63e90eb697
I use the software and will maintain the port. Our port has no known security issues, it has patches obtained from NetBSD CVS Repository. Change WWW to point to that repo. Still, download same distfile from the SourceForge. Add TIMESTAMP to distinfo.
23 lines
831 B
Plaintext
23 lines
831 B
Plaintext
racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
|
|
establish security association with other hosts.
|
|
|
|
This is the IPSec-tools version of racoon.
|
|
|
|
Enchancements:
|
|
- Support of NAT-T and IKE fragmentation.
|
|
- Support of many authentication algorithms.
|
|
- Tons of bugfixes.
|
|
|
|
Known issues:
|
|
- Non-threaded implementation. Simultaneous key negotiation performance
|
|
should be improved.
|
|
- Cannot negotiate keys for per-socket policy.
|
|
- Cryptic configuration syntax - blame IPsec specification too...
|
|
- Needs more documentation.
|
|
|
|
Design choice, not a bug:
|
|
- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must
|
|
be configured into the kernel separately from racoon. If you want to
|
|
support roaming clients, you may need to have a mechanism to put policy
|
|
for the roaming client after phase 1 finishes.
|