>This is great news -- one of the big hangups in our interop testing at NAI
>Labs was the like of IKE on FreeBSD.  I notice that right now racoon is a
>port -- assuming this interpretation is correct, are their any plans to
>integrate racoon as a base system component?  As you point out, without
>IKE, FreeBSD's IPsec implementation is effectively useless for
>cross-platform communication due to the number of frobs in SA
>configuration.  I also look forward to the rapid MFC'ing, assuming that
>the code works :-).

        this is because we expect to have so many many changes/improvements
        in racoon - once we put racoon into base tree, we need to be much
        more careful about backward-compatibility in config file, for
        example.  also, we need to improve kernel policy management for
        socket-based policy, and process-to-process policy inheritance.


