aboutsummaryrefslogtreecommitdiffstats
path: root/security/racoon2/pkg-descr
diff options
context:
space:
mode:
Diffstat (limited to 'security/racoon2/pkg-descr')
-rw-r--r--security/racoon2/pkg-descr18
1 files changed, 18 insertions, 0 deletions
diff --git a/security/racoon2/pkg-descr b/security/racoon2/pkg-descr
new file mode 100644
index 000000000000..34f8530ce9cc
--- /dev/null
+++ b/security/racoon2/pkg-descr
@@ -0,0 +1,18 @@
+racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
+establish security association with other hosts.
+
+Known issues:
+- Too many use of dynamic memory allocation, which leads to memory leak.
+- Non-threaded implementation. Simultaneous key negotiation performance
+ should be improved.
+- Cannot negotiate keys for per-socket policy.
+- Cryptic configuration syntax - blame IPsec specification too...
+- Needs more documentation.
+
+Design choice, not a bug:
+- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must
+ be configured into the kernel separately from racoon. If you want to
+ support roaming clients, you may need to have a mechanism to put policy
+ for the roaming client after phase 1 finhises.
+
+WWW: http://www.kame.net/