]> git.saurik.com Git - apple/ipsec.git/blob - ipsec-tools/racoon/racoon.conf.5
ipsec-146.3.tar.gz
[apple/ipsec.git] / ipsec-tools / racoon / racoon.conf.5
1 .\" $NetBSD: racoon.conf.5,v 1.34.4.2 2007/07/18 22:53:03 mgrooms Exp $
2 .\"
3 .\" Id: racoon.conf.5,v 1.54 2006/08/22 18:17:17 manubsd Exp
4 .\"
5 .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 .\" All rights reserved.
7 .\"
8 .\" Redistribution and use in source and binary forms, with or without
9 .\" modification, are permitted provided that the following conditions
10 .\" are met:
11 .\" 1. Redistributions of source code must retain the above copyright
12 .\" notice, this list of conditions and the following disclaimer.
13 .\" 2. Redistributions in binary form must reproduce the above copyright
14 .\" notice, this list of conditions and the following disclaimer in the
15 .\" documentation and/or other materials provided with the distribution.
16 .\" 3. Neither the name of the project nor the names of its contributors
17 .\" may be used to endorse or promote products derived from this software
18 .\" without specific prior written permission.
19 .\"
20 .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" SUCH DAMAGE.
31 .\"
32 .Dd September 19, 2006
33 .Dt RACOON.CONF 5
34 .Os
35 .\"
36 .Sh NAME
37 .Nm racoon.conf
38 .Nd configuration file for racoon
39 .\"
40 .\" .Sh SYNOPSIS
41 .\"
42 .Sh DESCRIPTION
43 .Nm
44 is the configuration file for the
45 .Xr racoon 8
46 ISAKMP daemon.
47 .Xr racoon 8
48 negotiates security associations for itself (ISAKMP SA, or phase 1 SA)
49 and for kernel IPsec (IPsec SA, or phase 2 SA).
50 The file consists of a sequence of directives and statements.
51 Each directive is composed by a tag and statements, enclosed by
52 .Ql {
53 and
54 .Ql } .
55 Lines beginning with
56 .Ql #
57 are comments.
58 .\"
59 .Ss Meta Syntax
60 Keywords and special characters that the parser expects exactly are
61 displayed using
62 .Ic this
63 font.
64 Parameters are specified with
65 .Ar this
66 font.
67 Square brackets
68 .Po
69 .Ql \&[
70 and
71 .Ql \&]
72 .Pc
73 are used to show optional keywords and parameters.
74 Note that
75 you have to pay attention when this manual is describing
76 .Ar port
77 numbers.
78 The
79 .Ar port
80 number is always enclosed by
81 .Ql \&[
82 and
83 .Ql \&] .
84 In this case, the port number is not an optional keyword.
85 If it is possible to omit the
86 .Ar port
87 number,
88 the expression becomes
89 .Bq Bq Ar port .
90 The vertical bar
91 .Pq Ql \&|
92 is used to indicate
93 a choice between optional parameters.
94 Parentheses
95 .Po
96 .Ql \&(
97 and
98 .Ql \&)
99 .Pc
100 are used to group keywords and parameters when necessary.
101 Major parameters are listed below.
102 .Pp
103 .Bl -tag -width addressx -compact
104 .It Ar number
105 means a hexadecimal or a decimal number.
106 The former must be prefixed with
107 .Ql Li 0x .
108 .It Ar string
109 .It Ar path
110 .It Ar file
111 means any string enclosed in
112 .Ql \&"
113 .Pq double quotes .
114 .It Ar address
115 means IPv6 and/or IPv4 address.
116 .It Ar port
117 means a TCP/UDP port number.
118 The port number is always enclosed by
119 .Ql \&[
120 and
121 .Ql \&] .
122 .It Ar timeunit
123 is one of following:
124 .Ic sec , secs , second , seconds ,
125 .Ic min , mins , minute , minutes ,
126 .Ic hour , hours .
127 .El
128 .\"
129 .Ss Privilege separation
130 .Bl -tag -width Ds -compact
131 .It Ic privsep { Ar statements Ic }
132 Specifies privilege separation parameters.
133 When enabled, these enable
134 .Xr racoon 8
135 to operate with an unprivileged instance doing most of the work, while
136 a privileged instance takes care of performing the following operations
137 as root: reading PSK and private keys, launching hook scripts, and
138 validating passwords against system databases or against PAM.
139 Please note that using privilege separation makes changes to the
140 .Ar listen
141 and
142 .Ar paths
143 sections ignored upon configuration reloads.
144 A
145 .Xr racoon 8
146 restart is required if you want such changes to be taken into account.
147 .Pp
148 .Bl -tag -width Ds -compact
149 .It Ic user Ar user ;
150 The user to which the unprivileged instance of
151 .Xr racoon 8 ,
152 should switch.
153 This can be a quoted user name or a numeric UID.
154 .It Ic group Ar group ;
155 The group the unprivilegied instance of
156 .Xr racoon 8 ,
157 should switch.
158 This can be a quoted group name or a numeric GID.
159 .It Ic chroot Ar path ;
160 A directory to which the unprivileged instance of
161 .Xr racoon 8
162 should
163 .Xr chroot 2 .
164 This directory should hold a tree where the following files must be
165 reachable:
166 .Bl -tag -width Ds -compact
167 .It Pa /dev/random
168 .It Pa /dev/urandom
169 .It The certificates
170 .It The file containing the Xauth banner
171 .El
172 .Pp
173 The PSK file, the private keys, and the hook scripts are accessed through the
174 privileged instance of
175 .Xr racoon 8
176 and do not need to be reachable in the
177 .Xr chroot 2 Ap ed
178 tree.
179 .El
180 .El
181 .Ss Path Specification
182 This section specifies various paths used by racoon.
183 When running in privilege separation mode,
184 .Ic certificate
185 and
186 .Ic script
187 paths are mandatory. A
188 .Xr racoon 8
189 restart is required if you want path changes to be taken into account.
190 .Bl -tag -width Ds -compact
191 .It Ic path include Ar path ;
192 Specifies a path to include a file.
193 See
194 .Sx File Inclusion .
195 .It Ic path pre_shared_key Ar file ;
196 Specifies a file containing pre-shared key(s) for various ID(s).
197 See
198 .Sx Pre-shared key File .
199 .It Ic path certificate Ar path ;
200 .Xr racoon 8
201 will search this directory if a certificate or certificate request is received.
202 If you run with privilege separation,
203 .Xr racoon 8
204 will refuse to use a certificate stored outside of this directory.
205 .It Ic path backupsa Ar file ;
206 Specifies a file to which SA information negotiated by
207 racoon should be stored.
208 .Xr racoon 8
209 will install SA(s) from the file when started with the
210 .Fl B
211 flag.
212 The file is growing because
213 .Xr racoon 8
214 simply adds SAs to it.
215 You should maintain the file manually.
216 .It Ic path script Ar path ;
217 .Xr racoon 8
218 will search this directory for scripts hooks.
219 If you run with privilege separation,
220 .Xr racoon 8
221 will refuse to execute a script stored outside of this directory.
222 .It Ic path pidfile Ar file ;
223 Specifies file where to store PID of process.
224 If path starts with
225 .Pa /
226 it is treated as an absolute path. Otherwise, it is treated as a relative
227 path to the VARRUN directory specified at compilation time.
228 Default is
229 .Pa racoon.pid .
230 .It Ic path logfile Ar file ;
231 Specifies a file to which logs generated by
232 .Xr racoon 8
233 are stored.
234 When the file's size exceeds 200KB,
235 .Xr racoon 8
236 will trim the logfile by dropping the oldest events.
237 If path starts with
238 .Pa /
239 it is treated as an absolute path. Otherwise, it is treated as a relative
240 path to the VARRUN directory specified at compilation time.
241 .El
242 .\"
243 .Ss File Inclusion
244 .Bl -tag -width Ds -compact
245 .It Ic include Ar file
246 Specifies other configuration files to be included.
247 .El
248 .\"
249 .Ss Identifier Specification
250 is obsolete.
251 It must be defined at each
252 .Ic remote
253 directive.
254 .\"
255 .Ss Timer Specification
256 .Bl -tag -width Ds -compact
257 .It Ic timer { Ar statements Ic }
258 This section specifies various timer values used by racoon.
259 .Pp
260 .Bl -tag -width Ds -compact
261 .It Ic counter Ar number ;
262 The maximum number of retries to send.
263 The default is 5.
264 .It Ic interval Ar number Ar timeunit ;
265 The interval to resend, in seconds.
266 The default time is 10 seconds.
267 .It Ic persend Ar number ;
268 The number of packets per send.
269 The default is 1.
270 .It Ic phase1 Ar number Ar timeunit ;
271 The maximum time it should take to complete phase 1.
272 The default time is 15 seconds.
273 .It Ic phase2 Ar number Ar timeunit ;
274 The maximum time it should take to complete phase 2.
275 The default time is 10 seconds.
276 .It Ic natt_keepalive Ar number Ar timeunit ;
277 The interval between sending NAT-Traversal keep-alive packets.
278 The default time is 20 seconds.
279 Set to 0s to disable keep-alive packets.
280 .El
281 .El
282 .\"
283 .Ss Listening Port Specification
284 .Bl -tag -width Ds -compact
285 .It Ic listen { Ar statements Ic }
286 If no
287 .Ar listen
288 directive is specified,
289 .Xr racoon 8
290 will listen on all available interface addresses.
291 The following is the list of valid statements:
292 .Pp
293 .Bl -tag -width Ds -compact
294 .\" How do I express bold brackets; `[' and `]' .
295 .\" Answer: For bold brackets, do "Ic \&[ foo \&]".
296 .\" Is the "Bq Ic [ Ar port ] ;" buggy ?
297 .It Ic isakmp Ar address Bq Bq Ar port ;
298 If this is specified,
299 .Xr racoon 8
300 will only listen on the defined
301 .Ar address .
302 The default port is 500, which is specified by IANA.
303 You can provide more than one address definition.
304 .It Ic isakmp_natt Ar address Bq Ar port ;
305 Same as
306 .Ic isakmp
307 but also sets the socket options to accept UDP-encapsulated ESP traffic for
308 NAT-Traversal.
309 If you plan to use NAT-T, you should provide at least one address
310 with port 4500, which is specified by IANA.
311 There is no default.
312 .It Ic strict_address ;
313 Requires that all addresses for ISAKMP be bound.
314 This statement will be ignored if you do not specify address definitions.
315 .El
316 When running in privilege separation mode, you need to restart
317 .Xr racoon 8
318 to have changes to the
319 .Ar listen
320 section taken into account.
321 .Pp
322 The
323 .Ar listen
324 section can also be used to specify the admin socket mode and ownership
325 if racoon was built with support for admin port.
326 .Bl -tag -width Ds -compact
327 .It Ic adminsock Ar path Op Ar owner\ group\ mode ;
328 The
329 .Ar path ,
330 .Ar owner ,
331 and
332 .Ar group
333 values specify the socket path, owner, and group. They must be quoted.
334 The defaults are
335 .Pa /var/racoon/racoon.sock ,
336 UID 0, and GID 0.
337 .Ar mode
338 is the access mode in octal. The default is 0600.
339 .It Ic adminsock disabled ;
340 This directive tells racoon to not listen on the admin socket.
341 .El
342 .El
343 .\"
344 .Ss Miscellaneous Global Parameters
345 .Bl -tag -width Ds -compact
346 .It Ic gss_id_enc Ar enctype ;
347 Older versions of
348 .Xr racoon 8
349 used ISO-Latin-1 as the encoding of the GSS-API identifier attribute.
350 For interoperability with Microsoft Windows' GSS-API authentication
351 scheme, the default encoding has been changed to UTF-16LE.
352 The
353 .Ic gss_id_enc
354 parameter allows
355 .Xr racoon 8
356 to be configured to use the old encoding for compatibility with existing
357 .Xr racoon 8
358 installations.
359 The following are valid values for
360 .Ar enctype :
361 .Pp
362 .Bl -tag -width Ds -compact
363 .It Ic utf-16le
364 Use UTF-16LE to encode the GSS-API identifier attribute.
365 This is the default encoding.
366 This encoding is compatible with Microsoft Windows.
367 .It Ic latin1
368 Use ISO-Latin-1 to encode the GSS-API identifier attribute.
369 This is the encoding used by older versions of
370 .Xr racoon 8 .
371 .El
372 .El
373 .\"
374 .Ss Remote Nodes Specifications
375 .Bl -tag -width Ds -compact
376 .It Xo
377 .Ic remote ( Ar address | Ic anonymous )
378 .Bq Bq Ar port
379 .Bq Ic inherit Ar parent
380 .Ic { Ar statements Ic }
381 .Xc
382 Specifies the IKE phase 1 parameters for each remote node.
383 The default port is 500.
384 If
385 .Ic anonymous
386 is specified, the statements will apply to any peer that does not match a
387 more specific
388 .Ic remote
389 directive.
390 .Pp
391 Sections with
392 .Ic inherit Ar parent
393 statements (where
394 .Ar parent
395 is either
396 .Ar address
397 or a keyword
398 .Ic anonymous )
399 that have all values predefined to those of a given
400 .Ar parent .
401 In these sections it is enough to redefine only the changed parameters.
402 .Pp
403 The following are valid statements.
404 .Pp
405 .Bl -tag -width Ds -compact
406 .\"
407 .It Ic exchange_mode ( main | aggressive | base ) ;
408 Defines the exchange mode for phase 1 when racoon is the initiator.
409 It also means the acceptable exchange mode when racoon is the responder.
410 More than one mode can be specified by separating them with a comma.
411 All of the modes are acceptable.
412 The first exchange mode is what racoon uses when it is the initiator.
413 .\"
414 .It Ic doi Ic ipsec_doi ;
415 Means to use IPsec DOI as specified in RFC 2407.
416 You can omit this statement.
417 .\"
418 .It Ic situation Ic identity_only ;
419 Means to use SIT_IDENTITY_ONLY as specified in RFC 2407.
420 You can omit this statement.
421 .\"
422 .It Ic identifier Ar idtype ;
423 This statment is obsolete. Instead, use
424 .Ic my_identifier .
425 .\"
426 .It Xo
427 .Ic my_identifier Bq Ar qualifier
428 .Ar idtype ... ;
429 .Xc
430 Specifies the identifier sent to the remote host
431 and the type to use in the phase 1 negotiation.
432 .Ic address, fqdn , user_fqdn , keyid ,
433 and
434 .Ic asn1dn
435 can be used as an
436 .Ar idtype .
437 The
438 .Ar qualifier
439 is currently only used for
440 .Ic keyid ,
441 and can be either
442 .Ic file
443 or
444 .Ic tag .
445 The possible values are :
446 .Bl -tag -width Ds -compact
447 .It Ic my_identifier Ic address Bq Ar address ;
448 The type is the IP address.
449 This is the default type if you do not specify an identifier to use.
450 .It Ic my_identifier Ic user_fqdn Ar string ;
451 The type is a USER_FQDN (user fully-qualified domain name).
452 .It Ic my_identifier Ic fqdn Ar string ;
453 The type is a FQDN (fully-qualified domain name).
454 .It Xo
455 .Ic my_identifier Ic keyid Bq Ic file
456 .Ar file ;
457 .Xc
458 The type is a KEY_ID, read from the file.
459 .It Ic my_identifier Ic keyid Ic tag Ar string ;
460 The type is a KEY_ID, specified in the quoted string.
461 .It Ic my_identifier Ic asn1dn Bq Ar string ;
462 The type is an ASN.1 distinguished name.
463 If
464 .Ar string
465 is omitted,
466 .Xr racoon 8
467 will get the DN from the Subject field in the certificate.
468 .El
469 .\"
470 .It Ic xauth_login Bq Ar string ;
471 Specifies the login to use in client-side Hybrid authentication.
472 It is available only if
473 .Xr racoon 8
474 has been built with this option.
475 The associated password is looked up in the pre-shared key files,
476 using the login
477 .Ic string
478 as the key id.
479 .\"
480 .It Ic peers_identifier Ar idtype ... ;
481 Specifies the peer's identifier to be received.
482 If it is not defined then
483 .Xr racoon 8
484 will not verify the peer's identifier in ID payload transmitted from the peer.
485 If it is defined, the behavior of the verification depends on the flag of
486 .Ic verify_identifier .
487 The usage of
488 .Ar idtype
489 is the same as
490 .Ic my_identifier
491 except that the individual component values of an
492 .Ic asn1dn
493 identifier may specified as
494 .Ic *
495 to match any value (e.g. "C=XX, O=MyOrg, OU=*, CN=Mine").
496 Alternative acceptable peer identifiers may be specified by repeating the
497 .Ic peers_identifier
498 statement.
499 .\"
500 .It Ic verify_identifier (on | off) ;
501 If you want to verify the peer's identifier,
502 set this to on.
503 In this case, if the value defined by
504 .Ic peers_identifier
505 is not the same as the peer's identifier in the ID payload,
506 the negotiation will fail.
507 The default is off.
508 .\"
509 .It Ic certificate_type Ar certspec ;
510 Specifies a certificate specification.
511 .Ar certspec
512 is one of followings:
513 .Bl -tag -width Ds -compact
514 .It Ic x509 Ar certfile Ar privkeyfile ;
515 .Ar certfile
516 means a file name of a certificate.
517 .Ar privkeyfile
518 means a file name of a secret key.
519 .El
520 .Bl -tag -width Ds -compact
521 .It Ic plain_rsa Ar privkeyfile ;
522 .Ar privkeyfile
523 means a file name of a private key generated by plainrsa-gen(8). Required
524 for RSA authentication.
525 .El
526 .It Ic ca_type Ar cacertspec ;
527 Specifies a root certificate authority specification.
528 .Ar cacertspec
529 is one of followings:
530 .Bl -tag -width Ds -compact
531 .It Ic x509 Ar cacertfile ;
532 .Ar cacertfile
533 means a file name of the root certificate authority.
534 Default is
535 .Pa /etc/openssl/cert.pem
536 .El
537 .\"
538 .It Ic mode_cfg (on | off) ;
539 Gather network information through ISAKMP mode configuration.
540 Default is off.
541 .\"
542 .It Ic weak_phase1_check (on | off) ;
543 Tells racoon to act on unencrypted deletion messages during phase 1.
544 This is a small security risk, so the default is off, meaning that
545 racoon will keep on trying to establish a connection even if the
546 user credentials are wrong, for instance.
547 .\"
548 .It Ic peers_certfile ( dnssec | Ar certfile | Ic plain_rsa Ar pubkeyfile ) ;
549 If
550 .Ic dnssec
551 is defined,
552 .Xr racoon 8
553 will ignore the CERT payload from the peer,
554 and try to get the peer's certificate from DNS instead.
555 If
556 .Ar certfile
557 is defined,
558 .Xr racoon 8
559 will ignore the CERT payload from the peer,
560 and will use this certificate as the peer's certificate.
561 If
562 .Ic plain_rsa
563 is defined,
564 .Xr racoon 8
565 will expect
566 .Ar pubkeyfile
567 to be the peer's public key that was generated
568 by plainrsa-gen(8).
569 .\"
570 .It Ic script Ar script Ic phase1_up
571 .It Ic script Ar script Ic phase1_down
572 Shell scripts that get executed when a phase 1 SA goes up or down.
573 Both scripts get either
574 .Ic phase1_up
575 or
576 .Ic phase1_down
577 as first argument, and the following
578 variables are set in their environment:
579 .Bl -tag -width Ds -compact
580 .It Ev LOCAL_ADDR
581 The local address of the phase 1 SA.
582 .It Ev LOCAL_PORT
583 The local port used for IKE for the phase 1 SA.
584 .It Ev REMOTE_ADDR
585 The remote address of the phase 1 SA.
586 .It Ev REMOTE_PORT
587 The remote port used for IKE for the phase 1 SA.
588 .El
589 The following variables are only set if
590 .Ic mode_cfg
591 was enabled:
592 .Bl -tag -width Ds -compact
593 .It INTERNAL_ADDR4
594 An IPv4 internal address obtained by ISAKMP mode config.
595 .It INTERNAL_NETMASK4
596 An IPv4 internal netmask obtained by ISAKMP mode config.
597 .It INTERNAL_CIDR4
598 An IPv4 internal netmask obtained by ISAKMP mode config, in CIDR notation.
599 .It INTERNAL_DNS4
600 The first internal DNS server IPv4 address obtained by ISAKMP mode config.
601 .It INTERNAL_DNS4_LIST
602 A list of internal DNS servers IPv4 address obtained by ISAKMP mode config,
603 separated by spaces.
604 .It INTERNAL_WINS4
605 The first internal WINS server IPv4 address obtained by ISAKMP mode config.
606 .It INTERNAL_WINS4_LIST
607 A list of internal WINS servers IPv4 address obtained by ISAKMP mode config,
608 separated by spaces.
609 .It SPLIT_INCLUDE
610 The space separated list of IPv4 addresses and masks (address slash mask)
611 that define the networks to be encrypted (as opposed to the default where
612 all the traffic should be encrypted) ; obtained by ISAKMP mode config ;
613 SPLIT_INCLUDE and SPLIT_LOCAL are mutually exclusive.
614 .It SPLIT_LOCAL
615 The space separated list of IPv4 addresses and masks (address slash mask)
616 that define the networks to be considered local, and thus excluded from the
617 tunnels ; obtained by ISAKMP mode config.
618 .It DEFAULT_DOMAIN
619 The DNS default domain name obtained by ISAKMP mode config.
620 .El
621 .\"
622 .\"
623 .It Ic send_cert (on | off) ;
624 If you do not want to send a certificate, set this to off.
625 The default is on.
626 .\"
627 .It Ic send_cr (on | off) ;
628 If you do not want to send a certificate request, set this to off.
629 The default is on.
630 .\"
631 .It Ic verify_cert (on | off) ;
632 By default, the identifier sent by the remote host (as specified in its
633 .Ic my_identifier
634 statement) is compared with the credentials in the certificate
635 used to authenticate the remote host as follows:
636 .Bl -tag -width Ds -compact
637 .It Type Ic asn1dn:
638 The entire certificate subject name is compared with the identifier,
639 e.g. "C=XX, O=YY, ...".
640 .It Type Ic address, fqdn, or user_fqdn:
641 The certificate's subjectAltName is compared with the identifier.
642 .El
643 If the two do not match the negotiation will fail.
644 If you do not want to verify the identifier using the peer's certificate,
645 set this to off.
646 .\"
647 .It Ic lifetime time Ar number Ar timeunit ;
648 Define a lifetime of a certain time
649 which will be proposed in the phase 1 negotiations.
650 Any proposal will be accepted, and the attribute(s) will not be proposed to
651 the peer if you do not specify it (them).
652 They can be individually specified in each proposal.
653 .\"
654 .It Ic ike_frag (on | off | force) ;
655 Enable receiver-side IKE fragmentation if
656 .Xr racoon 8
657 has been built with this feature.
658 If set to on, racoon will advertise
659 itself as being capable of receiving packets split by IKE fragmentation.
660 This extension is there to work around broken firewalls that do not
661 work with fragmented UDP packets.
662 IKE fragmentation is always enabled on the sender-side, and it is
663 used if the peer advertises itself as IKE fragmentation capable.
664 By selecting force, IKE Fragmentation will
665 be used when racoon is acting as the initiator even before the remote
666 peer has advertised itself as IKE fragmentation capable.
667 .\"
668 .It Ic esp_frag Ar fraglen ;
669 This option is only relevant if you use NAT traversal in tunnel mode.
670 Its purpose is to work around broken DSL routers that reject UDP
671 fragments, by fragmenting the IP packets before ESP encapsulation.
672 The result is ESP over UDP of fragmented packets instead of fragmented
673 ESP over UDP packets (i.e., IP:UDP:ESP:frag(IP) instead of
674 frag(IP:UDP:ESP:IP)).
675 .Ar fraglen
676 is the maximum size of the fragments.
677 552 should work anywhere,
678 but the higher
679 .Ar fraglen
680 is, the better the performance.
681 .Pp
682 Note that because PMTU discovery is broken on many sites, you will
683 have to use MSS clamping if you want TCP to work correctly.
684 .\"
685 .It Ic initial_contact (on | off) ;
686 Enable this to send an INITIAL-CONTACT message.
687 The default value is
688 .Ic on .
689 This message is useful only when the responder implementation chooses an
690 old SA when there are multiple SAs with different established time and the
691 initiator reboots.
692 If racoon did not send the message,
693 the responder would use an old SA even when a new SA was established.
694 For systems that use a KAME derived IPSEC stack, the
695 .Xr sysctl 8
696 variable net.key.preferred_oldsa can be used to control this preference.
697 When the value is zero, the stack always uses a new SA.
698 .\"
699 .It Ic passive (on | off) ;
700 If you do not want to initiate the negotiation, set this to on.
701 The default value is
702 .Ic off .
703 It is useful for a server.
704 .\"
705 .It Ic proposal_check Ar level ;
706 Specifies the action of lifetime length, key length and PFS of the phase 2
707 selection on the responder side, and the action of lifetime check in
708 phase 1.
709 The default level is
710 .Ic strict .
711 If the
712 .Ar level
713 is:
714 .Bl -tag -width Ds -compact
715 .It Ic obey
716 The responder will obey the initiator anytime.
717 .It Ic strict
718 If the responder's lifetime length is longer than the initiator's or
719 the responder's key length is shorter than the initiator's,
720 the responder will use the initiator's value.
721 Otherwise, the proposal will be rejected.
722 If PFS is not required by the responder, the responder will obey the proposal.
723 If PFS is required by both sides and the responder's group is not equal to
724 the initiator's, then the responder will reject the proposal.
725 .It Ic claim
726 If the responder's lifetime length is longer than the initiator's or
727 the responder's key length is shorter than the initiator's,
728 the responder will use the initiator's value.
729 If the responder's lifetime length is shorter than the initiator's,
730 the responder uses its own length AND sends a RESPONDER-LIFETIME notify
731 message to an initiator in the case of lifetime (phase 2 only).
732 For PFS, this directive behaves the same as
733 .Ic strict .
734 .It Ic exact
735 If the initiator's lifetime or key length is not equal to the responder's,
736 the responder will reject the proposal.
737 If PFS is required by both sides and the responder's group is not equal to
738 the initiator's, then the responder will reject the proposal.
739 .El
740 .\"
741 .It Ic support_proxy (on | off) ;
742 If this value is set to on, then both values of ID payloads in the
743 phase 2 exchange are always used as the addresses of end-point of
744 IPsec-SAs.
745 The default is off.
746 .\"
747 .It Ic generate_policy (on | off | require | unique) ;
748 This directive is for the responder.
749 Therefore you should set
750 .Ic passive
751 to on in order that
752 .Xr racoon 8
753 only becomes a responder.
754 If the responder does not have any policy in SPD during phase 2
755 negotiation, and the directive is set to on, then
756 .Xr racoon 8
757 will choose the first proposal in the
758 SA payload from the initiator, and generate policy entries from the proposal.
759 It is useful to negotiate with clients whose IP address is allocated
760 dynamically.
761 Note that an inappropriate policy might be installed into the responder's SPD
762 by the initiator,
763 so other communications might fail if such policies are installed
764 due to a policy mismatch between the initiator and the responder.
765 .Ic on
766 and
767 .Ic require
768 values mean the same thing (generate a require policy).
769 .Ic unique
770 tells racoon to set up unique policies, with a monotoning increasing
771 reqid number (between 1 and IPSEC_MANUAL_REQID_MAX).
772 This directive is ignored in the initiator case.
773 The default value is
774 .Ic off .
775 .\"
776 .\"
777 .It Ic nat_traversal (on | off | force) ;
778 This directive enables use of the NAT-Traversal IPsec extension
779 (NAT-T).
780 NAT-T allows one or both peers to reside behind a NAT gateway (i.e.,
781 doing address- or port-translation).
782 If a NAT gateway is detected during the phase 1 handshake, racoon will
783 attempt to negotiate the use of NAT-T with the remote peer.
784 If the negotiation succeeds, all ESP and AH packets for the given connection
785 will be encapsulated into UDP datagrams (port 4500, by default).
786 Possible values are:
787 .Bl -tag -width Ds -compact
788 .It Ic on
789 NAT-T is used when a NAT gateway is detected between the peers.
790 .It Ic off
791 NAT-T is not proposed/accepted.
792 This is the default.
793 .It Ic force
794 NAT-T is used regardless of whether a NAT gateway is detected between the
795 peers or not.
796 .El
797 Please note that NAT-T support is a compile-time option.
798 Although it is enabled in the source distribution by default, it
799 may not be available in your particular build.
800 In that case you will get a
801 warning when using any NAT-T related config options.
802 .\"
803 .It Ic dpd_delay Ar delay ;
804 This option activates the DPD and sets the time (in seconds) allowed
805 between 2 proof of liveliness requests.
806 The default value is
807 .Ic 0 ,
808 which disables DPD monitoring, but still negotiates DPD support.
809 .\"
810 .It Ic dpd_retry Ar delay ;
811 If
812 .Ic dpd_delay
813 is set, this sets the delay (in seconds) to wait for a proof of
814 liveliness before considering it as failed and send another request.
815 The default value is
816 .Ic 5 .
817 .\"
818 .It Ic dpd_maxfail Ar number ;
819 If
820 .Ic dpd_delay
821 is set, this sets the maximum number of liveliness proofs to request
822 (without reply) before considering the peer is dead.
823 The default value is
824 .Ic 5 .
825 .\"
826 .It Ic nonce_size Ar number ;
827 define the byte size of nonce value.
828 Racoon can send any value although
829 RFC2409 specifies that the value MUST be between 8 and 256 bytes.
830 The default size is 16 bytes.
831 .\"
832 .It Ic ph1id Ar number ;
833 An optionnal number to identify the remote proposal and to link it
834 only with sainfos who have the same number.
835 Defaults to 0.
836 .\"
837 .It Xo
838 .Ic proposal { Ar sub-substatements Ic }
839 .Xc
840 .Bl -tag -width Ds -compact
841 .\"
842 .It Ic encryption_algorithm Ar algorithm ;
843 Specifies the encryption algorithm used for the phase 1 negotiation.
844 This directive must be defined.
845 .Ar algorithm
846 is one of following:
847 .Ic des, 3des, blowfish, cast128, aes, camellia
848 .\".Ic rc5 , idea
849 for Oakley.
850 For other transforms, this statement should not be used.
851 .\"
852 .It Ic hash_algorithm Ar algorithm ;
853 Defines the hash algorithm used for the phase 1 negotiation.
854 This directive must be defined.
855 .Ar algorithm
856 is one of following:
857 .Ic md5, sha1, sha256, sha384, sha512
858 for Oakley.
859 .\"
860 .It Ic authentication_method Ar type ;
861 Defines the authentication method used for the phase 1 negotiation.
862 This directive must be defined.
863 .Ar type
864 is one of:
865 .Ic pre_shared_key , rsasig
866 (for plain RSA authentication),
867 .Ic gssapi_krb , hybrid_rsa_server ,
868 .Ic hybrid_rsa_client , xauth_rsa_server , xauth_rsa_client , xauth_psk_server
869 or
870 .Ic xauth_psk_client .
871 .\"
872 .It Ic dh_group Ar group ;
873 Defines the group used for the Diffie-Hellman exponentiations.
874 This directive must be defined.
875 .Ar group
876 is one of following:
877 .Ic modp768 , modp1024 , modp1536 ,
878 .Ic modp2048 , modp3072 , modp4096 ,
879 .Ic modp6144 , modp8192 .
880 Or you can define 1, 2, 5, 14, 15, 16, 17, or 18 as the DH group number.
881 When you want to use aggressive mode,
882 you must define the same DH group in each proposal.
883 .It Ic lifetime time Ar number Ar timeunit ;
884 Defines the lifetime of the phase 1 SA proposal.
885 Refer to the description of the
886 .Ic lifetime
887 directive defined in the
888 .Ic remote
889 directive.
890 .It Ic gss_id Ar string ;
891 Defines the GSS-API endpoint name, to be included as an attribute in the SA,
892 if the
893 .Ic gssapi_krb
894 authentication method is used.
895 If this is not defined, the default value of
896 .Ql host/hostname
897 is used, where hostname is the value returned by the
898 .Xr hostname 1
899 command.
900 .El
901 .El
902 .El
903 .\"
904 .Ss Policy Specifications
905 The policy directive is obsolete, policies are now in the SPD.
906 .Xr racoon 8
907 will obey the policy configured into the kernel by
908 .Xr setkey 8 ,
909 and will construct phase 2 proposals by combining
910 .Ic sainfo
911 specifications in
912 .Nm ,
913 and policies in the kernel.
914 .\"
915 .Ss Sainfo Specifications
916 .Bl -tag -width Ds -compact
917 .It Xo
918 .Ic sainfo ( Ar source_id destination_id | Ar source_id Ic anonymous | Ic anonymous Ar destination_id | Ic anonymous ) [ from Ar idtype [ Ar string ] ] [ Ic group Ar string ]
919 .Ic { Ar statements Ic }
920 .Xc
921 defines the parameters of the IKE phase 2 (IPsec-SA establishment).
922 .Ar source_id
923 and
924 .Ar destination_id
925 are constructed like:
926 .Pp
927 .Ic address Ar address
928 .Bq Ic / Ar prefix
929 .Bq Ic [ Ar port ]
930 .Ar ul_proto
931 .Pp
932 or
933 .Pp
934 .Ic subnet Ar address
935 .Bq Ic / Ar prefix
936 .Bq Ic [ Ar port ]
937 .Ar ul_proto
938 .Pp
939 or
940 .Pp
941 .Ar idtype Ar string
942 .Pp
943 An id string should be expressed to match the exact value of an ID payload
944 (source is the local end, destination is the remote end).
945 This is not like a filter rule.
946 For example, if you define 3ffe:501:4819::/48 as
947 .Ar source_id .
948 3ffe:501:4819:1000:/64 will not match.
949 .Pp
950 In the case of a longest prefix (selecting a single host),
951 .Ar address
952 instructs to send ID type of ADDRESS while
953 .Ar subnet
954 instructs to send ID type of SUBNET.
955 Otherwise, these instructions are identical.
956 .Pp
957 The group keyword allows an XAuth group membership check to be performed
958 for this sainfo section.
959 When the mode_cfg auth source is set to
960 .Ic system
961 or
962 .Ic ldap ,
963 the XAuth user is verified to be a member of the specified group
964 before allowing a matching SA to be negotiated.
965 .Pp
966 .Bl -tag -width Ds -compact
967 .\"
968 .It Ic pfs_group Ar group ;
969 define the group of Diffie-Hellman exponentiations.
970 If you do not require PFS then you can omit this directive.
971 Any proposal will be accepted if you do not specify one.
972 .Ar group
973 is one of following:
974 .Ic modp768 , modp1024 , modp1536 ,
975 .Ic modp2048 , modp3072 , modp4096 ,
976 .Ic modp6144 , modp8192 .
977 Or you can define 1, 2, 5, 14, 15, 16, 17, or 18 as the DH group number.
978 .\"
979 .It Ic lifetime time Ar number Ar timeunit ;
980 define how long an IPsec-SA will be used, in timeunits.
981 Any proposal will be accepted, and no attribute(s) will be proposed to
982 the peer if you do not specify it(them).
983 See the
984 .Ic proposal_check
985 directive.
986 .\"
987 .It Ic remoteid Ar number ;
988 Sainfos will only be used if their remoteid matches the ph1id of the
989 remote section used for phase 1.
990 Defaults to 0, which is also the default for ph1id.
991 .\"
992 .It Ic my_identifier Ar idtype ... ;
993 is obsolete.
994 It does not make sense to specify an identifier in the phase 2.
995 .El
996 .\"
997 .Pp
998 .Xr racoon 8
999 does not have a list of security protocols to be negotiated.
1000 The list of security protocols are passed by SPD in the kernel.
1001 Therefore you have to define all of the potential algorithms
1002 in the phase 2 proposals even if there are algorithms which will not be used.
1003 These algorithms are define by using the following three directives,
1004 with a single comma as the separator.
1005 For algorithms that can take variable-length keys, algorithm names
1006 can be followed by a key length, like
1007 .Dq Li blowfish 448 .
1008 .Xr racoon 8
1009 will compute the actual phase 2 proposals by computing
1010 the permutation of the specified algorithms,
1011 and then combining them with the security protocol specified by the SPD.
1012 For example, if
1013 .Ic des , 3des , hmac_md5 ,
1014 and
1015 .Ic hmac_sha1
1016 are specified as algorithms, we have four combinations for use with ESP,
1017 and two for AH.
1018 Then, based on the SPD settings,
1019 .Xr racoon 8
1020 will construct the actual proposals.
1021 If the SPD entry asks for ESP only, there will be 4 proposals.
1022 If it asks for both AH and ESP, there will be 8 proposals.
1023 Note that the kernel may not support the algorithm you have specified.
1024 .\"
1025 .Bl -tag -width Ds -compact
1026 .It Ic encryption_algorithm Ar algorithms ;
1027 .Ic des , 3des , des_iv64 , des_iv32 ,
1028 .Ic rc5 , rc4 , idea , 3idea ,
1029 .Ic cast128 , blowfish , null_enc ,
1030 .Ic twofish , rijndael , aes , camellia
1031 .Pq used with ESP
1032 .\"
1033 .It Ic authentication_algorithm Ar algorithms ;
1034 .Ic des , 3des , des_iv64 , des_iv32 ,
1035 .Ic hmac_md5 , hmac_sha1 , hmac_sha256, hmac_sha384, hmac_sha512, non_auth
1036 .Pq used with ESP authentication and AH
1037 .\"
1038 .It Ic compression_algorithm Ar algorithms ;
1039 .Ic deflate
1040 .Pq used with IPComp
1041 .El
1042 .El
1043 .\"
1044 .Ss Logging level
1045 .Bl -tag -width Ds -compact
1046 .It Ic log Ar level ;
1047 Defines the logging level.
1048 .Ar level
1049 is one of following:
1050 .Ic error , warning , notify , info , debug
1051 and
1052 .Ic debug2 .
1053 The default is
1054 .Ic info .
1055 If you set the logging level too high on slower machines,
1056 IKE negotiation can fail due to timing constraint changes.
1057 .El
1058 .\"
1059 .Ss Specifies the way to pad
1060 .Bl -tag -width Ds -compact
1061 .It Ic padding { Ar statements Ic }
1062 specifies the padding format.
1063 The following are valid statements:
1064 .Bl -tag -width Ds -compact
1065 .It Ic randomize (on | off) ;
1066 Enables the use of a randomized value for padding.
1067 The default is on.
1068 .It Ic randomize_length (on | off) ;
1069 The pad length will be random.
1070 The default is off.
1071 .It Ic maximum_length Ar number ;
1072 Defines a maximum padding length.
1073 If
1074 .Ic randomize_length
1075 is off, this is ignored.
1076 The default is 20 bytes.
1077 .It Ic exclusive_tail (on | off) ;
1078 Means to put the number of pad bytes minus one into the last part
1079 of the padding.
1080 The default is on.
1081 .It Ic strict_check (on | off) ;
1082 Means to constrain the peer to set the number of pad bytes.
1083 The default is off.
1084 .El
1085 .El
1086 .Ss ISAKMP mode configuration settings
1087 .Bl -tag -width Ds -compact
1088 .It Ic mode_cfg { Ar statements Ic }
1089 Defines the information to return for remote hosts' ISAKMP mode config
1090 requests.
1091 Also defines the authentication source for remote peers
1092 authenticating through Xauth.
1093 .Pp
1094 The following are valid statements:
1095 .Bl -tag -width Ds -compact
1096 .It Ic auth_source (system | radius | pam | ldap) ;
1097 Specifies the source for authentication of users through Xauth.
1098 .Ar system
1099 means to use the Unix user database.
1100 This is the default.
1101 .Ar radius
1102 means to use a RADIUS server.
1103 It works only if
1104 .Xr racoon 8
1105 was built with libradius support. Radius configuration is hanlded by
1106 .Xr radius.conf 5 .
1107 .Ar pam
1108 means to use PAM.
1109 It works only if
1110 .Xr racoon 8
1111 was built with libpam support.
1112 .Ar ldap
1113 means to use LDAP.
1114 It works only if
1115 .Xr racoon 8
1116 was built with libldap support. LDAP configuration is handled by
1117 statements in the
1118 .Ic ldapcfg
1119 section.
1120 .It Ic auth_groups Ar "group1", ... ;
1121 Specifies the group memberships for Xauth in quoted group name strings.
1122 When defined, the authenticating user must be a member of at least one
1123 group for Xauth to succeed.
1124 .It Ic group_source (system | ldap) ;
1125 Specifies the source for group validataion of users through Xauth.
1126 .Ar system
1127 means to use the Unix user database.
1128 This is the default.
1129 .Ar ldap
1130 means to use LDAP.
1131 It works only if
1132 .Xr racoon 8
1133 was built with libldap support and requires LDAP authentication.
1134 LDAP configuration is handled by statements in the
1135 .Ic ldapcfg
1136 section.
1137 .It Ic conf_source (local | radius | ldap) ;
1138 Specifies the source for IP addresses and netmask allocated through ISAKMP
1139 mode config.
1140 .Ar local
1141 means to use the local IP pool defined by the
1142 .Ic network4
1143 and
1144 .Ic pool_size
1145 statements.
1146 This is the default.
1147 .Ar radius
1148 means to use a RADIUS server.
1149 It works only if
1150 .Xr racoon 8
1151 was built with libradius support and requires RADIUS authentiation.
1152 RADIUS configuration is handled by
1153 .Xr radius.conf 5 .
1154 .Ar ldap
1155 means to use an LDAP server.
1156 It works only if
1157 .Xr racoon 8
1158 was built with libldap support and requires LDAP authentication.
1159 LDAP configuration is handled by
1160 statements in the
1161 .Ic ldapcfg
1162 section.
1163 .It Ic accounting (none | system | radius | pam) ;
1164 Enables or disables accounting for Xauth logins and logouts.
1165 The default is
1166 .Ar none
1167 which disable accounting.
1168 Specifying
1169 .Ar system
1170 enables system accounting through
1171 .Xr utmp 5 .
1172 Specifying
1173 .Ar radius
1174 enables RADIUS accounting.
1175 It works only if
1176 .Xr racoon 8
1177 was built with libradius support and requires RADIUS authentication.
1178 RADIUS configuration is handled by
1179 .Xr radius.conf 5 .
1180 Specifying
1181 .Ar pam
1182 enables PAM accounting.
1183 It works only if
1184 .Xr racoon 8
1185 was build with libpam support and requires PAM authentication.
1186 .It Ic pool_size Ar size
1187 Specify the size of the IP address pool, either local or allocated
1188 through RADIUS.
1189 .Ic conf_source
1190 selects the local pool or the RADIUS configuration, but in both
1191 configurations, you cannot have more than
1192 .Ar size
1193 users connected at the same time.
1194 The default is 255.
1195 .It Ic network4 Ar address ;
1196 .It Ic netmask4 Ar address ;
1197 The local IP pool base address and network mask from which dynamically
1198 allocated IPv4 addresses should be taken.
1199 This is used if
1200 .Ic conf_source
1201 is set to
1202 .Ar local
1203 or if the RADIUS server returned
1204 .Ar 255.255.255.254 .
1205 Default is
1206 .Ar 0.0.0.0/0.0.0.0 .
1207 .It Ic dns4 Ar addresses ;
1208 A list of IPv4 addresses for DNS servers, separated by commas, or on multiple
1209 .Ic dns4
1210 lines.
1211 .It Ic nbns4 Ar addresses ;
1212 A list of IPv4 address for WINS servers.
1213 .It Ic split_network (include | local_lan) Ar network/mask, ...
1214 The network configuration to send, in cidr notation (e.g. 192.168.1.0/24).
1215 If
1216 .Ic include
1217 is specified, the tunnel should be only used to encrypt the indicated
1218 destinations ; otherwise, if
1219 .Ic local_lan
1220 is used, everything will pass through the tunnel but those destinations.
1221 .It Ic default_domain Ar domain ;
1222 The default DNS domain to send.
1223 .It Ic split_dns Ar "domain", ...
1224 The split dns configuration to send, in quoted domain name strings.
1225 This list can be used to describe a list of domain names for which
1226 a peer should query a modecfg assigned dns server.
1227 DNS queries for all other domains would be handled locally.
1228 (Cisco VPN client only).
1229 .It Ic banner Ar path ;
1230 The path of a file displayed on the client at connection time.
1231 Default is
1232 .Ar /etc/motd .
1233 .It Ic auth_throttle Ar delay ;
1234 On each failed Xauth authentication attempt, refuse new attempts for a set
1235 .Ar delay
1236 of seconds.
1237 This is to avoid dictionary attacks on Xauth passwords.
1238 Default is one second.
1239 Set to zero to disable authentication delay.
1240 .It Ic pfs_group Ar group ;
1241 Sets the PFS group used in the client proposal (Cisco VPN client only).
1242 Default is 0.
1243 .It Ic save_passwd (on | off) ;
1244 Allow the client to save the Xauth password (Cisco VPN client only).
1245 Default is off.
1246 .El
1247 .El
1248 .Ss Ldap configuration settings
1249 .Bl -tag -width Ds -compact
1250 .It Ic ldapcfg { Ar statements Ic }
1251 Defines the parameters that will be used to communicate with an ldap
1252 server for
1253 .Ic xauth
1254 authentication.
1255 .Pp
1256 The following are valid statements:
1257 .Bl -tag -width Ds -compact
1258 .It Ic version (2 | 3) ;
1259 The ldap protocol version used to communicate with the server.
1260 The default is
1261 .Ic 3 .
1262 .It Ic host Ar (hostname | address) ;
1263 The host name or ip address of the ldap server.
1264 The default is
1265 .Ic localhost .
1266 .It Ic port Ar number;
1267 The port that the ldap server is configured to listen on.
1268 The default is
1269 .Ic 389 .
1270 .It Ic base Ar distinguished name;
1271 The ldap search base.
1272 This option has no default value.
1273 .It Ic subtree (on | off) ;
1274 Use the subtree ldap search scope.
1275 Otherwise, use the one level search scope.
1276 The default is
1277 .Ic off .
1278 .It Ic bind_dn Ar distinguised name;
1279 The user dn used to optionaly bind as before performing ldap search operations.
1280 If this option is not specified, anonymous binds are used.
1281 .It Ic bind_pw Ar string;
1282 The password used when binding as
1283 .Ic bind_dn .
1284 .It Ic attr_user Ar attribute name;
1285 The attribute used to specify a users name in an ldap directory.
1286 For example,
1287 if a user dn is "cn=jdoe,dc=my,dc=net" then the attribute would be "cn".
1288 The default value is
1289 .Ic cn .
1290 .It Ic attr_addr Ar attribute name;
1291 .It Ic attr_mask Ar attribute name;
1292 The attributes used to specify a users network address and subnet mask in an
1293 ldap directory.
1294 These values are forwarded during mode_cfg negotiation when
1295 the conf_source is set to ldap.
1296 The default values are
1297 .Ic racoon-address
1298 and
1299 .Ic racoon-netmask .
1300 .It Ic attr_group Ar attribute name;
1301 The attribute used to specify a group name in an ldap directory.
1302 For example,
1303 if a group dn is "cn=users,dc=my,dc=net" then the attribute would be "cn".
1304 The default value is
1305 .Ic cn .
1306 .It Ic attr_member Ar attribute name;
1307 The attribute used to specify group membership in an ldap directory.
1308 The default value is
1309 .Ic member .
1310 .El
1311 .El
1312 .Ss Special directives
1313 .Bl -tag -width Ds -compact
1314 .It Ic complex_bundle (on | off) ;
1315 defines the interpretation of proposal in the case of SA bundle.
1316 Normally
1317 .Dq IP AH ESP IP payload
1318 is proposed as
1319 .Dq AH tunnel and ESP tunnel .
1320 The interpretation is more common to other IKE implementations, however,
1321 it allows very limited set of combinations for proposals.
1322 With the option enabled, it will be proposed as
1323 .Dq AH transport and ESP tunnel .
1324 The default value is
1325 .Ic off .
1326 .El
1327 .\"
1328 .Ss Pre-shared key File
1329 The pre-shared key file defines pairs of identifiers and corresponding
1330 shared secret keys which are used in the pre-shared key authentication
1331 method in phase 1.
1332 The pair in each line is separated by some number of blanks and/or tab
1333 characters like in the
1334 .Xr hosts 5
1335 file.
1336 Key can include blanks because everything after the first blanks
1337 is interpreted as the secret key.
1338 Lines starting with
1339 .Ql #
1340 are ignored.
1341 Keys which start with
1342 .Ql 0x
1343 are interpreted as hexadecimal strings.
1344 Note that the file must be owned by the user ID running
1345 .Xr racoon 8
1346 .Pq usually the privileged user ,
1347 and must not be accessible by others.
1348 .\"
1349 .Sh EXAMPLES
1350 The following shows how the remote directive should be configured.
1351 .Bd -literal -offset
1352 path pre_shared_key "/usr/local/v6/etc/psk.txt" ;
1353 remote anonymous
1354 {
1355 exchange_mode aggressive,main,base;
1356 lifetime time 24 hour;
1357 proposal {
1358 encryption_algorithm 3des;
1359 hash_algorithm sha1;
1360 authentication_method pre_shared_key;
1361 dh_group 2;
1362 }
1363 }
1364
1365 sainfo anonymous
1366 {
1367 pfs_group 2;
1368 lifetime time 12 hour ;
1369 encryption_algorithm 3des, blowfish 448, twofish, rijndael ;
1370 authentication_algorithm hmac_sha1, hmac_md5 ;
1371 compression_algorithm deflate ;
1372 }
1373 .Ed
1374 .Pp
1375 If you are configuring plain RSA authentication, the remote directive
1376 should look like the following:
1377 .Bd -literal -offset
1378 path certificate "/usr/local/v6/etc" ;
1379 remote anonymous
1380 {
1381 exchange_mode main,base ;
1382 lifetime time 12 hour ;
1383 certificate_type plain_rsa "/usr/local/v6/etc/myrsakey.priv";
1384 peers_certfile plain_rsa "/usr/local/v6/etc/yourrsakey.pub";
1385 proposal {
1386 encryption_algorithm aes ;
1387 hash_algorithm sha1 ;
1388 authentication_method rsasig ;
1389 dh_group 2 ;
1390 }
1391 }
1392 .Ed
1393 .Pp
1394 The following is a sample for the pre-shared key file.
1395 .Bd -literal -offset
1396 10.160.94.3 mekmitasdigoat
1397 172.16.1.133 0x12345678
1398 194.100.55.1 whatcertificatereally
1399 3ffe:501:410:ffff:200:86ff:fe05:80fa mekmitasdigoat
1400 3ffe:501:410:ffff:210:4bff:fea2:8baa mekmitasdigoat
1401 foo@kame.net mekmitasdigoat
1402 foo.kame.net hoge
1403 .Ed
1404 .\"
1405 .Sh SEE ALSO
1406 .Xr racoon 8 ,
1407 .Xr racoonctl 8 ,
1408 .Xr setkey 8
1409 .\"
1410 .Sh HISTORY
1411 The
1412 .Nm
1413 configuration file first appeared in the
1414 .Dq YIPS
1415 Yokogawa IPsec implementation.
1416 .\"
1417 .Sh BUGS
1418 Some statements may not be handled by
1419 .Xr racoon 8
1420 yet.
1421 .Pp
1422 Diffie-Hellman computation can take a very long time, and may cause
1423 unwanted timeouts, specifically when a large D-H group is used.
1424 .\"
1425 .Sh SECURITY CONSIDERATIONS
1426 The use of IKE phase 1 aggressive mode is not recommended,
1427 as described in
1428 .Li http://www.kb.cert.org/vuls/id/886601 .