Hi 

A few bugs have been reported with the recently imported ipsec-tools racoon. I
just imported a newer version that should fix everything that was reported.

- Missing support for IDEA and RC5
- racoon compains about missing /etc/radius.conf
- racoon wants a /var/racoon directory
- racoon complains that setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE) failed and
refuse connexions

Plus a few bugs no NetBSD user reported but that were catched upstream. The
complete ChangeLog from ipsec-tools is below.

Please keep me informed of newer problems.

2005-02-23  Emmanuel Dreyfus <manu@netbsd.org>

        * configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
          support for patented algorithms: IDEA and RC5.
        * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
          is not required in the configuration
        * src/racoon/isakmp.c: do not reject addresses for which kernel
          refused UDP encapsulation, they can still be used for non NAT-T
          traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)

2005-02-18  Emmanuel Dreyfus <manu@netbsd.org>

        * src/racoon/{main.c|eaytest.c|plairsa-gen.c}
          src/setkey/setkey.c: don't use fuzzy paths for package_version.h

2005-02-18  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
          related DELETE_SA
        * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire

2005-02-17  Emmanuel Dreyfus <manu@netbsd.org>

        From Fred Senault <fred.letter@lacave.net>
        * src/racoon/remoteconf.c: Fix a bug in script init

2005-02-17  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks

2005-02-15  Michal Ludvig  <michal@logix.cz>

        * configure.ac: Changed --enable-natt_NN to
--enable-natt-versions=NN,NN



-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org