speaks the IKE key management protocol, to establish security associations with other hosts. The SPD in the kernel usually triggers . usually sends all informational messages, warnings and error messages to syslogd() with the facility LOG_DAEMON and the priority LOG_INFO . Debugging messages are sent with the priority LOG_DEBUG . You should configure syslog.conf() appropriately to see these messages.

-4

-6

Specify the default address family for the sockets.

-B

Install SA(s) from the file which is specified in racoon.conf(5) .

-d

Increase the debug level. Multiple -d arguments will increase the debug level even more.

-F

Run in the foreground.

-f configfile

Use configfile as the configuration file instead of the default.

-L

Include file_name:line_number:function_name in all messages.

-l logfile

Use logfile as the logging file instead of syslogd(8) .

-P isakmp-natt-port

Use isakmp-natt-port for NAT-Traversal port-floating. The default is 4500.

-p isakmp-port

Listen to the ISAKMP key exchange on port isakmp-port instead of the default port number, 500.

-v

This flag causes the packet dump be more verbose, with higher debugging level.

assumes the presence of the kernel random number device rnd() at /dev/urandom .

The command exits with 0 on success, and non-zero on errors.

/etc/racoon/racoon.conf

default configuration file.

The command first appeared in the Yokogawa IPsec implementation.

The use of IKE phase 1 aggressive mode is not recommended, as described in http://www.kb.cert.org/vuls/id/886601 .