Over the past day and a half, i've managed to construct a racoon.conf
file which causes my system to successfully initiate an ISAKMP SA with
a peer connected to the same subnet.. it then fails to initiate any
phase 2 negotiations because it doesn't find any matching policy
entries for the peer.

I've traced it as far as ipsecdoi_initsakeys() in ipsec_doi.c;
iph2->side == INITIATOR, and iph2->spidx->policy->proposal == NULL, so
it just returns without setting anything up.

What's wrong with the following?  i'm trying to set up ESP in
transport mode with des and hmac-md5 authentication..

					- Bill

# YIPS @(#)$Id: racoon.conf,v 1.1.1.1 1999/08/16 18:51:19 thorpej Exp $
# Refer to isakmp.h, isakmp_oakley.h and ipsec_doi.h
#
# 0x<val> : hex
# <val>   : decimal
# "<val>" : strings

#log 0x0fffffff;
log notify;

path pre_shared_key "/usr/wes/ipsec/preshare";

identifier keyid "129.148.174.244";

#padding {
#	max_length 20;      # x (long word)
#	random_length off;
#	check_length off;
#	excl_lastone on;
#}

# if no listen directive is specified, racoon will listen to all
# available interface addresses
listen {
	#isakmp 127.0.0.1 port 7000;
	#isakmp 203.178.141.215 port 8000;
	#isakmp 192.168.1.2 port 500;
	#isakmp 203.178.141.208 port 9001;
	#isakmp 202.249.11.124 port 9001;
	#admin 7002;
}

# main mode example, with "anonymous" (any peer) configuration
remote anonymous {
#	try_to_send 3;   # count
#	send_timer 20;   # (s)
#	vendor_id "KAME/racoon";

	exchange_mode main;
	doi ipsec_doi;
	situation identity_only;
	nonce_size 32;

	#id_type FQDN hoge.hoge.hoge;
	proposal {
		encryption_algorithm des;
		hash_algorithm md5;
		authentication_method pre_shared_key;
		dh_group modp768;
#		nonce_size 16;
		lifetime time 900 second;
	}
}

policy 129.148.174.0/24 129.148.174.0/24  any inout ipsec 
{
	pfs_group modp768;
	proposal {
		lifetime time 900 second;
		protocol esp {
			authentication_algorithm hmac_md5;
			level require;
			mode transport;
			strength normal;
		}
	}
}