Bug ID 685442: racoon daemon for IPsec IKEv1 listens on

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:

Opened: Sep 26, 2017

Severity: 2-Critical


The racoon daemon binds to all addresses on the Linux host.


- IPsec tunnels may be established on unexpected IP addresses on the BIG-IP system. - Port scans or security audits may show the IPsec service on unexpected IP addresses.


When the IKEv1 racoon daemon processes the config file written by tmipsecd.


No workaround.

Fix Information

The auto-generated racoon daemon config file no longer listens to 'any' addresses.

Behavior Change

In previous releases, the racoon daemon would bind to all addresses on the Linux host. In this version, The IKEv1 racoon daemon no longer listens on

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips