RACOON(8)                   System Manager's Manual                  RACOON(8)

NAME
     racoon – IKE (ISAKMP/Oakley) key management daemon

SYNOPSIS
     racoon [-46BdFLv] [-f configfile] [-l logfile]

DESCRIPTION
     racoon is used to setup and maintain an IPSec tunnel or transport
     channel, between two devices, over which network traffic is conveyed
     securely.  This security is made possible by cryptographic keys and
     operations on both devices.  racoon relies on a standardized network
     protocol (IKE) to automatically negotiate and manage the cryptographic
     keys (e.g. security associations) that are necessary for the IPSec tunnel
     or transport channel to function.  racoon speaks the IKE (ISAKMP/Oakley)
     key management protocol, to establish security associations with other
     hosts.  The SPD (Security Policy Database) in the kernel usually triggers
     racoon.  racoon usually sends all informational messages, warnings and
     error messages to syslogd(8) with the facility LOG_DAEMON and the
     priority LOG_INFO.  Debugging messages are sent with the priority
     LOG_DEBUG.  You should configure syslog.conf(5) appropriately to see
     these messages.

     -4

     -6      Specify the default address family for the sockets.

     -B      Install SA(s) from the file which is specified in racoon.conf(5).

     -d      Increase the debug level.  Multiple -d arguments will increase
             the debug level even more.

     -F      Run racoon in the foreground.

     -f configfile
             Use configfile as the configuration file instead of the default.

     -L      Include file_name:line_number:function_name in all messages.

     -l logfile
             Use logfile as the logging file instead of syslogd(8).

     -v      This flag causes the packet dump be more verbose, with higher
             debugging level.

     racoon assumes the presence of the kernel random number device rnd(4) at
     /dev/urandom.

RETURN VALUES
     The command exits with 0 on success, and non-zero on errors.

FILES
     /private/etc/racoon/racoon.conf       default configuration file.
     /private/etc/racoon/psk.txt           default pre-shared key file.

SEE ALSO
     ipsec(4), racoon.conf(5), syslog.conf(5), setkey(8), syslogd(8)

HISTORY
     The racoon command first appeared in the “YIPS” Yokogawa IPsec
     implementation.

SECURITY CONSIDERATIONS
     The use of IKE phase 1 aggressive mode is not recommended, as described
     in http://www.kb.cert.org/vuls/id/886601.

macOS 15.2                     November 20, 2000                    macOS 15.2