Description of problem: racoon in ipsec tools 0.6.4 does not work in certain situations. I remember it was to do something with mask component... Error message at syslog: Mar 23 07:54:01 localhost racoon: ERROR: failed to get sainfo. Version-Release number of selected component (if applicable): 0.6.4 How reproducible: setkey -c <<EOF spdadd $LOCALIP/32 $GWIP/32[1701] udp -P out ipsec esp/transport//require ; spdadd $GWIP/32[1701] $LOCALIP/32 udp -P in ipsec esp/transport//require ; EOF How to fix: racoon in ipsec-tools 0.6.5 works. I got racoon in 0.6.1 to work after heavy editing of sha.h, remake and overwrite of /usr/sbin/racoon. So please update ipsec-tools to 0.6.5 -- I recall the diff from 0.6.4 is not big.