This week I've installed a recent development kernel, which has a nice IPsec implementation (much better than FreeS/WAN). At the moment you have to use KAME's IKE daemon racoon for automagical keying. A PFKEYv2 interface to xfrm has been developed especially therefore. The native user interface to xfrm via NETLINK has some bugs (fix) . Today I've done a port of isakmpd to Linux 2.5.Some testing has already been done (5 hours stress test with very much rekeying), but I think it could use some more (hint!).