Racoon does not create all the SPD policy for manually configured IPSEC connections, and they have to be manually entered. It does not keep track of them, so it does not clean up on exit.
There are valid use cases for using setkey to set up static IPSEC keying for local network security for IPv6 local net ICMP multicast messages. Adding this feature to the racoon init script would break this. Racoon/setkey is basically a 'lower level' tool than strongswan. I have done a lot of work on racoon-tool which does manage the SPD based on the coneections you have configured, which now supports X509 and PSK connections, transport and tunnel mode, IPv6 and IPv4, with X509 certs and PSK working, along with basic anonymous VPN server set up, and I am willing to put it up on backports. Please tell me if these features cover your usage cases. Cheers, Matthew Grant
