I am running i386/3.99.7 and I am trying IPSEC for the first time.
Running racoon in debug mode gives the following warnings:

2005-06-29 11:55:10: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid
argument

2005-06-29 11:55:10: DEBUG: pfkey X_SPDDUMP failed: No such file or directory

Should I worry about them? I am trying to use IPsec as a client to
a Nortel VPN concentrator.

I don't do NAT. Setting IPSEC_NAT_T in the kernel does not help.

I did not do any setkeys. It looks like /etc/racoon/phase1-up.sh is going
to do that. Does that explain the 2nd warning?

This is what I am getting when I do "racoonctl vc -u XXX X.X.X.X":

2005-06-29 12:05:00: DEBUG: ===
2005-06-29 12:05:00: DEBUG: 44 bytes message received from X.X.X.X[500]
to Y.Y.Y.Y[500]
2005-06-29 12:05:00: DEBUG: 
xxxxxxxx xxxxxxxx xxxxxxxx ...
2005-06-29 12:05:00: DEBUG: receive Information.
2005-06-29 12:05:00: ERROR: ignore information because the message has
no hash payload.

Tcpdump says:
12:05:00.858721 IP (tos 0xe0, ttl  61, id 36321, offset 0, flags [none],
length: 72) X.X.X.X.500 > Y.Y.Y.Y.500: [udp sum ok] isakmp 1.0 msgid 
cookie ->: phase 1 R inf:
    (n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN
    orig=(invalid length=46168d))

Should I worry about the "invalid length=46168d"?

	rvdp