[apple/network_cmds.git] / racoon.tproj / racoon.8

.\"	$KAME: racoon.8,v 1.28 2001/10/19 05:04:32 sakane Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the project nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd November 20, 2000
.Dt RACOON 8
.Os KAME
.\"
.Sh NAME
.Nm racoon
.Nd IKE (ISAKMP/Oakley) key management daemon
.\"
.Sh SYNOPSIS
.Nm racoon
.Bk -words
.Op Fl BdFv46
.Ek
.Bk -words
.Op Fl f Ar configfile
.Ek
.Bk -words
.Op Fl l Ar logfile
.Ek
.Bk -words
.Op Fl p Ar isakmp-port
.Ek
.\"
.Sh DESCRIPTION
.Nm
speaks IKE
.Pq ISAKMP/Oakley
key management protocol,
to establish security association with other hosts.
SPD
.Pq Security Policy Database
in the kernel usually triggers to start
.Nm racoon .
.Nm racoon
usually sends all of informational messages, warnings and error messages to
.Xr syslogd 8
with the facility LOG_DAEMON, the priority LOG_INFO.
Debugging messages are sent with the priority LOG_DEBUG.
You should configure
.Xr syslog.conf 5
appropriately to see these messages.
.Bl -tag -width Ds
.It Fl B
Install SA(s) from the file which is specified in
.Xr racoon.conf 5 .
.It Fl d
Increase the debug level.
Multiple
.Fl d
will increase the debug level even more.
.It Fl F
Run
.Nm racoon
in the foreground.
.It Fl f Ar configfile
Use
.Ar configfile
as the configuration file instead of the default.
.It Fl l Ar logfile
Use
.Ar logfile
as the logging file instead of
.Xr syslogd 8 .
.It Fl p Ar isakmp-port
Listen to ISAKMP key exchange on port
.Ar isakmp-port
instead of the default port number, 500.
.It Fl v
The flag causes the packet dump be more verbose, with higher debugging level.
.It Fl 4
.It Fl 6
Specifies the default address family for the sockets.
.El
.Pp
.Nm
assumes the presence of kernel random number device
.Xr rnd 4
at
.Pa /dev/urandom .
Informational messages are labeled
.Em info ,
and debugging messages are labeled
.Em debug .
You have to configure
.Xr syslog.conf 5
if you want to see them in a logging file.
.\"
.Sh FILES
.Bl -tag -width /usr/local/v6/etc/racoon.conf -compact
.It Pa /usr/local/v6/etc/racoon.conf
default configuration file.
.El
.\"
.Sh RETURN VALUES
The command exits with 0 on success, and non-zero on errors.
.\"
.Sh SEE ALSO
.Xr ipsec 4 ,
.Xr racoon.conf 5 ,
.Xr setkey 8 ,
.Xr syslogd 8
.Xr syslog.conf 5
.\"
.Sh HISTORY
The
.Nm
command first appeared in
.Dq YIPS
Yokogawa IPsec implementation.
.\"
.\".Sh BUGS
Commit	Line	Data
7ba0088d A	1	.\" $KAME: racoon.8,v 1.28 2001/10/19 05:04:32 sakane Exp $
	2	.\"
	3	.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
	4	.\" All rights reserved.
	5	.\"
	6	.\" Redistribution and use in source and binary forms, with or without
	7	.\" modification, are permitted provided that the following conditions
	8	.\" are met:
	9	.\" 1. Redistributions of source code must retain the above copyright
	10	.\" notice, this list of conditions and the following disclaimer.
	11	.\" 2. Redistributions in binary form must reproduce the above copyright
	12	.\" notice, this list of conditions and the following disclaimer in the
	13	.\" documentation and/or other materials provided with the distribution.
	14	.\" 3. Neither the name of the project nor the names of its contributors
	15	.\" may be used to endorse or promote products derived from this software
	16	.\" without specific prior written permission.
	17	.\"
	18	.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
	19	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	20	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	21	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
	22	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	23	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	24	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	25	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	26	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	27	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	28	.\" SUCH DAMAGE.
	29	.\"
	30	.Dd November 20, 2000
	31	.Dt RACOON 8
	32	.Os KAME
	33	.\"
	34	.Sh NAME
	35	.Nm racoon
	36	.Nd IKE (ISAKMP/Oakley) key management daemon
	37	.\"
	38	.Sh SYNOPSIS
	39	.Nm racoon
	40	.Bk -words
	41	.Op Fl BdFv46
	42	.Ek
	43	.Bk -words
	44	.Op Fl f Ar configfile
	45	.Ek
	46	.Bk -words
	47	.Op Fl l Ar logfile
	48	.Ek
	49	.Bk -words
	50	.Op Fl p Ar isakmp-port
	51	.Ek
	52	.\"
	53	.Sh DESCRIPTION
	54	.Nm
	55	speaks IKE
	56	.Pq ISAKMP/Oakley
	57	key management protocol,
	58	to establish security association with other hosts.
	59	SPD
	60	.Pq Security Policy Database
	61	in the kernel usually triggers to start
	62	.Nm racoon .
	63	.Nm racoon
	64	usually sends all of informational messages, warnings and error messages to
65	.Xr syslogd 8
66	with the facility LOG_DAEMON, the priority LOG_INFO.
67	Debugging messages are sent with the priority LOG_DEBUG.
68	You should configure
69	.Xr syslog.conf 5
70	appropriately to see these messages.
71	.Bl -tag -width Ds
72	.It Fl B
73	Install SA(s) from the file which is specified in
74	.Xr racoon.conf 5 .
75	.It Fl d
76	Increase the debug level.
77	Multiple
78	.Fl d
79	will increase the debug level even more.
80	.It Fl F
81	Run
82	.Nm racoon
83	in the foreground.
84	.It Fl f Ar configfile
85	Use
86	.Ar configfile
87	as the configuration file instead of the default.
88	.It Fl l Ar logfile
89	Use
90	.Ar logfile
91	as the logging file instead of
92	.Xr syslogd 8 .
93	.It Fl p Ar isakmp-port
94	Listen to ISAKMP key exchange on port
95	.Ar isakmp-port
96	instead of the default port number, 500.
97	.It Fl v
98	The flag causes the packet dump be more verbose, with higher debugging level.
99	.It Fl 4
100	.It Fl 6
101	Specifies the default address family for the sockets.
102	.El
103	.Pp
104	.Nm
105	assumes the presence of kernel random number device
106	.Xr rnd 4
107	at
108	.Pa /dev/urandom .
109	Informational messages are labeled
110	.Em info ,
111	and debugging messages are labeled
112	.Em debug .
113	You have to configure
114	.Xr syslog.conf 5
115	if you want to see them in a logging file.
116	.\"
117	.Sh FILES
118	.Bl -tag -width /usr/local/v6/etc/racoon.conf -compact
119	.It Pa /usr/local/v6/etc/racoon.conf
120	default configuration file.
121	.El
122	.\"
123	.Sh RETURN VALUES
124	The command exits with 0 on success, and non-zero on errors.
125	.\"
126	.Sh SEE ALSO
127	.Xr ipsec 4 ,
128	.Xr racoon.conf 5 ,
129	.Xr setkey 8 ,
130	.Xr syslogd 8
131	.Xr syslog.conf 5
132	.\"
133	.Sh HISTORY
134	The
135	.Nm
136	command first appeared in
137	.Dq YIPS
138	Yokogawa IPsec implementation.
139	.\"
140	.\".Sh BUGS