maybe tech-crypto...

>This doesn't provide any security because the '/use' indicates it is
>optional.  When I change to '/require' all communication stops.
>
>When actually using this with racoon, it will run for 10 minutes or so
>and then I get 1-2minute hangs that eventually unwedge under a barrage
>of pings.  I also see racoon spit out diagnostics that to my untrained
>eye don't look too encouraging.

	Please make sure the following things (for both sides):
	- have peer's ip addrss, and secret key, into psk.txt
	- make sure to have "remote" entry for the peer, in remote.conf
	- make sure to have "policy" entry for the peer, in policy.conf
	- don't use symbolic name "high" or "normal" in remote.conf or
	  policy.conf (we have bug in there - will fix sample config files)
	If it still does not work, please run
	# racoon -f configfile -d 0xffffffff
	on both sides and send off the whole output to me privately.

	I agree racoon configuration files are too cryptic.  I hope to address
	it sooner.

>Is anyone already using ipsec and possibly isakmp on their wireless
>links yet?

	there should be no difference between "isakmp on wireless"
	and "isakmp on ethernet"...

itojun