I finally found the time to work on the racoon IKE server again for the opportunistic IPsec project. The result is a new set of patches that works better than the old set. Get it here:

ipseckey-20120210.patch.bz2

and apply it to ipsec-tools 0.8.0.

The new stuff is mainly that rekeying works, both for ISAKMP-SA and IPsec-SA, because the public key is loaded from DNS into a list which is checked when authentication has to be done again.

I want the key in the list because in Scenario 1 I need an external program, the resolver, to load the key into the IKE server.

Feel free to test things.