racoon —
IKE (ISAKMP/Oakley) key management daemon
  
    | racoon | [ -46BdFLVv]
      [-fconfigfile]
      [-llogfile]
      [-Pisakmp-natt-port]
      [-pisakmp-port] | 
racoon speaks the IKE (ISAKMP/Oakley) key management
  protocol, to establish security associations with other hosts. The SPD
  (Security Policy Database) in the kernel usually triggers
  racoon. racoon usually sends
  all informational messages, warnings and error messages to
  syslogd(8) with the facility
  LOG_DAEMON and the priority
  LOG_INFO. Debugging messages are sent with the
  priority LOG_DEBUG. You should configure
  syslog.conf(5)
  appropriately to see these messages.
  - -4
-  
- -6
- Specify the default address family for the sockets.
- -B
- Install SA(s) from the file which is specified in
      racoon.conf(5).
- -d
- Increase the debug level. Multiple -darguments
      will increase the debug level even more.
- -F
- Run racoonin the foreground.
- -fconfigfile
- Use configfile as the configuration file instead of
      the default.
- -L
- Include file_name:line_number:function_name in all
      messages.
- -llogfile
- Use logfile as the logging file instead of
      syslogd(8).
- -Pisakmp-natt-port
- Use isakmp-natt-port for NAT-Traversal
      port-floating. The default is 4500.
- -pisakmp-port
- Listen to the ISAKMP key exchange on port
      isakmp-port instead of the default port number,
    500.
- -V
- Print racoon version and compilation options and exit.
- -v
- This flag causes the packet dump be more verbose, with higher debugging
      level.
racoon assumes the presence of the kernel
    random number device rnd(4) at
    /dev/urandom.
The command exits with 0 on success, and non-zero on errors.
  - /etc/racoon/racoon.conf
- default configuration file.
Theracoon command first appeared in the
  “YIPS” Yokogawa IPsec implementation.
The use of IKE phase 1 aggressive mode is not recommended, as described in
  http://www.kb.cert.org/vuls/id/886601.