| Updated: April 19, 2023 |
racoon IKE (ISAKMP/Oakley) key management daemon
racoon [-46BdFLVv] [-f configfile] [-l logfile] [-P isakmp-natt-port] [-p isakmp-port]
QNX Neutrino
The racoon daemon speaks the IKE (ISAKMP/Oakley) key management protocol to
establish security associations with other hosts. The SPD (Security Policy
Database) in the kernel usually triggers racoon. The racoon utility usually sends
all informational messages, warnings and error messages to syslogd
with the facility LOG_DAEMON and the priority LOG_INFO. Debugging
messages are sent with the priority LOG_DEBUG. You should configure
syslog.conf appropriately to see these messages.
OPTIONS
-4
-6
Specify the default address family for the sockets.
-B
Install SA(s) from the file which is specified in racoon.conf.
-d
Increase the debug level. Multiple -d arguments will increase
the debug level even more.
-F
Run racoon in the foreground.
-f configfile
Use configfile as the configuration file instead of the default.
-L
Include file_name:line_number:function_name in all messages.
-l logfile
Use logfile as the logging file instead of syslogd.
-P isakmp-natt-port
Use isakmp-natt-port for NAT-Traversal port-floating. The
default is 4500.
-p isakmp-port
Listen to the ISAKMP key exchange on port isakmp-port instead of
the default port number, 500.
-V
Print the racoon version and compilation options and exit.
-v
Enable the packet dump to be more verbose with a higher
debugging level.
The racoon utility assumes the presence of the kernel random number device rnd at
/dev/urandom.
RETURN VALUES
The command exits with 0 on success, and non-zero on errors.
FILES
/etc/racoon.conf default configuration file.
SEE ALSO
ipsec, racoon.conf, syslog.conf, setkey, syslogd
HISTORY
The racoon command first appeared in the ''YIPS'' Yokogawa IPsec imple-
mentation.
SECURITY CONSIDERATIONS
The use of IKE phase 1 aggressive mode is not recommended, as described
in http://www.kb.cert.org/vuls/id/886601.