--- /dev/null
+config BR2_PACKAGE_IPSEC_TOOLS
+ bool "ipsec-tools"
+ select BR2_PACKAGE_OPENSSL
+ select BR2_PACKAGE_FLEX
+ depends on BR2_USE_MMU # fork()
+ help
+ This package is required to support IPSec for Linux 2.6+
+
+ http://ipsec-tools.sourceforge.net/
+
+if BR2_PACKAGE_IPSEC_TOOLS
+
+config BR2_PACKAGE_IPSEC_TOOLS_ADMINPORT
+ default y
+ bool "Enable racoonctl(8)"
+ help
+ Lets racoon to listen to racoon admin port, which is to
+ be contacted by racoonctl(8).
+
+config BR2_PACKAGE_IPSEC_TOOLS_NATT
+ bool "Enable NAT-Traversal"
+ help
+ This needs kernel support, which is available on Linux. On
+ NetBSD, NAT-Traversal kernel support has not been integrated
+ yet, you can get it from here:
+
+ http://ipsec-tools.sourceforge.net/netbsd_nat-t.diff If you
+
+ live in a country where software patents are legal, using
+ NAT-Traversal might infringe a patent.
+
+config BR2_PACKAGE_IPSEC_TOOLS_FRAG
+ bool "Enable IKE fragmentation"
+ help
+ Enable IKE fragmentation, which is a workaround for
+ broken routers that drop fragmented packets
+
+config BR2_PACKAGE_IPSEC_TOOLS_DPD
+ bool "Enable DPD (Dead Peer Detection)"
+ help
+ Enable dead peer detection support
+
+config BR2_PACKAGE_IPSEC_TOOLS_STATS
+ default y
+ bool "Enable statistics logging function"
+
+config BR2_PACKAGE_IPSEC_TOOLS_READLINE
+ select BR2_PACKAGE_READLINE
+ bool "Enable readline input support"
+
+config BR2_PACKAGE_IPSEC_TOOLS_HYBRID
+ bool "Enable hybrid, both mode-cfg and xauth support"
+ help
+ Hybrid mode is required for successful interoperability
+ (e.g. Cisco VPN Client).
+
+choice
+ prompt "Security context"
+ default BR2_PACKAGE_IPSEC_SECCTX_DISABLE
+ help
+ Selects whether or not to enable security context support.
+
+config BR2_PACKAGE_IPSEC_SECCTX_DISABLE
+ bool "Disable security context support"
+
+config BR2_PACKAGE_IPSEC_SECCTX_ENABLE
+ bool "Enable SELinux security context support"
+
+config BR2_PACKAGE_IPSEC_SECCTX_KERNEL
+ bool "Enable kernel security context"
+
+endchoice
+
+endif