Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


racoon-ipsec-osx (1) Versions 0.1.1

Manages racoon configuration for OS X

cookbook 'racoon-ipsec-osx', '~> 0.1.1', :supermarket
cookbook 'racoon-ipsec-osx', '~> 0.1.1'
knife supermarket install racoon-ipsec-osx
knife supermarket download racoon-ipsec-osx
Quality 43%

racoon-ipsec-osx Cookbook

Manages racoon, the IKE key management daemon used for IPSec on Mac OS
X (and other platforms).

Specifically, this cookbook manages the racoon configuration and
service to override timeout values that OS X autogenerates. Reference
this Apple discussion thread
for more information/background.

Note that the forum post "accepted answer" includes options that are
not managed here, as it was not required to use those options for
functionality on my system.

This cookbook does not manage IPSec VPN configuration. Use the fancy
OS X gui for that.


Platform: Mac OS X

Tested on Mac OS X 10.8.3. May work on other versions with or without


  • node['racoon']['proposal_lifetime'] - Lifetime proposed for phase 1 negotiations. Default is 186 hours to workaround OS X generated configuration. See racoon.conf(5) for more information. Used in the racoon_ipsec_osx resource.


This cookbook provides the racoon_ipsec_osx resource. This is an OS
X specific configuration based on the default generated by OS X for
IPSec VPNs. It is responsible for rendering a configuration file for a
given VPN connection and restarting the racoon service.

Note: This is very much tied to the way that OS X generates the
racoon configurations for IPSec connections.


  • :create - Creates the configuration
  • :delete - Deletes the configuration


  • ipaddress - Name attribute. The IP address of the remote VPN server to configure.
  • source - Source filename. Default: racoon-remote.conf.erb.
  • cookbook - Cookbook where the source template is. Default: nil (uses the racoon-remote.conf.erb from this cookbook).
  • my_identifier - Specifies the identifier sent to the remote host. Typically the name of the IPSec shared group. Uses the keyid_use type. Required.
  • shared_secret - Specifies the ID from the OS X keychain for the shared secret. See below. Required.
  • xauth_login - Specifies the login to use in client-side hybrid authentication. Required.
  • encryption_algorithms - The encryption algorithms to use for each proposal. The default value is a hash that comes from the defaults generated by OS X, which should be sufficient for most use cases.

This doesn't manage the actual IPSec configuration. That should be
done through the OS X Network UI. Once complete, the shared_secret
will be in the OS X Keychain.


racoon_ipsec_osx "" do
  my_identifier "hqipsec"
  shared_secret "11223344-5566-7788-99AA-BBCCDDEEFF11.SS"
  xauth_login "vpnuser"



This recipe ensures that the /etc/racoon/racoon.conf config file is
managed with the appropriate content and that the racoon service is


This recipe uses a data bag driven configuration, so potentially
sensitive data about the IPSec connection can be separated from the
attributes and recipes in this cookbook. See Usage/Data Bag
for details.


Include recipe[racoon-ipsec-osx] on a node to manage the basics, and
then use the resource racoon_ipsec_osx in a site-specific cookbook
with the appropriate values for any IPSec configuration needed for

To use the data bag driven configuration, include
recipe[racoon-ipsec-osx::data-bag-config] recipe on a node, and
create the data bag per the instructions below.

Data Bag

Create a data bag named racoon_ipsec with an item named default.
It should have content like this:

  "id": "default",
  "ipaddress": "",
  "my_identifier": "hqipsec",
  "shared_secret": "11223344-5566-7788-99AA-BBCCDDEEFF11.SS",
  "xauth_login": "vpnuser"

Change the values as appropriate. Get the shared_secret from the
IPSec shared secret entry in the OS X keychain.


  1. Fork the repository on Github
  2. Create a named feature branch (like add_component_x)
  3. Write your change
  4. Write tests for your change
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request using Github

License and Authors

  • Author:: Joshua Timberman
  • Copyright:: Copyright (c) 2013, Opscode, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric

0.1.1 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric

0.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Foodcritic Metric

0.1.1 failed this metric

FC060: LWRP provider declares use_inline_resources and declares #action_ methods: racoon-ipsec-osx/providers/default.rb:22
FC060: LWRP provider declares use_inline_resources and declares #action_ methods: racoon-ipsec-osx/providers/default.rb:38
FC060: LWRP provider declares use_inline_resources and declares #action_ methods: racoon-ipsec-osx/providers/default.rb:46
FC060: LWRP provider declares use_inline_resources and declares #action_ methods: racoon-ipsec-osx/providers/default.rb:50
FC064: Ensure issues_url is set in metadata: racoon-ipsec-osx/metadata.rb:1
FC065: Ensure source_url is set in metadata: racoon-ipsec-osx/metadata.rb:1
FC066: Ensure chef_version is set in metadata: racoon-ipsec-osx/metadata.rb:1
FC069: Ensure standardized license defined in metadata: racoon-ipsec-osx/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric

0.1.1 passed this metric

Supported Platforms Metric

0.1.1 passed this metric

Testing File Metric

0.1.1 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Version Tag Metric

0.1.1 passed this metric