]>
Commit | Line | Data |
---|---|---|
1 | .\" $NetBSD: racoon.conf.5,v 1.34.4.2 2007/07/18 22:53:03 mgrooms Exp $ | |
2 | .\" | |
3 | .\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp | |
4 | .\" | |
5 | .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | |
6 | .\" All rights reserved. | |
7 | .\" | |
8 | .\" Redistribution and use in source and binary forms, with or without | |
9 | .\" modification, are permitted provided that the following conditions | |
10 | .\" are met: | |
11 | .\" 1. Redistributions of source code must retain the above copyright | |
12 | .\" notice, this list of conditions and the following disclaimer. | |
13 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
14 | .\" notice, this list of conditions and the following disclaimer in the | |
15 | .\" documentation and/or other materials provided with the distribution. | |
16 | .\" 3. Neither the name of the project nor the names of its contributors | |
17 | .\" may be used to endorse or promote products derived from this software | |
18 | .\" without specific prior written permission. | |
19 | .\" | |
20 | .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | |
21 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
22 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
23 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | |
24 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
25 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
26 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
27 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
28 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
29 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
30 | .\" SUCH DAMAGE. | |
31 | .\" | |
32 | .Dd September 19, 2006 | |
33 | .Dt RACOON.CONF 5 | |
34 | .Os | |
35 | .\" | |
36 | .Sh NAME | |
37 | .Nm racoon.conf | |
38 | .Nd configuration file for racoon | |
39 | .\" | |
40 | .\" .Sh SYNOPSIS | |
41 | .\" | |
42 | .Sh DESCRIPTION | |
43 | .Nm | |
44 | is the configuration file for the | |
45 | .Xr racoon 8 | |
46 | ISAKMP daemon. | |
47 | .Xr racoon 8 | |
48 | negotiates security associations for itself (ISAKMP SA, or phase 1 SA) | |
49 | and for kernel IPsec (IPsec SA, or phase 2 SA). | |
50 | The file consists of a sequence of directives and statements. | |
51 | Each directive is composed by a tag and statements, enclosed by | |
52 | .Ql { | |
53 | and | |
54 | .Ql } . | |
55 | Lines beginning with | |
56 | .Ql # | |
57 | are comments. | |
58 | .\" | |
59 | .Ss Meta Syntax | |
60 | Keywords and special characters that the parser expects exactly are | |
61 | displayed using | |
62 | .Ic this | |
63 | font. | |
64 | Parameters are specified with | |
65 | .Ar this | |
66 | font. | |
67 | Square brackets | |
68 | .Po | |
69 | .Ql \&[ | |
70 | and | |
71 | .Ql \&] | |
72 | .Pc | |
73 | are used to show optional keywords and parameters. | |
74 | Note that | |
75 | you have to pay attention when this manual is describing | |
76 | .Ar port | |
77 | numbers. | |
78 | The | |
79 | .Ar port | |
80 | number is always enclosed by | |
81 | .Ql \&[ | |
82 | and | |
83 | .Ql \&] . | |
84 | In this case, the port number is not an optional keyword. | |
85 | If it is possible to omit the | |
86 | .Ar port | |
87 | number, | |
88 | the expression becomes | |
89 | .Bq Bq Ar port . | |
90 | The vertical bar | |
91 | .Pq Ql \&| | |
92 | is used to indicate | |
93 | a choice between optional parameters. | |
94 | Parentheses | |
95 | .Po | |
96 | .Ql \&( | |
97 | and | |
98 | .Ql \&) | |
99 | .Pc | |
100 | are used to group keywords and parameters when necessary. | |
101 | Major parameters are listed below. | |
102 | .Pp | |
103 | .Bl -tag -width addressx -compact | |
104 | .It Ar number | |
105 | means a hexadecimal or a decimal number. | |
106 | The former must be prefixed with | |
107 | .Ql Li 0x . | |
108 | .It Ar string | |
109 | .It Ar path | |
110 | .It Ar file | |
111 | means any string enclosed in | |
112 | .Ql \&" | |
113 | .Pq double quotes . | |
114 | .It Ar address | |
115 | means IPv6 and/or IPv4 address. | |
116 | .It Ar port | |
117 | means a TCP/UDP port number. | |
118 | The port number is always enclosed by | |
119 | .Ql \&[ | |
120 | and | |
121 | .Ql \&] . | |
122 | .It Ar timeunit | |
123 | is one of following: | |
124 | .Ic sec , secs , second , seconds , | |
125 | .Ic min , mins , minute , minutes , | |
126 | .Ic hour , hours . | |
127 | .El | |
128 | .\" | |
129 | .Ss Path Specification | |
130 | This section specifies various paths used by racoon. | |
131 | When running in privilege separation mode, | |
132 | .Ic certificate | |
133 | and | |
134 | .Ic script | |
135 | paths are mandatory. A | |
136 | .Xr racoon 8 | |
137 | restart is required if you want path changes to be taken into account. | |
138 | .Bl -tag -width Ds -compact | |
139 | .It Ic path include Ar path ; | |
140 | Specifies a path to include a file. | |
141 | See | |
142 | .Sx File Inclusion . | |
143 | .It Ic path pre_shared_key Ar file ; | |
144 | Specifies a file containing pre-shared key(s) for various ID(s). | |
145 | See | |
146 | .Sx Pre-shared key File . | |
147 | .It Ic path pidfile Ar file ; | |
148 | Specifies file where to store PID of process. | |
149 | If path starts with | |
150 | .Pa / | |
151 | it is treated as an absolute path. Otherwise, it is treated as a relative | |
152 | path to the VARRUN directory specified at compilation time. | |
153 | Default is | |
154 | .Pa racoon.pid . | |
155 | .It Ic path logfile Ar file ; | |
156 | Specifies a file to which logs generated by | |
157 | .Xr racoon 8 | |
158 | are stored. | |
159 | When the file's size exceeds 200KB, | |
160 | .Xr racoon 8 | |
161 | will trim the logfile by dropping the oldest events. | |
162 | If path starts with | |
163 | .Pa / | |
164 | it is treated as an absolute path. Otherwise, it is treated as a relative | |
165 | path to the VARRUN directory specified at compilation time. | |
166 | .El | |
167 | .\" | |
168 | .Ss File Inclusion | |
169 | .Bl -tag -width Ds -compact | |
170 | .It Ic include Ar file | |
171 | Specifies other configuration files to be included. | |
172 | .El | |
173 | .\" | |
174 | .Ss Identifier Specification | |
175 | is obsolete. | |
176 | It must be defined at each | |
177 | .Ic remote | |
178 | directive. | |
179 | .\" | |
180 | .Ss Timer Specification | |
181 | .Bl -tag -width Ds -compact | |
182 | .It Ic timer { Ar statements Ic } | |
183 | This section specifies various timer values used by racoon. | |
184 | .Pp | |
185 | .Bl -tag -width Ds -compact | |
186 | .It Ic counter Ar number ; | |
187 | The maximum number of retries to send. | |
188 | The default is 5. | |
189 | .It Ic interval Ar number Ar timeunit ; | |
190 | The interval to resend, in seconds. | |
191 | The default time is 10 seconds. | |
192 | .It Ic persend Ar number ; | |
193 | The number of packets per send. | |
194 | The default is 1. | |
195 | .It Ic phase1 Ar number Ar timeunit ; | |
196 | The maximum time it should take to complete phase 1. | |
197 | The default time is 15 seconds. | |
198 | .It Ic phase2 Ar number Ar timeunit ; | |
199 | The maximum time it should take to complete phase 2. | |
200 | The default time is 10 seconds. | |
201 | .It Ic natt_keepalive Ar number Ar timeunit ; | |
202 | The interval between sending NAT-Traversal keep-alive packets. | |
203 | The default time is 20 seconds. | |
204 | Set to 0s to disable keep-alive packets. | |
205 | .El | |
206 | .El | |
207 | .\" | |
208 | .Ss Listening Port Specification | |
209 | .Bl -tag -width Ds -compact | |
210 | .It Ic listen { Ar statements Ic } | |
211 | If no | |
212 | .Ar listen | |
213 | directive is specified, | |
214 | .Xr racoon 8 | |
215 | will listen on all available interface addresses. | |
216 | The following is the list of valid statements: | |
217 | .Pp | |
218 | .Bl -tag -width Ds -compact | |
219 | .\" How do I express bold brackets; `[' and `]' . | |
220 | .\" Answer: For bold brackets, do "Ic \&[ foo \&]". | |
221 | .\" Is the "Bq Ic [ Ar port ] ;" buggy ? | |
222 | .It Ic isakmp Ar address Bq Bq Ar port ; | |
223 | If this is specified, | |
224 | .Xr racoon 8 | |
225 | will only listen on the defined | |
226 | .Ar address . | |
227 | The default port is 500, which is specified by IANA. | |
228 | You can provide more than one address definition. | |
229 | .It Ic isakmp_natt Ar address Bq Ar port ; | |
230 | Same as | |
231 | .Ic isakmp | |
232 | but also sets the socket options to accept UDP-encapsulated ESP traffic for | |
233 | NAT-Traversal. | |
234 | If you plan to use NAT-T, you should provide at least one address | |
235 | with port 4500, which is specified by IANA. | |
236 | There is no default. | |
237 | .It Ic strict_address ; | |
238 | Requires that all addresses for ISAKMP be bound. | |
239 | This statement will be ignored if you do not specify address definitions. | |
240 | .El | |
241 | .El | |
242 | ./" | |
243 | .Ss Remote Nodes Specifications | |
244 | .Bl -tag -width Ds -compact | |
245 | .It Xo | |
246 | .Ic remote ( Ar address | Ic anonymous ) | |
247 | .Bq Bq Ar port | |
248 | .Bq Ic inherit Ar parent | |
249 | .Ic { Ar statements Ic } | |
250 | .Xc | |
251 | Specifies the IKE phase 1 parameters for each remote node. | |
252 | The default port is 500. | |
253 | If | |
254 | .Ic anonymous | |
255 | is specified, the statements will apply to any peer that does not match a | |
256 | more specific | |
257 | .Ic remote | |
258 | directive. | |
259 | .Pp | |
260 | Sections with | |
261 | .Ic inherit Ar parent | |
262 | statements (where | |
263 | .Ar parent | |
264 | is either | |
265 | .Ar address | |
266 | or a keyword | |
267 | .Ic anonymous ) | |
268 | that have all values predefined to those of a given | |
269 | .Ar parent . | |
270 | In these sections it is enough to redefine only the changed parameters. | |
271 | .Pp | |
272 | The following are valid statements. | |
273 | .Pp | |
274 | .Bl -tag -width Ds -compact | |
275 | .\" | |
276 | .It Ic exchange_mode ( main | aggressive | base ) ; | |
277 | Defines the exchange mode for phase 1 when racoon is the initiator. | |
278 | It also means the acceptable exchange mode when racoon is the responder. | |
279 | More than one mode can be specified by separating them with a comma. | |
280 | All of the modes are acceptable. | |
281 | The first exchange mode is what racoon uses when it is the initiator. | |
282 | .\" | |
283 | .It Ic doi Ic ipsec_doi ; | |
284 | Means to use IPsec DOI as specified in RFC 2407. | |
285 | You can omit this statement. | |
286 | .\" | |
287 | .It Ic situation Ic identity_only ; | |
288 | Means to use SIT_IDENTITY_ONLY as specified in RFC 2407. | |
289 | You can omit this statement. | |
290 | .\" | |
291 | .It Ic identifier Ar idtype ; | |
292 | This statment is obsolete. Instead, use | |
293 | .Ic my_identifier . | |
294 | .\" | |
295 | .It Xo | |
296 | .Ic my_identifier Bq Ar qualifier | |
297 | .Ar idtype ... ; | |
298 | .Xc | |
299 | Specifies the identifier sent to the remote host | |
300 | and the type to use in the phase 1 negotiation. | |
301 | .Ic address, fqdn , user_fqdn , keyid , | |
302 | and | |
303 | .Ic asn1dn | |
304 | can be used as an | |
305 | .Ar idtype . | |
306 | The | |
307 | .Ar qualifier | |
308 | is currently only used for | |
309 | .Ic keyid , | |
310 | and can be either | |
311 | .Ic file | |
312 | or | |
313 | .Ic tag . | |
314 | The possible values are : | |
315 | .Bl -tag -width Ds -compact | |
316 | .It Ic my_identifier Ic address Bq Ar address ; | |
317 | The type is the IP address. | |
318 | This is the default type if you do not specify an identifier to use. | |
319 | .It Ic my_identifier Ic user_fqdn Ar string ; | |
320 | The type is a USER_FQDN (user fully-qualified domain name). | |
321 | .It Ic my_identifier Ic fqdn Ar string ; | |
322 | The type is a FQDN (fully-qualified domain name). | |
323 | .It Xo | |
324 | .Ic my_identifier Ic keyid Bq Ic file | |
325 | .Ar file ; | |
326 | .Xc | |
327 | The type is a KEY_ID, read from the file. | |
328 | .It Ic my_identifier Ic keyid Ic tag Ar string ; | |
329 | The type is a KEY_ID, specified in the quoted string. | |
330 | .It Ic my_identifier Ic asn1dn Bq Ar string ; | |
331 | The type is an ASN.1 distinguished name. | |
332 | If | |
333 | .Ar string | |
334 | is omitted, | |
335 | .Xr racoon 8 | |
336 | will get the DN from the Subject field in the certificate. | |
337 | .El | |
338 | .\" | |
339 | .It Ic xauth_login Bq Ar string ; | |
340 | Specifies the login to use in client-side Hybrid authentication. | |
341 | It is available only if | |
342 | .Xr racoon 8 | |
343 | has been built with this option. | |
344 | The associated password is looked up in the pre-shared key files, | |
345 | using the login | |
346 | .Ic string | |
347 | as the key id. | |
348 | .\" | |
349 | .It Ic peers_identifier Ar idtype ... ; | |
350 | Specifies the peer's identifier to be received. | |
351 | If it is not defined then | |
352 | .Xr racoon 8 | |
353 | will not verify the peer's identifier in ID payload transmitted from the peer. | |
354 | If it is defined, the behavior of the verification depends on the flag of | |
355 | .Ic verify_identifier . | |
356 | The usage of | |
357 | .Ar idtype | |
358 | is the same as | |
359 | .Ic my_identifier | |
360 | except that the individual component values of an | |
361 | .Ic asn1dn | |
362 | identifier may specified as | |
363 | .Ic * | |
364 | to match any value (e.g. "C=XX, O=MyOrg, OU=*, CN=Mine"). | |
365 | Alternative acceptable peer identifiers may be specified by repeating the | |
366 | .Ic peers_identifier | |
367 | statement. | |
368 | .\" | |
369 | .It Ic verify_identifier (on | off) ; | |
370 | If you want to verify the peer's identifier, | |
371 | set this to on. | |
372 | In this case, if the value defined by | |
373 | .Ic peers_identifier | |
374 | is not the same as the peer's identifier in the ID payload, | |
375 | the negotiation will fail. | |
376 | The default is off. | |
377 | .\" | |
378 | .It Ic certificate_type Ar certspec ; | |
379 | Specifies a certificate specification. | |
380 | .Ar certspec | |
381 | must be as follows: | |
382 | .Bl -tag -width Ds -compact | |
383 | .It Ic x509 Ar in_keychain Ar keychain_identifier ; | |
384 | .Ar in_keychain | |
385 | means the certificate is in the system keychain. | |
386 | .Ar keychain_identifier | |
387 | is the keychain ID for the certificate in base64 format. | |
388 | .El | |
389 | .It Ic certificate_verification Ar verification_spec ; | |
390 | Specifies how the certificate is verified. This is required. | |
391 | .Ar verification_spec | |
392 | must be as follows: | |
393 | .Bl -tag -width Ds -compact | |
394 | .It Ic sec_framework Ar use_peers_identifier ; | |
395 | .Ar sec_framework | |
396 | means the certificate is verified by the security framework. | |
397 | .Ar use_peers_identifier | |
398 | means the certificate must contain the peers ID. | |
399 | .El | |
400 | .It Ic mode_cfg (on | off) ; | |
401 | Gather network information through ISAKMP mode configuration. | |
402 | Default is off. | |
403 | .\" | |
404 | .It Ic weak_phase1_check (on | off) ; | |
405 | Tells racoon to act on unencrypted deletion messages during phase 1. | |
406 | This is a small security risk, so the default is off, meaning that | |
407 | racoon will keep on trying to establish a connection even if the | |
408 | user credentials are wrong, for instance. | |
409 | .\" | |
410 | .It Ic send_cert (on | off) ; | |
411 | If you do not want to send a certificate, set this to off. | |
412 | The default is on. | |
413 | .\" | |
414 | .It Ic send_cr (on | off) ; | |
415 | If you do not want to send a certificate request, set this to off. | |
416 | The default is on. | |
417 | .\" | |
418 | .It Ic verify_cert (on | off) ; | |
419 | By default, the identifier sent by the remote host (as specified in its | |
420 | .Ic my_identifier | |
421 | statement) is compared with the credentials in the certificate | |
422 | used to authenticate the remote host as follows: | |
423 | .Bl -tag -width Ds -compact | |
424 | .It Type Ic asn1dn: | |
425 | The entire certificate subject name is compared with the identifier, | |
426 | e.g. "C=XX, O=YY, ...". | |
427 | .It Type Ic address, fqdn, or user_fqdn: | |
428 | The certificate's subjectAltName is compared with the identifier. | |
429 | .El | |
430 | If the two do not match the negotiation will fail. | |
431 | If you do not want to verify the identifier using the peer's certificate, | |
432 | set this to off. | |
433 | .\" | |
434 | .It Ic lifetime time Ar number Ar timeunit ; | |
435 | Define a lifetime of a certain time | |
436 | which will be proposed in the phase 1 negotiations. | |
437 | Any proposal will be accepted, and the attribute(s) will not be proposed to | |
438 | the peer if you do not specify it (them). | |
439 | They can be individually specified in each proposal. | |
440 | .\" | |
441 | .It Ic ike_frag (on | off | force) ; | |
442 | Enable receiver-side IKE fragmentation if | |
443 | .Xr racoon 8 | |
444 | has been built with this feature. | |
445 | If set to on, racoon will advertise | |
446 | itself as being capable of receiving packets split by IKE fragmentation. | |
447 | This extension is there to work around broken firewalls that do not | |
448 | work with fragmented UDP packets. | |
449 | IKE fragmentation is always enabled on the sender-side, and it is | |
450 | used if the peer advertises itself as IKE fragmentation capable. | |
451 | By selecting force, IKE Fragmentation will | |
452 | be used when racoon is acting as the initiator even before the remote | |
453 | peer has advertised itself as IKE fragmentation capable. | |
454 | .\" | |
455 | .It Ic esp_frag Ar fraglen ; | |
456 | This option is only relevant if you use NAT traversal in tunnel mode. | |
457 | Its purpose is to work around broken DSL routers that reject UDP | |
458 | fragments, by fragmenting the IP packets before ESP encapsulation. | |
459 | The result is ESP over UDP of fragmented packets instead of fragmented | |
460 | ESP over UDP packets (i.e., IP:UDP:ESP:frag(IP) instead of | |
461 | frag(IP:UDP:ESP:IP)). | |
462 | .Ar fraglen | |
463 | is the maximum size of the fragments. | |
464 | 552 should work anywhere, | |
465 | but the higher | |
466 | .Ar fraglen | |
467 | is, the better the performance. | |
468 | .Pp | |
469 | Note that because PMTU discovery is broken on many sites, you will | |
470 | have to use MSS clamping if you want TCP to work correctly. | |
471 | .\" | |
472 | .It Ic initial_contact (on | off) ; | |
473 | Enable this to send an INITIAL-CONTACT message. | |
474 | The default value is | |
475 | .Ic on . | |
476 | This message is useful only when the responder implementation chooses an | |
477 | old SA when there are multiple SAs with different established time and the | |
478 | initiator reboots. | |
479 | If racoon did not send the message, | |
480 | the responder would use an old SA even when a new SA was established. | |
481 | For systems that use a KAME derived IPSEC stack, the | |
482 | .Xr sysctl 8 | |
483 | variable net.key.preferred_oldsa can be used to control this preference. | |
484 | When the value is zero, the stack always uses a new SA. | |
485 | .\" | |
486 | .It Ic passive (on | off) ; | |
487 | If you do not want to initiate the negotiation, set this to on. | |
488 | The default value is | |
489 | .Ic off . | |
490 | It is useful for a server. | |
491 | .\" | |
492 | .It Ic proposal_check Ar level ; | |
493 | Specifies the action of lifetime length, key length and PFS of the phase 2 | |
494 | selection on the responder side, and the action of lifetime check in | |
495 | phase 1. | |
496 | The default level is | |
497 | .Ic strict . | |
498 | If the | |
499 | .Ar level | |
500 | is: | |
501 | .Bl -tag -width Ds -compact | |
502 | .It Ic obey | |
503 | The responder will obey the initiator anytime. | |
504 | .It Ic strict | |
505 | If the responder's lifetime length is longer than the initiator's or | |
506 | the responder's key length is shorter than the initiator's, | |
507 | the responder will use the initiator's value. | |
508 | Otherwise, the proposal will be rejected. | |
509 | If PFS is not required by the responder, the responder will obey the proposal. | |
510 | If PFS is required by both sides and the responder's group is not equal to | |
511 | the initiator's, then the responder will reject the proposal. | |
512 | .It Ic claim | |
513 | If the responder's lifetime length is longer than the initiator's or | |
514 | the responder's key length is shorter than the initiator's, | |
515 | the responder will use the initiator's value. | |
516 | If the responder's lifetime length is shorter than the initiator's, | |
517 | the responder uses its own length AND sends a RESPONDER-LIFETIME notify | |
518 | message to an initiator in the case of lifetime (phase 2 only). | |
519 | For PFS, this directive behaves the same as | |
520 | .Ic strict . | |
521 | .It Ic exact | |
522 | If the initiator's lifetime or key length is not equal to the responder's, | |
523 | the responder will reject the proposal. | |
524 | If PFS is required by both sides and the responder's group is not equal to | |
525 | the initiator's, then the responder will reject the proposal. | |
526 | .El | |
527 | .\" | |
528 | .It Ic support_proxy (on | off) ; | |
529 | If this value is set to on, then both values of ID payloads in the | |
530 | phase 2 exchange are always used as the addresses of end-point of | |
531 | IPsec-SAs. | |
532 | The default is off. | |
533 | .\" | |
534 | .It Ic generate_policy (on | off | require | unique) ; | |
535 | This directive is for the responder. | |
536 | Therefore you should set | |
537 | .Ic passive | |
538 | to on in order that | |
539 | .Xr racoon 8 | |
540 | only becomes a responder. | |
541 | If the responder does not have any policy in SPD during phase 2 | |
542 | negotiation, and the directive is set to on, then | |
543 | .Xr racoon 8 | |
544 | will choose the first proposal in the | |
545 | SA payload from the initiator, and generate policy entries from the proposal. | |
546 | It is useful to negotiate with clients whose IP address is allocated | |
547 | dynamically. | |
548 | Note that an inappropriate policy might be installed into the responder's SPD | |
549 | by the initiator, | |
550 | so other communications might fail if such policies are installed | |
551 | due to a policy mismatch between the initiator and the responder. | |
552 | .Ic on | |
553 | and | |
554 | .Ic require | |
555 | values mean the same thing (generate a require policy). | |
556 | .Ic unique | |
557 | tells racoon to set up unique policies, with a monotoning increasing | |
558 | reqid number (between 1 and IPSEC_MANUAL_REQID_MAX). | |
559 | This directive is ignored in the initiator case. | |
560 | The default value is | |
561 | .Ic off . | |
562 | .\" | |
563 | .\" | |
564 | .It Ic nat_traversal (on | off | force) ; | |
565 | This directive enables use of the NAT-Traversal IPsec extension | |
566 | (NAT-T). | |
567 | NAT-T allows one or both peers to reside behind a NAT gateway (i.e., | |
568 | doing address- or port-translation). | |
569 | If a NAT gateway is detected during the phase 1 handshake, racoon will | |
570 | attempt to negotiate the use of NAT-T with the remote peer. | |
571 | If the negotiation succeeds, all ESP and AH packets for the given connection | |
572 | will be encapsulated into UDP datagrams (port 4500, by default). | |
573 | Possible values are: | |
574 | .Bl -tag -width Ds -compact | |
575 | .It Ic on | |
576 | NAT-T is used when a NAT gateway is detected between the peers. | |
577 | .It Ic off | |
578 | NAT-T is not proposed/accepted. | |
579 | This is the default. | |
580 | .It Ic force | |
581 | NAT-T is used regardless of whether a NAT gateway is detected between the | |
582 | peers or not. | |
583 | .El | |
584 | Please note that NAT-T support is a compile-time option. | |
585 | Although it is enabled in the source distribution by default, it | |
586 | may not be available in your particular build. | |
587 | In that case you will get a | |
588 | warning when using any NAT-T related config options. | |
589 | .\" | |
590 | .It Ic dpd_delay Ar delay ; | |
591 | This option activates the DPD and sets the time (in seconds) allowed | |
592 | between 2 proof of liveliness requests. | |
593 | The default value is | |
594 | .Ic 0 , | |
595 | which disables DPD monitoring, but still negotiates DPD support. | |
596 | .\" | |
597 | .It Ic dpd_retry Ar delay ; | |
598 | If | |
599 | .Ic dpd_delay | |
600 | is set, this sets the delay (in seconds) to wait for a proof of | |
601 | liveliness before considering it as failed and send another request. | |
602 | The default value is | |
603 | .Ic 5 . | |
604 | .\" | |
605 | .It Ic dpd_maxfail Ar number ; | |
606 | If | |
607 | .Ic dpd_delay | |
608 | is set, this sets the maximum number of liveliness proofs to request | |
609 | (without reply) before considering the peer is dead. | |
610 | The default value is | |
611 | .Ic 5 . | |
612 | .\" | |
613 | .It Ic nonce_size Ar number ; | |
614 | define the byte size of nonce value. | |
615 | Racoon can send any value although | |
616 | RFC2409 specifies that the value MUST be between 8 and 256 bytes. | |
617 | The default size is 16 bytes. | |
618 | .\" | |
619 | .It Ic ph1id Ar number ; | |
620 | An optionnal number to identify the remote proposal and to link it | |
621 | only with sainfos who have the same number. | |
622 | Defaults to 0. | |
623 | .\" | |
624 | .It Xo | |
625 | .Ic proposal { Ar sub-substatements Ic } | |
626 | .Xc | |
627 | .Bl -tag -width Ds -compact | |
628 | .\" | |
629 | .It Ic encryption_algorithm Ar algorithm ; | |
630 | Specifies the encryption algorithm used for the phase 1 negotiation. | |
631 | This directive must be defined. | |
632 | .Ar algorithm | |
633 | is one of following: | |
634 | .Ic des, 3des, aes | |
635 | for Oakley. | |
636 | For other transforms, this statement should not be used. | |
637 | .\" | |
638 | .It Ic hash_algorithm Ar algorithm ; | |
639 | Defines the hash algorithm used for the phase 1 negotiation. | |
640 | This directive must be defined. | |
641 | .Ar algorithm | |
642 | is one of following: | |
643 | .Ic md5, sha1, sha256, sha384, sha512 | |
644 | for Oakley. | |
645 | .\" | |
646 | .It Ic authentication_method Ar type ; | |
647 | Defines the authentication method used for the phase 1 negotiation. | |
648 | This directive must be defined. | |
649 | .Ar type | |
650 | is one of: | |
651 | .Ic pre_shared_key, | |
652 | .Ic hybrid_rsa_server , | |
653 | .Ic hybrid_rsa_client , xauth_rsa_server , xauth_rsa_client , xauth_psk_server | |
654 | or | |
655 | .Ic xauth_psk_client , eap_psk_client , eap_rsa_client . | |
656 | .\" | |
657 | .It Ic dh_group Ar group ; | |
658 | Defines the group used for the Diffie-Hellman exponentiations. | |
659 | This directive must be defined. | |
660 | .Ar group | |
661 | is one of following: | |
662 | .Ic modp1024 , modp1536 , modp2048 , modp3072 , modp4096 , modp6144 or modp8192 . | |
663 | Or you can define 2 , 5 , 14 , 15 , 16 , 17 or 18 as the DH group number. | |
664 | When you want to use aggressive mode, | |
665 | you must define the same DH group in each proposal. | |
666 | .It Ic lifetime time Ar number Ar timeunit ; | |
667 | Defines the lifetime of the phase 1 SA proposal. | |
668 | Refer to the description of the | |
669 | .Ic lifetime | |
670 | directive defined in the | |
671 | .Ic remote | |
672 | directive. | |
673 | .El | |
674 | .El | |
675 | .El | |
676 | .\" | |
677 | .Ss Policy Specifications | |
678 | The policy directive is obsolete, policies are now in the SPD. | |
679 | .Xr racoon 8 | |
680 | will obey the policy configured into the kernel by | |
681 | .Xr setkey 8 , | |
682 | and will construct phase 2 proposals by combining | |
683 | .Ic sainfo | |
684 | specifications in | |
685 | .Nm , | |
686 | and policies in the kernel. | |
687 | .\" | |
688 | .Ss Sainfo Specifications | |
689 | .Bl -tag -width Ds -compact | |
690 | .It Xo | |
691 | .Ic sainfo ( Ar source_id destination_id | Ar source_id Ic anonymous | Ic anonymous Ar destination_id | Ic anonymous ) [ from Ar idtype [ Ar string ] ] [ Ic group Ar string ] | |
692 | .Ic { Ar statements Ic } | |
693 | .Xc | |
694 | defines the parameters of the IKE phase 2 (IPsec-SA establishment). | |
695 | .Ar source_id | |
696 | and | |
697 | .Ar destination_id | |
698 | are constructed like: | |
699 | .Pp | |
700 | .Ic address Ar address | |
701 | .Bq Ic / Ar prefix | |
702 | .Bq Ic [ Ar port ] | |
703 | .Ar ul_proto | |
704 | .Pp | |
705 | or | |
706 | .Pp | |
707 | .Ic subnet Ar address | |
708 | .Bq Ic / Ar prefix | |
709 | .Bq Ic [ Ar port ] | |
710 | .Ar ul_proto | |
711 | .Pp | |
712 | or | |
713 | .Pp | |
714 | .Ar idtype Ar string | |
715 | .Pp | |
716 | An id string should be expressed to match the exact value of an ID payload | |
717 | (source is the local end, destination is the remote end). | |
718 | This is not like a filter rule. | |
719 | For example, if you define 3ffe:501:4819::/48 as | |
720 | .Ar source_id . | |
721 | 3ffe:501:4819:1000:/64 will not match. | |
722 | .Pp | |
723 | In the case of a longest prefix (selecting a single host), | |
724 | .Ar address | |
725 | instructs to send ID type of ADDRESS while | |
726 | .Ar subnet | |
727 | instructs to send ID type of SUBNET. | |
728 | Otherwise, these instructions are identical. | |
729 | .Pp | |
730 | The group keyword allows an XAuth group membership check to be performed | |
731 | for this sainfo section. | |
732 | When the mode_cfg auth source is set to | |
733 | .Ic system | |
734 | or | |
735 | .Ic ldap , | |
736 | the XAuth user is verified to be a member of the specified group | |
737 | before allowing a matching SA to be negotiated. | |
738 | .Pp | |
739 | .Bl -tag -width Ds -compact | |
740 | .\" | |
741 | .It Ic pfs_group Ar group ; | |
742 | define the group of Diffie-Hellman exponentiations. | |
743 | If you do not require PFS then you can omit this directive. | |
744 | Any proposal will be accepted if you do not specify one. | |
745 | .Ar group | |
746 | is one of following: | |
747 | .Ic modp1024 , modp1536 , modp2048 , modp3072 , modp4096 , modp6144 or modp8192 . | |
748 | Or you can define 2 , 5 , 14 , 15 , 16 , 17 or 18 as the DH group number. | |
749 | .\" | |
750 | .It Ic lifetime time Ar number Ar timeunit ; | |
751 | define how long an IPsec-SA will be used, in timeunits. | |
752 | Any proposal will be accepted, and no attribute(s) will be proposed to | |
753 | the peer if you do not specify it(them). | |
754 | See the | |
755 | .Ic proposal_check | |
756 | directive. | |
757 | .\" | |
758 | .It Ic remoteid Ar number ; | |
759 | Sainfos will only be used if their remoteid matches the ph1id of the | |
760 | remote section used for phase 1. | |
761 | Defaults to 0, which is also the default for ph1id. | |
762 | .\" | |
763 | .It Ic my_identifier Ar idtype ... ; | |
764 | is obsolete. | |
765 | It does not make sense to specify an identifier in the phase 2. | |
766 | .El | |
767 | .\" | |
768 | .Pp | |
769 | .Xr racoon 8 | |
770 | does not have a list of security protocols to be negotiated. | |
771 | The list of security protocols are passed by SPD in the kernel. | |
772 | Therefore you have to define all of the potential algorithms | |
773 | in the phase 2 proposals even if there are algorithms which will not be used. | |
774 | These algorithms are define by using the following three directives, | |
775 | with a single comma as the separator. | |
776 | For algorithms that can take variable-length keys, algorithm names | |
777 | can be followed by a key length, like | |
778 | .Dq Li blowfish 448 . | |
779 | .Xr racoon 8 | |
780 | will compute the actual phase 2 proposals by computing | |
781 | the permutation of the specified algorithms, | |
782 | and then combining them with the security protocol specified by the SPD. | |
783 | For example, if | |
784 | .Ic des , 3des , hmac_md5 , | |
785 | and | |
786 | .Ic hmac_sha1 | |
787 | are specified as algorithms, we have four combinations for use with ESP, | |
788 | and two for AH. | |
789 | Then, based on the SPD settings, | |
790 | .Xr racoon 8 | |
791 | will construct the actual proposals. | |
792 | If the SPD entry asks for ESP only, there will be 4 proposals. | |
793 | If it asks for both AH and ESP, there will be 8 proposals. | |
794 | Note that the kernel may not support the algorithm you have specified. | |
795 | .\" | |
796 | .Bl -tag -width Ds -compact | |
797 | .It Ic encryption_algorithm Ar algorithms ; | |
798 | .Ic des , 3des , des_iv64 , des_iv32 , | |
799 | .Ic null_enc ,rijndael , aes | |
800 | .Pq used with ESP | |
801 | .\" | |
802 | .It Ic authentication_algorithm Ar algorithms ; | |
803 | .Ic des , 3des , des_iv64 , des_iv32 , | |
804 | .Ic hmac_md5 , hmac_sha1 , hmac_sha256, hmac_sha384, hmac_sha512, non_auth | |
805 | .Pq used with ESP authentication and AH | |
806 | .\" | |
807 | .It Ic compression_algorithm Ar algorithms ; | |
808 | .Ic deflate | |
809 | .Pq used with IPComp | |
810 | .El | |
811 | .El | |
812 | .\" | |
813 | .Ss Logging level | |
814 | .Bl -tag -width Ds -compact | |
815 | .It Ic log Ar level ; | |
816 | Defines the logging level. | |
817 | .Ar level | |
818 | is one of following: | |
819 | .Ic error , warning , notify , info , debug | |
820 | and | |
821 | .Ic debug2 . | |
822 | The default is | |
823 | .Ic info . | |
824 | If you set the logging level too high on slower machines, | |
825 | IKE negotiation can fail due to timing constraint changes. | |
826 | .El | |
827 | .\" | |
828 | .Ss Specifies the way to pad | |
829 | .Bl -tag -width Ds -compact | |
830 | .It Ic padding { Ar statements Ic } | |
831 | specifies the padding format. | |
832 | The following are valid statements: | |
833 | .Bl -tag -width Ds -compact | |
834 | .It Ic randomize (on | off) ; | |
835 | Enables the use of a randomized value for padding. | |
836 | The default is on. | |
837 | .It Ic randomize_length (on | off) ; | |
838 | The pad length will be random. | |
839 | The default is off. | |
840 | .It Ic maximum_length Ar number ; | |
841 | Defines a maximum padding length. | |
842 | If | |
843 | .Ic randomize_length | |
844 | is off, this is ignored. | |
845 | The default is 20 bytes. | |
846 | .It Ic exclusive_tail (on | off) ; | |
847 | Means to put the number of pad bytes minus one into the last part | |
848 | of the padding. | |
849 | The default is on. | |
850 | .It Ic strict_check (on | off) ; | |
851 | Means to constrain the peer to set the number of pad bytes. | |
852 | The default is off. | |
853 | .El | |
854 | .El | |
855 | .Ss Special directives | |
856 | .Bl -tag -width Ds -compact | |
857 | .It Ic complex_bundle (on | off) ; | |
858 | defines the interpretation of proposal in the case of SA bundle. | |
859 | Normally | |
860 | .Dq IP AH ESP IP payload | |
861 | is proposed as | |
862 | .Dq AH tunnel and ESP tunnel . | |
863 | The interpretation is more common to other IKE implementations, however, | |
864 | it allows very limited set of combinations for proposals. | |
865 | With the option enabled, it will be proposed as | |
866 | .Dq AH transport and ESP tunnel . | |
867 | The default value is | |
868 | .Ic off . | |
869 | .El | |
870 | .\" | |
871 | .Ss Pre-shared key File | |
872 | The pre-shared key file defines pairs of identifiers and corresponding | |
873 | shared secret keys which are used in the pre-shared key authentication | |
874 | method in phase 1. | |
875 | The pair in each line is separated by some number of blanks and/or tab | |
876 | characters like in the | |
877 | .Xr hosts 5 | |
878 | file. | |
879 | Key can include blanks because everything after the first blanks | |
880 | is interpreted as the secret key. | |
881 | Lines starting with | |
882 | .Ql # | |
883 | are ignored. | |
884 | Keys which start with | |
885 | .Ql 0x | |
886 | are interpreted as hexadecimal strings. | |
887 | Note that the file must be owned by the user ID running | |
888 | .Xr racoon 8 | |
889 | .Pq usually the privileged user , | |
890 | and must not be accessible by others. | |
891 | .\" | |
892 | .Sh EXAMPLES | |
893 | The following shows how the remote directive should be configured. | |
894 | .Bd -literal -offset | |
895 | path pre_shared_key "/usr/local/v6/etc/psk.txt" ; | |
896 | remote anonymous | |
897 | { | |
898 | exchange_mode aggressive,main,base; | |
899 | lifetime time 24 hour; | |
900 | proposal { | |
901 | encryption_algorithm 3des; | |
902 | hash_algorithm sha1; | |
903 | authentication_method pre_shared_key; | |
904 | dh_group 2; | |
905 | } | |
906 | } | |
907 | ||
908 | sainfo anonymous | |
909 | { | |
910 | pfs_group 2; | |
911 | lifetime time 12 hour ; | |
912 | encryption_algorithm 3des, aes ; | |
913 | authentication_algorithm hmac_sha1, hmac_md5 ; | |
914 | compression_algorithm deflate ; | |
915 | } | |
916 | .Ed | |
917 | .Pp | |
918 | The following is a sample for the pre-shared key file. | |
919 | .Bd -literal -offset | |
920 | 10.160.94.3 mekmitasdigoat | |
921 | 172.16.1.133 0x12345678 | |
922 | 194.100.55.1 whatcertificatereally | |
923 | 3ffe:501:410:ffff:200:86ff:fe05:80fa mekmitasdigoat | |
924 | 3ffe:501:410:ffff:210:4bff:fea2:8baa mekmitasdigoat | |
925 | foo@kame.net mekmitasdigoat | |
926 | foo.kame.net hoge | |
927 | .Ed | |
928 | .\" | |
929 | .Sh SEE ALSO | |
930 | .Xr racoon 8 , | |
931 | .Xr racoonctl 8 , | |
932 | .Xr setkey 8 | |
933 | .\" | |
934 | .Sh HISTORY | |
935 | The | |
936 | .Nm | |
937 | configuration file first appeared in the | |
938 | .Dq YIPS | |
939 | Yokogawa IPsec implementation. | |
940 | .\" | |
941 | .Sh BUGS | |
942 | Some statements may not be handled by | |
943 | .Xr racoon 8 | |
944 | yet. | |
945 | .Pp | |
946 | Diffie-Hellman computation can take a very long time, and may cause | |
947 | unwanted timeouts, specifically when a large D-H group is used. | |
948 | .\" | |
949 | .Sh SECURITY CONSIDERATIONS | |
950 | The use of IKE phase 1 aggressive mode is not recommended, | |
951 | as described in | |
952 | .Li http://www.kb.cert.org/vuls/id/886601 . |