1racoon FAQ
2KAME team
3$KAME: FAQ,v 1.9 2000/11/24 03:09:38 itojun Exp $
4
5
6Q: With what other IKE/IPsec implementation racoon is known to be interoperable?
7
8A:
9	See "IMPLEMENTATION" document supplied with KAME kit, or:
10	http://www.kame.net/dev/cvsweb.cgi/kame/IMPLEMENTATION
11	As we have tested/got test reports in the past, and our end and
12	the other end may have changed their implemenations, we are not sure
13	if we can interoperate with them today (we hope them to interoperate,
14	but we are not sure).
15	Also note that, IKE interoperability highly depends on configuration
16	on both ends.  You must configure both ends exactly the same.
17
18Q: How can I make racoon interoperate with <IKE/IPsec implementation>?
19
20A:
21	Configure both ends exactly the same.  With just a tiny little
22	differnce, you will be in trouble.
23
24Q: How to build racoon on my platform?
25
26A: (NetBSD 1.5/current, FreeBSD 4.1/current)
27	To build racoon on these platforms, there are couple of ways:
28	- on NetBSD/FreeBSD integrated platforms, use pkgsrc/ports.
29	  It is the easiest and recommended way.
30	- If you need to use configure.in and Makefile.in distributed with
31	  KAME kit, kame/kame/racoon, use the following operation:
32		% (cd ../../../netbsd/lib; make)
33		% env LIBS=-L../../../netbsd/lib/libpfkey CFLAGS=-I../../sys \
34		    ./configure --with-libpfkey
35		% make
36	  If you do not do the above, you may see missing symbols with pfkey_xx
37	  functions, and/or mismatch in ipsec.h.  PKGSRC/PORTS IS DEFINITELY
38	  THE RECOMMENDED WAY.
39
40A: (KAME-patched platforms)
41	- on KAME-patched platforms, use <opsys>/usr.sbin/racoon, not
42	  configure.in and Makefile.in.
43	- If you need to use configure.in and Makefile.in under
44	  kame/kame/racoon, use the following options to configure.in:
45		% env LIBS=-L../../../bsdi4/lib/libpfkey ./configure \
46		    --with-libpfkey
47		% make
48
49Q: Describe me the options to "configure".
50
51A:
52	--enable-debug:
53		Enable debugging options.
54	--enable-yydebug:
55		Enable yacc/lex tracing.
56	--enable-pedant:
57		Use strict compilation options (-Wall -Werror).
58	--with-adminport: (INSECURE)
59		Lets racoon to listen to racoon admin port, which is to
60		be contacted by kmpstat(8).  This one still needs more work
61		(it lacks authentication, and is insecure), and is disabled
62		by default.  If you need kmpstat(8) for your experiment,
63		you may turn this on, but make sure to use use it only in
64		testbed network environment (not the reallife network).
65	--with-efence: (for debug only)
66		Use ElectricFence library, which helps us debug dynamic
67		memory allocation mistakes.
68	--with-gc: (experimental)
69		Use Bohem-GC garbage collector.
70		Make sure you compile all the binaries, including libipsec/
71		whatever, with "GC_malloc" and "GC_free" instead of "malloc"
72		and "free" (cc -Dmalloc=GC_malloc -Dfree=GC_free").
73
74Q: How can I get help?
75
76A:
77	Always identify your operating system platforms, the versions you are
78	using (like "KAME SNAP, 2000/Sep/4"), and information to repeat the
79	problem.  It is *mandatory* for you to submit the following at least:
80	- version identification
81	- trace from racoon, taken by "racoon -d 0xffffffff"
82		(maximum debug level)
83	- configuration file you are using
84	- probabaly, tcpdump trace
85	http://orange.kame.net/dev/send-pr.html has the guideline.
86
87	If you do not identify the version you are using, we will not help you.
88
89	If your question is not confidential, send your questions to:
90	- as KAME problem report from http://orange.kame.net/dev/send-pr.html
91	- snap-users@kame.net
92		users mailing list, subscription guildeline: seewww.kame.net.
93	- NOT TO INDIVIDUAL DEVELOPERS.
94
95	If your question is confidential, send your questions to:
96	- core@kame.net
97
98Q: Other documents to look at?
99	http://www.netbsd.org/Documentation/network/ipsec/
100	http://www.kame.net/
101	http://www.kame.net/newsletter/
102