When I have RACOON_OPTS="-4" in /etc/conf.d/racoon, /etc/init.d/racoon fails to start: # /etc/init.d/racoon start * Caching service dependencies ... [ ok ] * Loading ipsec policies from /etc/ipsec.conf. * Starting racoon ... /usr/sbin/racoon: invalid option -- 4 usage: racoon [-BdFv] [-a (port)] [-f (file)] [-l (file)] [-p (port)] -B: install SA to the kernel from the file specified by the configuration file. -d: debug level, more -d will generate more debug message. -C: dump parsed config file. -L: include location in debug messages -F: run in foreground, do not become daemon. -v: be more verbose -a: port number for admin port. -f: pathname for configuration file. -l: pathname for log file. -p: port number for isakmp (default: 500). -P: port number for NAT-T (default: 4500). [ !! ] Commenting out that conf line lets racoon start normally. That conf line is enabled by default and perhaps shouldn't be in 0.5?
This bug has to do with how ipsec-tools is being built. I'm not sure why, but configure does not set INET6 in config.h, only INET6_ADVAPI. I do not know if they are mutually exclusive. Something for the upstream folks I'd guess.
There's a patch required for configure.ac for this problem. It is not in the 0.5.1 branch of ipsec-tools. I'll attach it. I have not tried it myself.
Created attachment 57400 [details, diff] Patch to configure.ac for ipv6 problem.
Seems to be fixed, plese consider marking RESOLVED FIXED after ipsec-tools-0.6.5 goes in the tree. See http://bugs.gentoo.org/show_bug.cgi?id=121919#c0
21 Jun 2005; Peter Johanson <latexer@gentoo.org> +files/ipsec-tools-0.5-ipv6.diff, +ipsec-tools-0.5-r2.ebuild, +ipsec-tools-0.5.2.ebuild: Revision bump with fix for IPV6 problem (bug #87920), and bump version (bug #92363). Closing a stale bug.