* Scott Mcdermott (smcdermott@questra.com) wrote:

What, openswan uses PF_KEY last I checked on kernel 2.6.  I
guess you can use KLIPS, but why would you? What's this
"netfilter-interface" to ipsec code?

This confused me too...

I had the exact same problem the original poster had with
Racoon.  SPDs would multiply without bounds, seemingly
geometrically.

Yeah.  Not good. :(

I switched to strongswan and the problems immediately
vanished.  There is some bug in racoon where it doesn't
replace SPDs.  I used the latest ipsec-utils and kernel and
this problem did not go away until I switched instead to
strongswan (still using PF_KEY) (it also worked with
openswan).

Sounds like I may need to check out strongswan/openswan.  
I can tell you I wasn't exactly a fan of freeswan for a variety
of reasons.  I'm suprised there havn't been more people
talking about and looking into fixing this, kind of concerning..

	Thanks,

		Stephen