Add IPSec tools port - the new "official" version of racoon,

is the only one which is maintained and have lots of new features.

PR:		85544
Submitted by:	VANHULLEBUS Yvan <vanhu@netasq.com>
Approved by:	perky (mentor)

1 files changed, 26 insertions, 0 deletions

diff --git a/security/ipsec-tools/pkg-descr b/security/ipsec-tools/pkg-descr
new file mode 100644
index 000000000000..f9fc40fb4a7c
--- /dev/null
+++ b/security/ipsec-tools/pkg-descr
@@ -0,0 +1,26 @@
+racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
+establish security association with other hosts.
+
+This is the IPSec-tools version of racoon.
+
+Enchancements:
+- Support of NAT-T.
+- Support of IKE fragmentation.
+- Support of many authentication algorithms.
+- Tons of bugfixes.
+
+Known issues:
+- Too many use of dynamic memory allocation, which leads to memory leak.
+- Non-threaded implementation.  Simultaneous key negotiation performance
+  should be improved.
+- Cannot negotiate keys for per-socket policy.
+- Cryptic configuration syntax - blame IPsec specification too...
+- Needs more documentation.
+
+Design choice, not a bug:
+- racoon negotiate IPsec keys only.  It does not negotiate policy.  Policy must
+  be configured into the kernel separately from racoon.  If you want to
+  support roaming clients, you may need to have a mechanism to put policy
+  for the roaming client after phase 1 finishes.
+
+WWW: http://www.kame.net/ and http://ipsec-tools.sf.net