Here are some useful resources:
ipsec-tools on SourceForge
Linux Kernel 2.6 using KAME-tools (lists necessary kernel options)
This is the secret Racoon error message decoder ring.
ONLamp.com: Cryptosystems: Debugging IPSec
Takeaway message: psk.txt is a sensitive little feller. Even if you think it’s setup perfectly, change the password again. I’ll bet it’ll work.
A troubleshooting tip: before you try IPSec with your newly installed certs, use OpenSSL to test that they are located correctly. For example,
[root@machine /usr/local/etc]# openssl verify -CAfile my_ca_cert.pem machine_cert.pem
If that works, then give IPSec a try.
Originally I was interested in proxy ARP because I wanted to configure a machine running the Xen hypervisor to use proxy ARP to enable non-privileged domains to appear to be directly on the network. The 2.6 kernels (and perhaps even earlier ones, I don’t know) automatically manage the proper proxy arp settings for the virtual interfaces when you use ip route to make the necessary routing table entries. To enable proxy arp on the real interface (e.g., eth0), add the following line to /etc/xen/scripts/network-route:
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp.