I finally found the time to work on the racoon IKE server again for the opportunistic IPsec project. The result is a new set of patches that works better than the old set. Get it here:
and apply it to ipsec-tools 0.8.0.
The new stuff is mainly that rekeying works, both for ISAKMP-SA and IPsec-SA, because the public key is loaded from DNS into a list which is checked when authentication has to be done again.
I want the key in the list because in Scenario 1 I need an external program, the resolver, to load the key into the IKE server.
Feel free to test things.