Package IPsec-tools contains some utilities to manipulate IPsec connections with Linux-2.6. These tools were ported to Linux from BSD/KAME by Derek Atkins.
Please see the IPsec-tools homepage at SourceForge.net.
Instructions on how to check-out the CVS version are available here.
IPsec-tools release tarballs can be obtained here.
EAGAIN
when a SPD rule requires IPsec connection, but no SA is in place. In such a case racoon
is woken up to negotiate the SA with the peer, but the connect(2)
, sendto(2)
, ... syscalls return with EAGAIN immediately. This patch inverts the default behaviour of the kernel to block the syscall until an appropriate SA is in place. In most setups this is wanted. In fact I suspect the current kernel code was ment to do this, but it contains a simple typo that lets it do the opposite ;-)