I noticed this project on the GSOC list filed under userland: http://wiki.netbsd.org/projects/project/ikev2/ racoon(8) is the current IKEv1 implementation used in NetBSD. The racoon code is old and crufty and full of potential security issues. We would like to replace it. [Libreswan can be added to the evaluation list :-)]
Can I suggest adding a separate project focused more on updating the IPsec kernel sources? The work could involve gap analysis (see bug database), refreshing the existing code, and adding missing functionality. While I'm not going to be much help with the code proper I can probably help answer "why does this feature matters?" Andrew
