e704c8da48
- SA bundle (AH + ESP) negotiation is corrected - be more picky about permission of pre-shared key file (don't open it it it looks vulnerable).
18 lines
809 B
Text
18 lines
809 B
Text
racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
|
|
establish security association with other hosts.
|
|
|
|
Known issues:
|
|
- Too many use of dynamic memory allocation, which leads to memory leak.
|
|
- Non-threaded implementation. Simultaneous key negotiation performance
|
|
should be improved.
|
|
- Cannot negotiate keys for per-socket policy.
|
|
- Cryptic configuration syntax - blame IPsec specification too...
|
|
- Needs more documentation.
|
|
|
|
Design choice, not a bug:
|
|
- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must
|
|
be configured into the kernel separately from racoon. If you want to
|
|
support roaming clients, you may need to have a mechanism to put policy
|
|
for the roaming client after phase 1 finhises.
|
|
|
|
Bug reports should be sent to http://orange.kame.net/dev/send-pr.html.
|