In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679482: > Try strongswan, it works on Debian kfreebsd and ordinary wheezyy. > racoon is long in the tooth, and because of the sort of bitrot and > security issues it has (runs as root) I think it might be better if this > part of ipsec-tools was deprecated.
FWIW I ended up using racoon because the examples in https://wiki.debian.org/IPsec use it. It would be valuable if that page could be updated to reflect the best choices in current Debian (whatever they are). There's also a lot of historical details in the first section of the page which could either be relegated to an appendix or completely eliminated. For example, someone who is trying to configure IPsec on Debian in 2016 has no interest in the situation under Linux 2.4.x. ttfn/rjk
