$Id: BUGS,v 1.30 2009/03/26 04:26:00 fukumoto Exp $

common issues

   + Lifetime of byte only works on Linux based OS, though racoon2 will
     exchange the lifetime of byte during its negotiation.  It is not
     a matter of racoon2.  The kernel code has to be fixed in order to use
     this function.

   + NetBSD kernel that enabled NAT-T, which you defined options IPSEC_NAT_T
     when you built your kernel, can not send packets which triggered
     keying when there is no NAT box between the communication.  racoon2
     can exchange a parameter with its peer, and racoon2 can install a
     pair of SAs into the kernel, but the kernel seems not to find a
     suitable SA.  Currently, we are not thinking that this is a bug
     of racoon2.

iked(8)

   + "default" clause of configuration file is used for two purposes:
     to provide default values for individual field for other sections
     of configuration, and to specify default kmp configuration when
     the responder received a message from unknown peer.  In latter
     case, when "default" clause lacks some necessary fields, error
     message may be cryptic, since it is not checked by configuration
     check routine of iked. (Probably it will result in "no proposal
     chosen".)

   + SA bundles (e.g. AH+ESP) does not conform to protocol spec.

   + The certificate authentication method is not yet tested.

   + After rekeying IKE_SA, iked may spit some warning messages, if
     the rekey negotiation or delete request was started from both
     ends at once.

   + NAT-T is not available on Mac OS X. We could not specify the second
     binding port (i.e. 4500), which are usually used for NAT-T. If you
     specify it, racoon2 cannot send packets. So please use --disable-natt
     when compiling.

   + IKEv1 NAT-T only works under limited situations in which
     a user knows the outer address of the NAT box in advance and
     configures the address into peers_ipaddr and peers_sa_ipaddr.
     If you would like to use NAT-T automatically, please use IKEv2
     protocol instead.

   + In IKEv1 phase 1, only Main mode is supported.
     (Aggressive mode is not supported.)

   + Due to a Linux kernel bug (as of 2.6.22), IKEv1 Dead-Peer
     Detection cannot be used on Linux.  That is, non-zero dpd_delay
     may NOT be specified in configuration.

   + DH negotiation with MODP Group 3072-bit and 6144-bit are broken
     on x86 machines with some versions of OpenSSL.  It probably appears 
     OpenSSL 0.9.8f and fixed in 0.9.8h.  For more information, please
     refer to 
     http://www.mail-archive.com/openssl-dev@openssl.org/msg23228.html


kinkd(8)

   + User-to-User mode is not yet available (and thus the GETTGT command
     and related payloads are not yet implemented).

   + Retrieving ticket is currently implemented as a blocking
     operation.  Therefore kinkd will be stalled for a while if there
     is no answer from the KDC (the KDC is not responding, packets
     are dropped, etc).

   + The replay cache is not preserved across restarts.

   + When linked with the MIT krb5 library, the credential cache size
     (thus the virtual size of the daemon) will continue to grow and
     never be reduced.

   + SA bundles (e.g. AH+ESP) in tunnel mode do not work.
