Package IPsec-tools contains some utilities to manipulate IPsec connections with Linux-2.6. These tools were ported to Linux from BSD/KAME by Derek Atkins.

Please see the IPsec-tools homepage at SourceForge.net.

Instructions on how to check-out the CVS version are available here.

IPsec-tools release tarballs can be obtained here.

Local downloads

IPsec NAT in linux 2.6
Incomplete HowTo
Resource temporarily unavailable - solution
Linux kernel 2.6.x returns error EAGAIN when a SPD rule requires IPsec connection, but no SA is in place. In such a case racoon is woken up to negotiate the SA with the peer, but the connect(2), sendto(2), ... syscalls return with EAGAIN immediately. This patch inverts the default behaviour of the kernel to block the syscall until an appropriate SA is in place. In most setups this is wanted. In fact I suspect the current kernel code was ment to do this, but it contains a simple typo that lets it do the opposite ;-)
Download: kernel-xfrm-block.diff
Place for your feedback...
4th October 2004 at 12:23
ipsec-tools-0.5cvs20040922.tar.bz2 Reload with Inherits Fails
Same configuration as before based on SuSE 9.1, but with kernel

In the racoon configuration file the new inherit function was used for the remote entries. When racoon first started this worked. If racoon was then reloaded it would crash. No entries in the logs.

Oct 4   12:19 kernel-xfrm-block.diff Kernel Crash (by Bob Martin)
Apr 13   12:25 kernel-xfrm-block.diff causes repeateable kernel crash (by Konstantin Shemyak)