102 lines
3.7 KiB
Plaintext
102 lines
3.7 KiB
Plaintext
racoon FAQ
|
|
KAME team
|
|
$KAME: FAQ,v 1.9 2000/11/24 03:09:38 itojun Exp $
|
|
|
|
|
|
Q: With what other IKE/IPsec implementation racoon is known to be interoperable?
|
|
|
|
A:
|
|
See "IMPLEMENTATION" document supplied with KAME kit, or:
|
|
http://www.kame.net/dev/cvsweb.cgi/kame/IMPLEMENTATION
|
|
As we have tested/got test reports in the past, and our end and
|
|
the other end may have changed their implemenations, we are not sure
|
|
if we can interoperate with them today (we hope them to interoperate,
|
|
but we are not sure).
|
|
Also note that, IKE interoperability highly depends on configuration
|
|
on both ends. You must configure both ends exactly the same.
|
|
|
|
Q: How can I make racoon interoperate with <IKE/IPsec implementation>?
|
|
|
|
A:
|
|
Configure both ends exactly the same. With just a tiny little
|
|
differnce, you will be in trouble.
|
|
|
|
Q: How to build racoon on my platform?
|
|
|
|
A: (NetBSD 1.5/current, FreeBSD 4.1/current)
|
|
To build racoon on these platforms, there are couple of ways:
|
|
- on NetBSD/FreeBSD integrated platforms, use pkgsrc/ports.
|
|
It is the easiest and recommended way.
|
|
- If you need to use configure.in and Makefile.in distributed with
|
|
KAME kit, kame/kame/racoon, use the following operation:
|
|
% (cd ../../../netbsd/lib; make)
|
|
% env LIBS=-L../../../netbsd/lib/libpfkey CFLAGS=-I../../sys \
|
|
./configure --with-libpfkey
|
|
% make
|
|
If you do not do the above, you may see missing symbols with pfkey_xx
|
|
functions, and/or mismatch in ipsec.h. PKGSRC/PORTS IS DEFINITELY
|
|
THE RECOMMENDED WAY.
|
|
|
|
A: (KAME-patched platforms)
|
|
- on KAME-patched platforms, use <opsys>/usr.sbin/racoon, not
|
|
configure.in and Makefile.in.
|
|
- If you need to use configure.in and Makefile.in under
|
|
kame/kame/racoon, use the following options to configure.in:
|
|
% env LIBS=-L../../../bsdi4/lib/libpfkey ./configure \
|
|
--with-libpfkey
|
|
% make
|
|
|
|
Q: Describe me the options to "configure".
|
|
|
|
A:
|
|
--enable-debug:
|
|
Enable debugging options.
|
|
--enable-yydebug:
|
|
Enable yacc/lex tracing.
|
|
--enable-pedant:
|
|
Use strict compilation options (-Wall -Werror).
|
|
--with-adminport: (INSECURE)
|
|
Lets racoon to listen to racoon admin port, which is to
|
|
be contacted by kmpstat(8). This one still needs more work
|
|
(it lacks authentication, and is insecure), and is disabled
|
|
by default. If you need kmpstat(8) for your experiment,
|
|
you may turn this on, but make sure to use use it only in
|
|
testbed network environment (not the reallife network).
|
|
--with-efence: (for debug only)
|
|
Use ElectricFence library, which helps us debug dynamic
|
|
memory allocation mistakes.
|
|
--with-gc: (experimental)
|
|
Use Bohem-GC garbage collector.
|
|
Make sure you compile all the binaries, including libipsec/
|
|
whatever, with "GC_malloc" and "GC_free" instead of "malloc"
|
|
and "free" (cc -Dmalloc=GC_malloc -Dfree=GC_free").
|
|
|
|
Q: How can I get help?
|
|
|
|
A:
|
|
Always identify your operating system platforms, the versions you are
|
|
using (like "KAME SNAP, 2000/Sep/4"), and information to repeat the
|
|
problem. It is *mandatory* for you to submit the following at least:
|
|
- version identification
|
|
- trace from racoon, taken by "racoon -d 0xffffffff"
|
|
(maximum debug level)
|
|
- configuration file you are using
|
|
- probabaly, tcpdump trace
|
|
http://orange.kame.net/dev/send-pr.html has the guideline.
|
|
|
|
If you do not identify the version you are using, we will not help you.
|
|
|
|
If your question is not confidential, send your questions to:
|
|
- as KAME problem report from http://orange.kame.net/dev/send-pr.html
|
|
- snap-users@kame.net
|
|
users mailing list, subscription guildeline: seewww.kame.net.
|
|
- NOT TO INDIVIDUAL DEVELOPERS.
|
|
|
|
If your question is confidential, send your questions to:
|
|
- core@kame.net
|
|
|
|
Q: Other documents to look at?
|
|
http://www.netbsd.org/Documentation/network/ipsec/
|
|
http://www.kame.net/
|
|
http://www.kame.net/newsletter/
|