User Tools

Site Tools


doc:uci:racoon

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:uci:racoon [2012/12/21 16:12]
miceliux
doc:uci:racoon [2014/12/13 13:08] (current)
rpjday [Racoon IPsec Configuration] Fix typo.
Line 1: Line 1:
 ====== Racoon IPsec Configuration ====== ====== Racoon IPsec Configuration ======
  
-Linux racoon IPsec daemon can be configured through /​etc/​config/​racoon. This document is in an adanced ​beta state. ​+Linux racoon IPsec daemon can be configured through /​etc/​config/​racoon. This document is in an advanced ​beta state. ​
  
 ===== Sections ===== ===== Sections =====
Line 11: Line 11:
 |debug|boolean|no|0|Activate racoon debugging if set to 1| |debug|boolean|no|0|Activate racoon debugging if set to 1|
 |listen|list|no|(not set)|List which interfaces racoon should listen on. Uses all interfaces if not set.| |listen|list|no|(not set)|List which interfaces racoon should listen on. Uses all interfaces if not set.|
-|zone|string|no|vpn|Firewall zone. Has to match the defined [[doc:​howto:​vpn.ipsec.firewall#​zones|firewall zone]]| +|zone|string|no|vpn|Firewall zone. Has to match the defined [[doc:​howto:​vpn.ipsec.firewall.racoon#​zones|firewall zone]]| 
-|dns|string|no|(none)|IP address of DNS server published to [[[[doc:​howto:​vpn.ipsec.roadwarrior#​naming.services|road warrior]] clients| +|dns|string|no|(none)|IP address of DNS server published to [[[[doc:​howto:​vpn.ipsec.roadwarrior.racoon#​naming.services|road warrior]] clients| 
-|domain|string|no|(none)|Domain name assigned to virtual network interface of [[[[doc:​howto:​vpn.ipsec.roadwarrior#​naming.services|road warrior]] clients|+|domain|string|no|(none)|Domain name assigned to virtual network interface of [[[[doc:​howto:​vpn.ipsec.roadwarrior.racoon#​naming.services|road warrior]] clients|
  
  
Line 22: Line 22:
 ^Name^Type^Required^Default^Description^ ^Name^Type^Required^Default^Description^
 |enabled|boolean|yes|(none)|Configuration is enabled or not| |enabled|boolean|yes|(none)|Configuration is enabled or not|
-|remote|ipaddr|yes|(none)|IP address or FQDN name of the tunnel remote endpoint. Use **anonymous** for [[doc:​howto:​vpn.ipsec.roadwarrior|road warrior]] setup|+|remote|ipaddr|yes|(none)|IP address or FQDN name of the tunnel remote endpoint. Use **anonymous** for [[doc:​howto:​vpn.ipsec.roadwarrior.racoon|road warrior]] setup|
 |remote_device|string|no|(none)|setting used for optimise racoon.conf generation when remote peer is Cisco ASA| |remote_device|string|no|(none)|setting used for optimise racoon.conf generation when remote peer is Cisco ASA|
 |exchange_mode|string|yes|(none)|Phase 1 negotiation (main, aggressive)| |exchange_mode|string|yes|(none)|Phase 1 negotiation (main, aggressive)|
Line 39: Line 39:
 ^Name^Type^Required^Default^Description^ ^Name^Type^Required^Default^Description^
 |lifetime|integer|no|28800|Lifetime of phase 1 in seconds| |lifetime|integer|no|28800|Lifetime of phase 1 in seconds|
-|encrpytion_algorithm|string|yes|(none)|Phase 1 encryption method (aes 128, aes 192, aes 256, 3des)|+|encryption_algorithm|string|yes|(none)|Phase 1 encryption method (aes 128, aes 192, aes 256, 3des)|
 |hash_alogrithm|string|yes|(none)|Phase 1 hash alogrithm (md5,sha1) | |hash_alogrithm|string|yes|(none)|Phase 1 hash alogrithm (md5,sha1) |
-|authentication_method|string|yes|(none)|Allowed values [[doc:​howto:​vpn.ipsec.site2site|pre_shared_key]],​ [[doc:​howto:​vpn.ipsec.certificates|rsasig]],​ [[doc:​howto:​vpn.ipsec.roadwarrior|xauth_psk_server]] or [[doc:​howto:​vpn.ipsec.roadwarriorcertificates|xauth_rsa_server]] |+|authentication_method|string|yes|(none)|Allowed values [[doc:​howto:​vpn.ipsec.site2site.racoon|pre_shared_key]],​ [[doc:​howto:​vpn.ipsec.certificates.racoon|rsasig]], [[doc:​howto:​vpn.ipsec.roadwarrior.racoon|xauth_psk_server]] or [[doc:​howto:​vpn.ipsec.roadwarriorcertificates.racoon|xauth_rsa_server]] |
 |dh_group|string|yes|(none)|Diffie-Hellman exponentiation (either number 2,5,... or name modp768,​...| |dh_group|string|yes|(none)|Diffie-Hellman exponentiation (either number 2,5,... or name modp768,​...|
  
Line 51: Line 51:
 |local_subnet|subnet|yes|(none)|Local network| |local_subnet|subnet|yes|(none)|Local network|
 |remote_subnet|subnet|yes|(none)|Remote network| |remote_subnet|subnet|yes|(none)|Remote network|
-|local_nat|subnet|no|(none)|NAT range for tunnels with [[doc:​howto:​vpn.ipsec.overlappingsubnets|overlapping IP addresses]]|+|local_nat|subnet|no|(none)|NAT range for tunnels with [[doc:​howto:​vpn.ipsec.overlappingsubnets.racoon|overlapping IP addresses]]|
 |p2_proposal|string|yes|(none)|link to phase 2 proposal| |p2_proposal|string|yes|(none)|link to phase 2 proposal|
  
Line 74: Line 74:
 ===== Examples ===== ===== Examples =====
  
-Example 1 taken from the [[doc:​howto:​vpn.ipsec.site2site|IPSec site to site howto]].+Example 1 taken from the [[doc:​howto:​vpn.ipsec.site2site.racoon|IPSec site to site howto]].
  
 <​code>​ <​code>​
Line 115: Line 115:
  
  
-Example 2 taken from the [[doc:​howto:​vpn.ipsec.certificates|IPSec with certificates howto]].+Example 2 taken from the [[doc:​howto:​vpn.ipsec.certificates.racoon|IPSec with certificates howto]].
  
 <​code>​ <​code>​
doc/uci/racoon.1356102729.txt.bz2 · Last modified: 2012/12/21 16:12 (external edit)