[BACK]Return to racoon.8 CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / racoon.8
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 22:39:10 2012 UTC (12 years, 4 months ago) by misho
Branches: ipsec-tools, MAIN
CVS tags: v0_8_2p2, v0_8_1p0, v0_8_1, v0_8_0p0, v0_8_0, HEAD
ipsec-tools

    1: .\"	$NetBSD: racoon.8,v 1.12 2009/01/24 10:42:31 wiz Exp $
    2: .\"
    3: .\" Id: racoon.8,v 1.4 2005/04/18 11:07:55 manubsd Exp
    4: .\"
    5: .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6: .\" All rights reserved.
    7: .\"
    8: .\" Redistribution and use in source and binary forms, with or without
    9: .\" modification, are permitted provided that the following conditions
   10: .\" are met:
   11: .\" 1. Redistributions of source code must retain the above copyright
   12: .\"    notice, this list of conditions and the following disclaimer.
   13: .\" 2. Redistributions in binary form must reproduce the above copyright
   14: .\"    notice, this list of conditions and the following disclaimer in the
   15: .\"    documentation and/or other materials provided with the distribution.
   16: .\" 3. Neither the name of the project nor the names of its contributors
   17: .\"    may be used to endorse or promote products derived from this software
   18: .\"    without specific prior written permission.
   19: .\"
   20: .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23: .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30: .\" SUCH DAMAGE.
   31: .\"
   32: .Dd January 23, 2009
   33: .Dt RACOON 8
   34: .Os
   35: .\"
   36: .Sh NAME
   37: .Nm racoon
   38: .Nd IKE (ISAKMP/Oakley) key management daemon
   39: .\"
   40: .Sh SYNOPSIS
   41: .Nm racoon
   42: .Bk -words
   43: .Op Fl 46BdFLVv
   44: .Ek
   45: .Bk -words
   46: .Op Fl f Ar configfile
   47: .Ek
   48: .Bk -words
   49: .Op Fl l Ar logfile
   50: .Ek
   51: .Bk -words
   52: .Op Fl P Ar isakmp-natt-port
   53: .Ek
   54: .Bk -words
   55: .Op Fl p Ar isakmp-port
   56: .Ek
   57: .\"
   58: .Sh DESCRIPTION
   59: .Nm
   60: speaks the IKE
   61: .Pq ISAKMP/Oakley
   62: key management protocol,
   63: to establish security associations with other hosts.
   64: The SPD
   65: .Pq Security Policy Database
   66: in the kernel usually triggers
   67: .Nm .
   68: .Nm
   69: usually sends all informational messages, warnings and error messages to
   70: .Xr syslogd 8
   71: with the facility
   72: .Dv LOG_DAEMON
   73: and the priority
   74: .Dv LOG_INFO .
   75: Debugging messages are sent with the priority
   76: .Dv LOG_DEBUG .
   77: You should configure
   78: .Xr syslog.conf 5
   79: appropriately to see these messages.
   80: .Bl -tag -width Ds
   81: .It Fl 4
   82: .It Fl 6
   83: Specify the default address family for the sockets.
   84: .It Fl B
   85: Install SA(s) from the file which is specified in
   86: .Xr racoon.conf 5 .
   87: .It Fl d
   88: Increase the debug level.
   89: Multiple
   90: .Fl d
   91: arguments will increase the debug level even more.
   92: .It Fl F
   93: Run
   94: .Nm
   95: in the foreground.
   96: .It Fl f Ar configfile
   97: Use
   98: .Ar configfile
   99: as the configuration file instead of the default.
  100: .It Fl L
  101: Include
  102: .Ar file_name:line_number:function_name
  103: in all messages.
  104: .It Fl l Ar logfile
  105: Use
  106: .Ar logfile
  107: as the logging file instead of
  108: .Xr syslogd 8 .
  109: .It Fl P Ar isakmp-natt-port
  110: Use
  111: .Ar isakmp-natt-port
  112: for NAT-Traversal port-floating.
  113: The default is 4500.
  114: .It Fl p Ar isakmp-port
  115: Listen to the ISAKMP key exchange on port
  116: .Ar isakmp-port
  117: instead of the default port number, 500.
  118: .It Fl V
  119: Print racoon version and compilation options and exit.
  120: .It Fl v
  121: This flag causes the packet dump be more verbose, with higher
  122: debugging level.
  123: .El
  124: .Pp
  125: .Nm
  126: assumes the presence of the kernel random number device
  127: .Xr rnd 4
  128: at
  129: .Pa /dev/urandom .
  130: .\"
  131: .Sh RETURN VALUES
  132: The command exits with 0 on success, and non-zero on errors.
  133: .\"
  134: .Sh FILES
  135: .Bl -tag -width /etc/racoon.conf -compact
  136: .It Pa /etc/racoon.conf
  137: default configuration file.
  138: .El
  139: .\"
  140: .Sh SEE ALSO
  141: .Xr ipsec 4 ,
  142: .Xr racoon.conf 5 ,
  143: .Xr syslog.conf 5 ,
  144: .Xr setkey 8 ,
  145: .Xr syslogd 8
  146: .\"
  147: .Sh HISTORY
  148: The
  149: .Nm
  150: command first appeared in the
  151: .Dq YIPS
  152: Yokogawa IPsec implementation.
  153: .\"
  154: .Sh SECURITY CONSIDERATIONS
  155: The use of IKE phase 1 aggressive mode is not recommended,
  156: as described in
  157: .Pa http://www.kb.cert.org/vuls/id/886601 .
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>