go to
> racoon-tool(8)
> racoon(8)
> setkey(8)
Homepage > Man Pages > Category > File Formats
Homepage > Man Pages > Name > R

racoon-tool.conf

man page of racoon-tool.conf

racoon-tool.conf: configuration file for racoon-tool(8).

NAME

racoon-tool.conf - configuration file for racoon-tool(8).

DESCRIPTION

This manual page documents briefly the racoon-tool.conf(5), configuration file format. Please consult the racoon.conf(5) man-page first to better understand what is written about here.
SYNTAX
The racoon-tool.conf(5) file is laid out in sections. Comments are delimited on the left by '#', and can be on a line by themselves, or at the end of a line. The possible sections are global, connection, and peer. The possible templates are spdadd, spdinit, sadinit, sadadd, remote, sainfo, and racooninit. Sections start with section: and then continue with their properties (name terminated by ':' then value), and templates ALWAYS have to have each line started with template: Sections and templates can be named, with the name occurring in parenthesis between the last character of their type and the final colon.
SECTIONS
The possible sections are: global: Contains global parameters for the generated racoon.conf(5), and global settings used by racoon-tool(8). Available settings are: path_pre_shared_key, path_certificate, path_racoon_conf, racoon_command, racoon_pid_file, log, listen[[0-9a-z]], and complex_bundle. Apart from racoon-command and racoon_pid_file, the setting map across to the similar names in racoon.conf(5). The listen directive is a bit different from the man-page and takes multiple {ip-address} [[port]] statements by attaching an index '0-9','a-z' in square brackets immediately before the colon. connection(%default|%anonymous|[-_a-z0-9]+): Connection as described by the complementary SPD entries. Creates 'sainfo' sections in the generated racoon.conf(5), and associated SPD entries. Directives and values are basically one for one with the relevant entries in racoon.conf(5). The '%default' VPN connection fills in entries in other specified connections, unless they are otherwise defined within the specific connection. The '%anonymous' connection is there for a passive VPN server. peer(%default|%anonymous|[a-f0-9:.]+): Defines the phase 1 attributes associated with a peer. This creates 'remote' entries in the generated racoon.conf(5). Directives and values are basically one for one with the relevant entries in racoon.conf(5). Different proposals are signified by adding an index '0-9', or 'a-z' to the encryption_algorithm, hash_algorithm, dh_group, and authentication_method entries, within square brackets immediately before the colon. The '%default' VPN connection fills in entries in other specified connections, unless they are otherwise defined within the specific connection. The '%anonymous' connection is there for a passive VPN server.

TEMPLATES

Templates are described briefly here. You will have to look inside the racoon-tool(8) perl script to see exactly what you can do. spdinit: Portion that can be used to initialise the SPD. Uses setkey syntax. See setkey(8). sadinit: Portion that can be used to initialise the SAD. Uses setkey syntax. See setkey(8). spdadd(%default|[-_a-z0-9]+): Template for adding SPD entries. Different templates can be used. Keys for replacement are of the form '___setkey_name___', with names found in setkey(8). The built in template is named '%default'. sadadd(%default|[-_a-z0-9]+): Template for adding SAD entries. Different templates can be used. Keys for replacement are of the form '___setkey_name___', with names found in setkey(8). The built in template is named '%default'. remote(%default|[-_a-z0-9]+): Template for adding 'remote' entries to the generated racoon.conf(5). Different templates can be used. Keys for replacement are of the form '___setkey_name___', with names found in setkey(8). The built in template is named '%default'. sainfo(%default|[-_a-z0-9]+): Template for adding 'sainfo' entries to the generated racoon.conf(5). Different templates can be used. Keys for replacement are of the form '___setkey_name___', with names found in setkey(8). The built in template is named '%default'. racooninit: Template for adding your own section to the start of the generated racoon.conf(5).

EXAMPLES

Example of a simple configuration using PSK authentication. # # Configuration file for racoon-tool # # See racoon-tool.conf(5) for details # # # Simple PSK - authentication defaults to pre_shared_key # connection(bacckdoor-doormat): src_range: 192.168.223.1/32 dst_range: 192.168.200.0/24 src_ip: 172.31.1.1 dst_ip: 10.0.0.1 admin_status: enabled compression: no lifetime: time 20 min authentication_algorithm: hmac_sha1 encryption_algorithm: 3des peer(10.0.0.1): verify_cert: on passive: off verify_identifier: off lifetime: time 60 min hash_algorithm[0]: sha1 encryption_algorithm[0]: 3des Example of a complex configuration with multple networks betweenthe same endpoints, as well as use of '%default' for common settings. # # Configuration file for racoon-tool # global: log: notify # default settings to save typing peer(%default): certificate_type: x509 blurke-ipsec.crt blurke-ipsec.key my_identifier: fqdn blurke.bar.com lifetime: time 60 min verify_identifier: on verify_cert: on hash_algorithm[0]: sha1 encryption_algorithm[0]: 3des authentication_method[0]: rsasig connection(%default): authentication_algorithm: hmac_sha1 encryption_algorithm: 3des src_ip: 172.31.1.1 lifetime: time 20 min # Connection to work peer(10.0.0.1): peers_identifier: fqdn blue.sky.com connection(blurke-blue-sky-work): src_range: 192.168.203.1/32 dst_range: 172.16.0.0/24 dst_ip: 10.0.0.1 admin_status: enabled # Connection to telehoused servers connection(blurke-mail): src_range: 192.168.203.0/24 dst_range: 172.20.1.1 dst_ip: 10.100.0.1 encryption_algorithm: blowfish compression: on admin_status: yes peer(10.100.0.1): peers_identifier: fqdn mail.bar.com connection(blurke-web1): src_range: 192.168.203.0/24 dst_range: 172.20.1.23 dst_ip: 10.100.0.1 encryption_algorithm: blowfish admin_status: yes connection(blurke-web2): src_range: 192.168.203.0/24 dst_range: 172.20.1.24 dst_ip: 10.100.0.1 encryption_algorithm: blowfish admin_status: yes # Test connection to Free S/WAN connection(blurke-freeswan): src_range: 192.168.203.0/24 dst_range: 172.17.100.0/24 dst_ip: 172.30.1.1 admin_status: yes peer(172.30.1.1): peers_identifier: fqdn banshee

FILES

/etc/racoon/racoon-tool.conf The file that this man page describes. /var/lib/racoon/racoon.conf The generated racoon.conf.

SEE ALSO

racoon.conf(5), racoon-tool(8), racoon(8), setkey(8).
BUGS
This man page is by no means complete.
AUTHOR
This manual page was written by Matthew Grant <grantma@anathoth.gen.nz> for the Debian GNU/Linux system (but may be used by others). RACOON-TOOL.CONF(5)
 
 
 

Copyright © 2011–2018 by topics-of-interest.com . All rights reserved. Hosted by all-inkl.
Contact · Imprint · Privacy

Page generated in 20.42ms.

Website Promotion | elternfragen.net | Welcher Autoresponder ist der Richtige?