLEMENTATION
10: As we have tested/got test reports in the past, and our end and
11: the other end may have changed their implemenations, we are not sure
12: if we can interoperate with them today (we hope them to interoperate,
13: but we are not sure).
14: Also note that, IKE interoperability highly depends on configuration
15: on both ends. You must configure both ends exactly the same.
16:
17: Q: How can I make racoon interoperate with <IKE/IPsec implementation>?
18:
19: A:
20: Configure both ends exactly the same. With just a tiny little
21: difference, you will be in trouble.
22:
23: Q: How to build racoon on my platform?
24:
25: A:
26: As usual: configure && make && make install
27: ipsec-tools is also available as a package in the NetBSD pkgsrc
28:
29: Q: Describe me the options to "configure".
30:
31: A:
32: --enable-adminport:
33: Lets racoon to listen to racoon admin port, which is to
34: be contacted by racoonctl(8).
35: --enable-natt:
36: Enable NAT-Traversal. This needs kernel support, which is
37: available on Linux. On NetBSD, NAT-Traversal kernel support
38: has not been integrated yet, you can get it from here:
39: http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff
40: If you live in a country where software patents are legal,
41: using NAT-Traversal might infringe a patent.
42: --enable-broken-natt:
43: When ipsec-tools is built with --enable-natt, racoon
44: sets IKE ports in SAD and SPD so that the kernel is
45: able to ditinguish peers hidden behind the same NAT.
46: Some kernel will not cope with that ports. Use that
47: option to force the ports to 0 in SAD ans SPD. Of
48: course this means that you cannot have multiple peers
49: behind the same NAT.
50: --enable-frag:
51: Enable IKE fragmentation, which is a workaround for
52: broken routers that drop fragmented packets
53: --enable-hybrid:
54: Enable hybrid authentication, and ISAKMP mode config and
55: Xauth as well. Note that plain Xauth (without hybrid auth)
56: is not implemented.
57: --with-libradius:
58: Enable the use of RADIUS with hybrid authentication on the
59: server side. RADIUS is used for authentication, configuration
60: and accounting.
61: --with-libpam:
62: Enable the use of PAM with hybrid authentication on the
63: server side. PAM can be used for authentication and accounting.
64: --enable-gssapi:
65: Enable GSS-API, for Kerberos V support.
66: --enable-stats:
67: Enable statistics logging function.
68: --enable-samode-unspec:
69: Enable to use unspecified a mode of SA.
70: --enable-ipv6:
71: Enable IPv6 support.
72: --with-kernel-headers:
73: Supply the location of Linux kernel headers.
74: --with-readline:
75: Support readline input (yes by default).
76: --with-openssl:
77: Specify OpenSSL directory.
78: --sysconfdir:
79: Where racoon config file goes. Default is /etc, which means
80: that racoon will look for /etc/racoon.conf
81: --localstatedir:
82: Where is the directory where racoon stores the control socket
83: (when using --enable-adminport). Default is /var, which
84: means racoon will use /var/racoon/racoon.sock
85: --prefix:
86: Where racoon gets installed.
87:
88: Q: How can I get help?
89:
90: A:
91: Always identify your operating system platforms, the versions you are
92: using (like "ipsec-tools-0.5"), and information to repeat the
93: problem. The more revelant information you supply, the better your
94: chances of getting help are. Useful informations include, depending
95: of the problem:
96: - version identification
97: - trace from racoon, taken by "racoon -d 0xffffffff"
98: (maximum debug level)
99: - configuration file you are using
100: - probabaly, tcpdump trace
101: http://orange.kame.net/dev/send-pr.html has the guideline.
102:
103: If your question is not confidential, send your questions to:
104: <ipsec-tools-devel@lists.sourceforge.net>
105:
106: If your question is confidential, send your questions to:
107: <ipsec-tools-core@lists.sourceforge.net>
108:
109: Q: Other documents to look at?
110:
111: A:
112: http://www.NetBSD.org/docs/network/ipsec/
113: http://www.kame.net/
114: http://www.kame.net/newsletter/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to FAQ CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / doc