FreshPorts -- security/ipsec-tools: KAME racoon IKE daemon

In this section we shall describe how the racoon daemon may be used to provide Internet Key Exchange (IKE) services including negotiating security associations for itself (ISAKMP SA, or phase 1 SA) and for kernel IPsec (IPsec SA, or phase 2 SA). IKE/ISAKMP basics racoon2-iked(8) - Linux man page Description ikedis a key management daemon, which supports the Internet Key Exchange (IKE) protocol version 1 (RFC2409) and version 2 (RFC4306). upcalls from the kernel via the PF_KEYv2 interface or by negotiation requests from remote peers, and manages IPsec SAs according to racoon2.conf. The following options are available: Configuring IPsec with racoon: IKE - Litux

DESCRIPTION racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with other hosts.

racoon: IKE (ISAKMP/Oakley) key management daemon - Linux DESCRIPTION racoon speaks the IKE (ISAKMP/Oakley) key management protocol, to establish security associations with other hosts. racoon - Unix, Linux Command - Tutorialspoint

Ubuntu Manpage: racoon.conf — configuration file for racoon

IPsec with IKE, with pre-shared secret In NetBSD case, this uses racoon(8). We authenticate peer with pre-shared secret. racoon(8) will negotiate IPsec keys dynamically and installs it into the kernel. IPsec secret key changes over time. IPsec with IKE, with certificates In NetBSD case, this uses racoon(8). We authenticate peer with certificate files. Use of IPSEC in Linux when configuring network-to-network May 15, 2012 [PROJECT ABANDONED] IPsec Tools / [Ipsec-tools-devel] Re For example, it looks like the rmconf->ike_frag variable is set to 1 only if the "ike_frag = on" is present in the racoon.conf file. But this variable is only checked before sending a fragment vendor id when acting as an initiator. So the "ike_frag = on" in the racoon.conf file really determines whether or not fragmentation will be negotiated. 2.7.5. IPsec Installation