RACOON.CONF(5) | File Formats Manual | RACOON.CONF(5) |
racoon.conf
—
configuration file for racoon
racoon.conf
is the configuration file for
the racoon(8) ISAKMP daemon.
racoon(8) negotiates security
associations for itself (ISAKMP SA, or phase 1 SA) and for kernel IPsec
(IPsec SA, or phase 2 SA). The file consists of a sequence of directives and
statements. Each directive is composed by a tag and statements, enclosed by
‘{
’ and
‘}
’. Lines beginning with
‘#
’ are comments.
Keywords and special characters that the parser expects exactly
are displayed using this
font. Parameters are
specified with this font. Square brackets
(‘[
’ and
‘]
’) are used to show optional
keywords and parameters. Note that you have to pay attention when this
manual is describing port numbers. The
port number is always enclosed by
‘[
’ and
‘]
’. In this case, the port number is
not an optional keyword. If it is possible to omit the
port number, the expression becomes
[[port]]. The vertical bar
(‘|
’) is used to indicate a choice
between optional parameters. Parentheses
(‘(
’ and
‘)
’) are used to group keywords and
parameters when necessary. Major parameters are listed below.
0x
’."
’ (double quotes).[
’ and
‘]
’.sec
,
secs
, second
,
seconds
, min
,
mins
, minute
,
minutes
, hour
,
hours
.This section specifies various paths used by racoon. When running
in privilege separation mode, certificate
and
script
paths are mandatory. A
racoon(8) restart is required if you
want path changes to be taken into account.
path
include
path;path
pre_shared_key
file;path
pidfile
file;path
logfile
file;include
fileis obsolete. It must be defined at each
remote
directive.
timer
{
statements }
counter
number;interval
number timeunit;persend
number;phase1
number timeunit;phase2
number timeunit;natt_keepalive
number timeunit;listen
{
statements }
isakmp
address [[port]];isakmp_natt
address [port];isakmp
but also sets the socket
options to accept UDP-encapsulated ESP traffic for NAT-Traversal. If
you plan to use NAT-T, you should provide at least one address with
port 4500, which is specified by IANA. There is no default.strict_address
;remote
(address |
anonymous
)
[[port]] [inherit
parent] {
statements }
anonymous
is specified, the
statements will apply to any peer that does not match a more specific
remote
directive.
Sections with inherit
parent statements (where
parent is either address or
a keyword anonymous
) that have all values
predefined to those of a given parent. In these
sections it is enough to redefine only the changed parameters.
The following are valid statements.
exchange_mode
(main
|
aggressive
|
base
);doi
ipsec_doi
;situation
identity_only
;identifier
idtype;my_identifier
.my_identifier
[qualifier] idtype ...;address, fqdn
,
user_fqdn
, keyid
, and
asn1dn
can be used as an
idtype. The qualifier is
currently only used for keyid
, and can be
either file
or tag
.
The possible values are :
my_identifier
address
[address];my_identifier
user_fqdn
string;my_identifier
fqdn
string;my_identifier
keyid
[file
]
file;my_identifier
keyid
tag
string;my_identifier
asn1dn
[string];xauth_login
[string];string
as the key id.peers_identifier
idtype ...;verify_identifier
. The usage of
idtype is the same as
my_identifier
except that the individual
component values of an asn1dn
identifier may
specified as *
to match any value (e.g.
"C=XX, O=MyOrg, OU=*, CN=Mine"). Alternative acceptable peer
identifiers may be specified by repeating the
peers_identifier
statement.verify_identifier
(on
|
off)
;peers_identifier
is not the same as the peer's identifier in the ID payload, the
negotiation will fail. The default is off.certificate_type
certspec;x509
in_keychain
keychain_identifier;certificate_verification
verification_spec;sec_framework
use_peers_identifier;mode_cfg
(on
|
off)
;weak_phase1_check
(on
|
off)
;send_cert
(on
|
off)
;send_cr
(on
|
off)
;verify_cert
(on
|
off)
;my_identifier
statement) is compared with
the credentials in the certificate used to authenticate the remote
host as follows:
asn1dn:
address, fqdn, or user_fqdn:
lifetime
time
number
timeunit;ike_frag
(on
|
off
|
force)
;esp_frag
fraglen;Note that because PMTU discovery is broken on many sites, you will have to use MSS clamping if you want TCP to work correctly.
initial_contact
(on
|
off)
;on
. This message is useful only when the
responder implementation chooses an old SA when there are multiple SAs
with different established time and the initiator reboots. If racoon
did not send the message, the responder would use an old SA even when
a new SA was established. For systems that use a KAME derived IPSEC
stack, the sysctl(8) variable
net.key.preferred_oldsa can be used to control this preference. When
the value is zero, the stack always uses a new SA.passive
(on
|
off)
;off
. It is useful for a
server.proposal_check
level;strict
.
If the level is:
obey
strict
claim
strict
.exact
support_proxy
(on
|
off)
;generate_policy
(on
|
off
|
require
|
unique)
;passive
to on in order that
racoon(8) only becomes a
responder. If the responder does not have any policy in SPD during
phase 2 negotiation, and the directive is set to on, then
racoon(8) will choose the first
proposal in the SA payload from the initiator, and generate policy
entries from the proposal. It is useful to negotiate with clients
whose IP address is allocated dynamically. Note that an inappropriate
policy might be installed into the responder's SPD by the initiator,
so other communications might fail if such policies are installed due
to a policy mismatch between the initiator and the responder.
on
and require
values
mean the same thing (generate a require policy).
unique
tells racoon to set up unique policies,
with a monotoning increasing reqid number (between 1 and
IPSEC_MANUAL_REQID_MAX). This directive is ignored in the initiator
case. The default value is off
.nat_traversal
(on
|
off
|
force)
;dpd_delay
delay;0
, which disables DPD monitoring, but still
negotiates DPD support.dpd_retry
delay;dpd_delay
is set, this sets the delay (in
seconds) to wait for a proof of liveliness before considering it as
failed and send another request. The default value is
5
.dpd_maxfail
number;dpd_delay
is set, this sets the maximum
number of liveliness proofs to request (without reply) before
considering the peer is dead. The default value is
5
.nonce_size
number;ph1id
number;proposal
{
sub-substatements
}
encryption_algorithm
algorithm;des, 3des, aes
for Oakley. For other
transforms, this statement should not be used.hash_algorithm
algorithm;md5, sha1, sha256, sha384,
sha512
for Oakley.authentication_method
type;pre_shared_key,
hybrid_rsa_server
,
hybrid_rsa_client
,
xauth_rsa_server
,
xauth_rsa_client
,
xauth_psk_server
or
xauth_psk_client
,
eap_psk_client
,
eap_rsa_client
.dh_group
group;modp1024
,
modp1536
,
modp2048
,
modp3072
,
modp4096
, modp6144 or
modp8192
. Or you can define 2 , 5 , 14 , 15 , 16 , 17 or 18
as the DH group number. When you want to use aggressive mode, you
must define the same DH group in each proposal.lifetime
time
number
timeunit;lifetime
directive
defined in the remote
directive.The policy directive is obsolete, policies are now in the SPD.
racoon(8) will obey the policy
configured into the kernel by
setkey(8), and will construct phase 2
proposals by combining sainfo
specifications in
racoon.conf
, and policies in the kernel.
sainfo
(source_id destination_id |
source_id anonymous
|
anonymous
destination_id |
anonymous
)
[from
idtype
[string]] [group
string] {
statements }
address
address
[/
prefix]
[[port]] ul_proto
or
subnet
address
[/
prefix]
[[port]] ul_proto
or
idtype string
An id string should be expressed to match the exact value of an ID payload (source is the local end, destination is the remote end). This is not like a filter rule. For example, if you define 3ffe:501:4819::/48 as source_id. 3ffe:501:4819:1000:/64 will not match.
In the case of a longest prefix (selecting a single host), address instructs to send ID type of ADDRESS while subnet instructs to send ID type of SUBNET. Otherwise, these instructions are identical.
The group keyword allows an XAuth group membership check to be
performed for this sainfo section. When the mode_cfg auth source is set
to system
or ldap
, the
XAuth user is verified to be a member of the specified group before
allowing a matching SA to be negotiated.
pfs_group
group;modp1024
,
modp1536
, modp2048
,
modp3072
, modp4096
,
modp6144 or modp8192
. Or you can define 2 , 5
, 14 , 15 , 16 , 17 or 18 as the DH group number.lifetime
time
number
timeunit;proposal_check
directive.remoteid
number;my_identifier
idtype ...;racoon(8) does not have a
list of security protocols to be negotiated. The list of security
protocols are passed by SPD in the kernel. Therefore you have to define
all of the potential algorithms in the phase 2 proposals even if there
are algorithms which will not be used. These algorithms are define by
using the following three directives, with a single comma as the
separator. For algorithms that can take variable-length keys, algorithm
names can be followed by a key length, like
“blowfish 448
”.
racoon(8) will compute the actual
phase 2 proposals by computing the permutation of the specified
algorithms, and then combining them with the security protocol specified
by the SPD. For example, if des
,
3des
, hmac_md5
, and
hmac_sha1
are specified as algorithms, we have
four combinations for use with ESP, and two for AH. Then, based on the
SPD settings, racoon(8) will
construct the actual proposals. If the SPD entry asks for ESP only,
there will be 4 proposals. If it asks for both AH and ESP, there will be
8 proposals. Note that the kernel may not support the algorithm you have
specified.
encryption_algorithm
algorithms;des
,
3des
, des_iv64
,
des_iv32
, null_enc
,rijndael
, aes
(used with ESP)authentication_algorithm
algorithms;des
,
3des
, des_iv64
,
des_iv32
, hmac_md5
,
hmac_sha1
, hmac_sha256,
hmac_sha384, hmac_sha512, non_auth
(used with ESP
authentication and AH)compression_algorithm
algorithms;deflate
(used with IPComp)log
level;error
, warning
,
notify
, info
,
debug
and debug2
. The
default is info
. If you set the logging level too
high on slower machines, IKE negotiation can fail due to timing constraint
changes.padding
{
statements }
randomize
(on
|
off)
;randomize_length
(on
|
off)
;maximum_length
number;randomize_length
is off, this is ignored. The
default is 20 bytes.exclusive_tail
(on
|
off)
;strict_check
(on
|
off)
;complex_bundle
(on
|
off)
;off
.The pre-shared key file defines pairs of identifiers and
corresponding shared secret keys which are used in the pre-shared key
authentication method in phase 1. The pair in each line is separated by some
number of blanks and/or tab characters like in the
hosts(5) file. Key can include blanks
because everything after the first blanks is interpreted as the secret key.
Lines starting with ‘#
’ are ignored.
Keys which start with ‘0x
’ are
interpreted as hexadecimal strings. Note that the file must be owned by the
user ID running racoon(8) (usually the
privileged user), and must not be accessible by others.
The following shows how the remote directive should be configured.
path pre_shared_key "/usr/local/v6/etc/psk.txt" ; remote anonymous { exchange_mode aggressive,main,base; lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des, aes ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; }
The following is a sample for the pre-shared key file.
10.160.94.3 mekmitasdigoat 172.16.1.133 0x12345678 194.100.55.1 whatcertificatereally 3ffe:501:410:ffff:200:86ff:fe05:80fa mekmitasdigoat 3ffe:501:410:ffff:210:4bff:fea2:8baa mekmitasdigoat foo@kame.net mekmitasdigoat foo.kame.net hoge
The racoon.conf
configuration file first
appeared in the “YIPS” Yokogawa IPsec implementation.
Some statements may not be handled by racoon(8) yet.
Diffie-Hellman computation can take a very long time, and may cause unwanted timeouts, specifically when a large D-H group is used.
The use of IKE phase 1 aggressive mode is not recommended, as
described in
http://www.kb.cert.org/vuls/id/886601
.
September 19, 2006 | macOS 15.0 |