# $Id: TODO

List of work needed on the racoon2 package

1. Debug and fix the management of the phase 2 SA's in IKEv1 when the peer
   terminates the connection and the phase 1 ISAKMP-SA is purged. Currently
   only one of the phase 2 SA's is deleted. The other one can be deleted
   using the ph1-down hook scripts. It is not clear that phase 2 structures
   are being freed when the corresponding phase1 1 is purged.

2. Progress has been made by enabling the selector matching at the beginning
   of phase 2 to succeed in certain cases such as when the peer's address is
   set to any in the selectors. Now it is possible to configure racoon2 as
   an L2TP/IPSec server for iphone and Windows clients. More testing needs 
   to be done on the new patches to test and debug different configurations.
   Test... debug... patch...

3. IPv6 support- it is not clear why iked is not using IPv6 addresses 
   when ike is set to use MY_IP, which is supposed to use all addresses 
   not just IPv4 addresses. Now, iked is behaving as if we set ike in
   the interface section of racoon2.conf to MY_IPV4 instead of MY_IP. It
   would be desireable to get iked to use IPv6 addresses so we can test
   racoon2 with IPv6.

4. For NAT traversal in transport mode, NAT original address payloads are
   ignored on input. Also, iked does not send the NAT original address
   payloads to the peer. Without handling and processing these payloads, the
   checksum fixup in NAT-T transport mode cannot be optimized. Racoon does
   handle these payloads. Also, peers that require these payloads to
   do the checksum fix will not be able to connect.  

5. Continue work on autoconf configuration to integrate racoon2 with modern
   systems such as NetBSD. Recent patches to the configuration samples include
   a new file, transport_ike_natt.conf to assist in configuring NAT-T transport
   mode and this file needs to be added to all lists of configuration samples
   to be installed. Also, the new version of transport_ike.conf needs to
   be generated by aoutoconf, just as some of the other configuration files
   need this, such as racoon2.conf and vals.conf. This will need to be kept
   in mind when editing the various autoconf configuration files and Makefiles.
   For example, transport_ike.conf will need to be renamed to
   transport_ike.conf.in so autoconf can generate it, and transport_ike.conf
   will need to be added to the list of files generated by autoconf, and it will
   need to be added to the list of files to remove for make's clean target.
