Listen Section

A Listen Section is used to configure the network interfaces and protocols that racoon will use to communicate.



Configuration Example



In our configuration example, we define the listen section as shown below:


#

# Listen Section

#


listen

{

    isakmp 10.1.1.1 [500];

    isakmp_natt 10.1.1.1 [4500];

}

Listen section from our example racoon.conf configuration file.


Socket Bindings


An isakmp statement informs racoon that it should listen for IKE packets using a socket bound to the specified address and port. An isakmp_natt statement informs racoon that it should listen for IKE NAT Traversal packets using a socket bound to the specified address and port. You must define an isakmp_natt statement to support clients that use the NAT Traversal feature.


see also:


VPN Client Configuration : Hostname or IP Address



Reference



If no listen directive is specified, racoon will listen on all available interface addresses.


The following are valid statements:


isakmp address [port];

If this is defined, racoon will only listen to the specified address. The default port is 500, which is specified by IANA. You can provide more than one address definition.

isakmp_natt address [port];

Same as isakmp but also sets the socket options to accept UDP-encapsulated ESP traffic for NAT-Traversal. If you plan to use NAT-T, you should provide at least one address with port 4500, which is specified by IANA. There is no default.

strict_address;

Requires that all addresses for ISAKMP be bound. This statement will be ignored if you do not specify any address.

adminsock path [owner group mode];

Path, owner, and group are the socket path, owner, and group; they must be quoted. Defaults are /var/racoon/racoon.sock, UID 0, and GID 0. mode is the access mode in octal, default is 0600.

adminsock disabled;

This directive tells racoon to not listen on the admin socket.


Copyright 2010, Shrew Soft Inc