Subject: update /sys/netkey/* files?
To: None <>
From: Paul Dokas <>
List: tech-net
Date: 01/30/2002 15:54:32
Are there any plans to update the files in /sys/netkey/* to a more 
recent version from KAME?  The -current files appear to be from July

In particular, I'm after functionality surrounding SPDUPDATE.  In the
files in -current, if an SPD entry does not exist, then it returns
ENOENT.  In the recent KAME snapshot, SPDUPDATE will add an entry if
one doesn't exist.

Without the files from a recent KAME snapshot, I can't get anonymous
IPSec connections working with racoon.  That is, I can't create anonymous
associations by putting "generate_policy on;" into my racoon.conf.

I might also add that with "generate_policy on;" set, the racoon in
-current expects SPDUPDATE to create an SPD entry if one doesn't.  And
that's just not how the code in -current works.

Paul Dokas                                  
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."