summaryrefslogtreecommitdiffstats
path: root/ipsec-tools/src/racoon/doc/FAQ
diff options
context:
space:
mode:
Diffstat (limited to 'ipsec-tools/src/racoon/doc/FAQ')
-rw-r--r--ipsec-tools/src/racoon/doc/FAQ114
1 files changed, 114 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/doc/FAQ b/ipsec-tools/src/racoon/doc/FAQ
new file mode 100644
index 00000000..cf9c3947
--- /dev/null
+++ b/ipsec-tools/src/racoon/doc/FAQ
@@ -0,0 +1,114 @@
+This document is derived from the KAME racoon FAQ. Some answers do not
+apply to ipsec-tools (they are obsolete or not up to date). They are
+tagged [KAME]
+
+Q: With what other IKE/IPsec implementation racoon is known to be interoperable?
+
+A: [KAME]
+ See "IMPLEMENTATION" document supplied with KAME kit, or:
+ http://www.kame.net/dev/cvsweb.cgi/kame/IMPLEMENTATION
+ As we have tested/got test reports in the past, and our end and
+ the other end may have changed their implemenations, we are not sure
+ if we can interoperate with them today (we hope them to interoperate,
+ but we are not sure).
+ Also note that, IKE interoperability highly depends on configuration
+ on both ends. You must configure both ends exactly the same.
+
+Q: How can I make racoon interoperate with <IKE/IPsec implementation>?
+
+A:
+ Configure both ends exactly the same. With just a tiny little
+ difference, you will be in trouble.
+
+Q: How to build racoon on my platform?
+
+A:
+ As usual: configure && make && make install
+ ipsec-tools is also available as a package in the NetBSD pkgsrc
+
+Q: Describe me the options to "configure".
+
+A:
+ --enable-adminport:
+ Lets racoon to listen to racoon admin port, which is to
+ be contacted by racoonctl(8).
+ --enable-natt:
+ Enable NAT-Traversal. This needs kernel support, which is
+ available on Linux. On NetBSD, NAT-Traversal kernel support
+ has not been integrated yet, you can get it from here:
+ http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff
+ If you live in a country where software patents are legal,
+ using NAT-Traversal might infringe a patent.
+ --enable-broken-natt:
+ When ipsec-tools is built with --enable-natt, racoon
+ sets IKE ports in SAD and SPD so that the kernel is
+ able to ditinguish peers hidden behind the same NAT.
+ Some kernel will not cope with that ports. Use that
+ option to force the ports to 0 in SAD ans SPD. Of
+ course this means that you cannot have multiple peers
+ behind the same NAT.
+ --enable-frag:
+ Enable IKE fragmentation, which is a workaround for
+ broken routers that drop fragmented packets
+ --enable-hybrid:
+ Enable hybrid authentication, and ISAKMP mode config and
+ Xauth as well. Note that plain Xauth (without hybrid auth)
+ is not implemented.
+ --with-libradius:
+ Enable the use of RADIUS with hybrid authentication on the
+ server side. RADIUS is used for authentication, configuration
+ and accounting.
+ --with-libpam:
+ Enable the use of PAM with hybrid authentication on the
+ server side. PAM can be used for authentication and accounting.
+ --enable-gssapi:
+ Enable GSS-API, for Kerberos V support.
+ --enable-stats:
+ Enable statistics logging function.
+ --enable-samode-unspec:
+ Enable to use unspecified a mode of SA.
+ --enable-ipv6:
+ Enable IPv6 support.
+ --with-kernel-headers:
+ Supply the location of Linux kernel headers.
+ --with-readline:
+ Support readline input (yes by default).
+ --with-openssl:
+ Specify OpenSSL directory.
+ --sysconfdir:
+ Where racoon config file goes. Default is /etc, which means
+ that racoon will look for /etc/racoon.conf
+ --localstatedir:
+ Where is the directory where racoon stores the control socket
+ (when using --enable-adminport). Default is /var, which
+ means racoon will use /var/racoon/racoon.sock
+ --prefix:
+ Where racoon gets installed.
+
+Q: How can I get help?
+
+A:
+ Always identify your operating system platforms, the versions you are
+ using (like "ipsec-tools-0.5"), and information to repeat the
+ problem. The more revelant information you supply, the better your
+ chances of getting help are. Useful informations include, depending
+ of the problem:
+ - version identification
+ - trace from racoon, taken by "racoon -d 0xffffffff"
+ (maximum debug level)
+ - configuration file you are using
+ - probabaly, tcpdump trace
+ http://orange.kame.net/dev/send-pr.html has the guideline.
+
+ If your question is not confidential, send your questions to:
+ <ipsec-tools-devel@lists.sourceforge.net>
+
+ If your question is confidential, send your questions to:
+ <ipsec-tools-core@lists.sourceforge.net>
+
+Q: Other documents to look at?
+
+A:
+ http://www.NetBSD.org/docs/network/ipsec/
+ http://www.kame.net/
+ http://www.kame.net/newsletter/
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 00:14:34 +0000