Per http://news.com.com/VPN+flaw+threatens+Internet+traffic/2100-1002_3-5951916.html
the good folks at University of Oulu have found flaws in many different 
implementations of IKE.  OpenSWAN is one of the affected code bases.  
Does anyone know if NetBSD or KAME IKE are vulnerable?  (The test suite 
can be downloaded from http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
 )


		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb