1459 files changed, 32095 insertions, 11258 deletions

diff --git a/Android.mk b/Android.mk
new file mode 100644
index 000000000..0cda18302
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,64 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# this is the list of plugins that are built into libstrongswan and charon
+# also these plugins are loaded by default (if not changed in strongswan.conf)
+strongswan_PLUGINS := openssl fips-prf random x509 pubkey pkcs1 \
+	pem xcbc hmac kernel-netlink socket-default android
+
+# helper macros to only add source files for plugins included in the list above
+# source files are relative to the android.mk that called the macro
+plugin_enabled = $(findstring $(1), $(strongswan_PLUGINS))
+add_plugin = $(if $(call plugin_enabled,$(1)), \
+               $(patsubst $(LOCAL_PATH)/%,%, \
+                 $(wildcard \
+                   $(LOCAL_PATH)/plugins/$(subst -,_,$(strip $(1)))/*.c \
+                  ) \
+                ) \
+              )
+
+# includes
+strongswan_PATH := $(LOCAL_PATH)
+libvstr_PATH := external/strongswan-support/vstr/include
+libgmp_PATH := external/strongswan-support/gmp
+
+# CFLAGS (partially from a configure run using droid-gcc)
+strongswan_CFLAGS := \
+	-Wno-format \
+	-Wno-pointer-sign \
+	-Wno-pointer-arith \
+	-Wno-sign-compare \
+	-Wno-strict-aliasing \
+	-DHAVE___BOOL \
+	-DHAVE_STDBOOL_H \
+	-DHAVE_ALLOCA_H \
+	-DHAVE_ALLOCA \
+	-DHAVE_CLOCK_GETTIME \
+	-DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \
+	-DHAVE_PRCTL \
+	-DHAVE_LINUX_UDP_H \
+	-DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \
+	-DHAVE_IPSEC_MODE_BEET \
+	-DHAVE_IPSEC_DIR_FWD \
+	-DMONOLITHIC \
+	-DUSE_VSTR \
+	-DROUTING_TABLE=0 \
+	-DROUTING_TABLE_PRIO=220 \
+	-DVERSION=\"4.4.0\" \
+	-DPLUGINS='"$(strongswan_PLUGINS)"' \
+	-DIPSEC_DIR=\"/system/bin\" \
+	-DIPSEC_PIDDIR=\"/data/misc/vpn\" \
+	-DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \
+	-DDEV_RANDOM=\"/dev/random\" \
+	-DDEV_URANDOM=\"/dev/urandom\"
+
+# only for Android 2.0+
+strongswan_CFLAGS += \
+	-DHAVE_IN6ADDR_ANY
+
+include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \
+		charon \
+		libcharon \
+		libhydra \
+		libstrongswan \
+	))
diff --git a/Android.mk.in b/Android.mk.in
new file mode 100644
index 000000000..4a4b7df96
--- /dev/null
+++ b/Android.mk.in
@@ -0,0 +1,64 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# this is the list of plugins that are built into libstrongswan and charon
+# also these plugins are loaded by default (if not changed in strongswan.conf)
+strongswan_PLUGINS := openssl fips-prf random x509 pubkey pkcs1 \
+	pem xcbc hmac kernel-netlink socket-default android
+
+# helper macros to only add source files for plugins included in the list above
+# source files are relative to the android.mk that called the macro
+plugin_enabled = $(findstring $(1), $(strongswan_PLUGINS))
+add_plugin = $(if $(call plugin_enabled,$(1)), \
+               $(patsubst $(LOCAL_PATH)/%,%, \
+                 $(wildcard \
+                   $(LOCAL_PATH)/plugins/$(subst -,_,$(strip $(1)))/*.c \
+                  ) \
+                ) \
+              )
+
+# includes
+strongswan_PATH := $(LOCAL_PATH)
+libvstr_PATH := external/strongswan-support/vstr/include
+libgmp_PATH := external/strongswan-support/gmp
+
+# CFLAGS (partially from a configure run using droid-gcc)
+strongswan_CFLAGS := \
+	-Wno-format \
+	-Wno-pointer-sign \
+	-Wno-pointer-arith \
+	-Wno-sign-compare \
+	-Wno-strict-aliasing \
+	-DHAVE___BOOL \
+	-DHAVE_STDBOOL_H \
+	-DHAVE_ALLOCA_H \
+	-DHAVE_ALLOCA \
+	-DHAVE_CLOCK_GETTIME \
+	-DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \
+	-DHAVE_PRCTL \
+	-DHAVE_LINUX_UDP_H \
+	-DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \
+	-DHAVE_IPSEC_MODE_BEET \
+	-DHAVE_IPSEC_DIR_FWD \
+	-DMONOLITHIC \
+	-DUSE_VSTR \
+	-DROUTING_TABLE=0 \
+	-DROUTING_TABLE_PRIO=220 \
+	-DVERSION=\"@PACKAGE_VERSION@\" \
+	-DPLUGINS='"$(strongswan_PLUGINS)"' \
+	-DIPSEC_DIR=\"/system/bin\" \
+	-DIPSEC_PIDDIR=\"/data/misc/vpn\" \
+	-DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \
+	-DDEV_RANDOM=\"/dev/random\" \
+	-DDEV_URANDOM=\"/dev/urandom\"
+
+# only for Android 2.0+
+strongswan_CFLAGS += \
+	-DHAVE_IN6ADDR_ANY
+
+include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \
+		charon \
+		libcharon \
+		libhydra \
+		libstrongswan \
+	))
diff --git a/Doxyfile.in b/Doxyfile.in
index 8cb6e50a5..b79c9909d 100644
--- a/Doxyfile.in
+++ b/Doxyfile.in
@@ -528,7 +528,8 @@ WARN_LOGFILE           =
 # with spaces.
 
 INPUT                  = @SRC_DIR@/src/libstrongswan \
-                         @SRC_DIR@/src/charon \
+                         @SRC_DIR@/src/libhydra \
+                         @SRC_DIR@/src/libcharon \
                          @SRC_DIR@/src/libsimaka \
                          @SRC_DIR@/src/libfast \
                          @SRC_DIR@/src/manager
diff --git a/Makefile.am b/Makefile.am
index fcb2f2e7a..6ed121f67 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -6,8 +6,15 @@ endif
 
 ACLOCAL_AMFLAGS = -I m4/config
 
-EXTRA_DIST = Doxyfile.in CREDITS
+EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk
 CLEANFILES = apidoc Doxyfile
+BUILT_SOURCES = Android.mk
+MAINTAINERCLEANFILES = Android.mk
+
+Android.mk :	Android.mk.in configure.in
+		sed \
+		-e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \
+		$(srcdir)/$@.in > $@
 
 Doxyfile :	Doxyfile.in
 		sed \
diff --git a/Makefile.in b/Makefile.in
index 6e97ac768..d4f18d054 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -229,6 +229,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -265,9 +266,12 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 SUBDIRS = src testing $(am__append_1)
 ACLOCAL_AMFLAGS = -I m4/config
-EXTRA_DIST = Doxyfile.in CREDITS
+EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk
 CLEANFILES = apidoc Doxyfile
-all: all-recursive
+BUILT_SOURCES = Android.mk
+MAINTAINERCLEANFILES = Android.mk
+all: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) all-recursive
 
 .SUFFIXES:
 am--refresh:
@@ -626,11 +630,13 @@ distcleancheck: distclean
 	       $(distcleancheck_listfiles) ; \
 	       exit 1; } >&2
 check-am: all-am
-check: check-recursive
+check: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) check-recursive
 all-am: Makefile
 installdirs: installdirs-recursive
 installdirs-am:
-install: install-recursive
+install: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) install-recursive
 install-exec: install-exec-recursive
 install-data: install-data-recursive
 uninstall: uninstall-recursive
@@ -656,6 +662,8 @@ distclean-generic:
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
+	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+	-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
 clean: clean-recursive
 
 clean-am: clean-generic clean-libtool mostlyclean-am
@@ -726,8 +734,9 @@ ps-am:
 
 uninstall-am:
 
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
-	install-am install-strip tags-recursive
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all check \
+	ctags-recursive install install-am install-strip \
+	tags-recursive
 
 .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
 	all all-am am--refresh check check-am clean clean-generic \
@@ -746,6 +755,11 @@ uninstall-am:
 	tags tags-recursive uninstall uninstall-am
 
 
+Android.mk :	Android.mk.in configure.in
+		sed \
+		-e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \
+		$(srcdir)/$@.in > $@
+
 Doxyfile :	Doxyfile.in
 		sed \
 		-e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \
diff --git a/NEWS b/NEWS
index 1ba8b7c49..bd4e770cd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,52 @@
+strongswan-4.4.0
+----------------
+
+- The IKEv2 High Availability plugin has been integrated. It provides
+  load sharing and failover capabilities in a cluster of currently two nodes,
+  based on an extend ClusterIP kernel module. More information is available at
+  http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.
+  The development of the High Availability functionality was sponsored by
+  secunet Security Networks AG.
+
+- Added IKEv1 and IKEv2 configuration support for the AES-GMAC
+  authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux
+  2.6.34 kernel is required to make AES-GMAC available via the XFRM
+  kernel interface.
+
+- Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt
+  and openssl plugins, usable by both pluto and charon. The new proposal
+  keywords are modp1024s160, modp2048s224 and modp2048s256. Thanks to Joy Latten
+  from IBM for his contribution.
+
+- The IKEv1 pluto daemon supports RAM-based virtual IP pools using
+  the rightsourceip directive with a subnet from which addresses
+  are allocated.
+
+- The ipsec pki --gen and --pub commands now allow the output of
+  private and public keys in PEM format using the --outform pem
+  command line option.
+
+- The new DHCP plugin queries virtual IP addresses for clients from a DHCP
+  server using broadcasts, or a defined server using the
+  charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server information
+  is additionally served to clients if the DHCP server provides such
+  information. The plugin is used in ipsec.conf configurations having
+  rightsourceip set to %dhcp.
+
+- A new plugin called farp fakes ARP responses for virtual IP addresses
+  handed out to clients from the IKEv2 daemon charon. The plugin lets a
+  road-warrior act as a client on the local LAN if it uses a virtual IP
+  from the responders subnet, e.g. acquired using the DHCP plugin.
+
+- The existing IKEv2 socket implementations have been migrated to the
+  socket-default and the socket-raw plugins. The new socket-dynamic plugin
+  binds sockets dynamically to ports configured via the left-/rightikeport
+  ipsec.conf connection parameters.
+
+- The android charon plugin stores received DNS server information as "net.dns"
+  system properties, as used by the Android platform.
+
+
 strongswan-4.3.6
 ----------------
 
diff --git a/configure b/configure
index e36ba904c..952734d15 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.64 for strongSwan 4.3.6.
+# Generated by GNU Autoconf 2.64 for strongSwan 4.4.0.
 #
 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
 # 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software
@@ -695,8 +695,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='strongSwan'
 PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='4.3.6'
-PACKAGE_STRING='strongSwan 4.3.6'
+PACKAGE_VERSION='4.4.0'
+PACKAGE_STRING='strongSwan 4.4.0'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -740,12 +740,16 @@ ac_subst_vars='am__EXEEXT_FALSE
 am__EXEEXT_TRUE
 LTLIBOBJS
 LIBOBJS
+MONOLITHIC_FALSE
+MONOLITHIC_TRUE
 USE_SIMAKA_FALSE
 USE_SIMAKA_TRUE
 USE_VSTR_FALSE
 USE_VSTR_TRUE
 USE_FILE_CONFIG_FALSE
 USE_FILE_CONFIG_TRUE
+USE_LIBHYDRA_FALSE
+USE_LIBHYDRA_TRUE
 USE_LIBSTRONGSWAN_FALSE
 USE_LIBSTRONGSWAN_TRUE
 USE_SCRIPTS_FALSE
@@ -784,6 +788,14 @@ USE_CISCO_QUIRKS_FALSE
 USE_CISCO_QUIRKS_TRUE
 USE_SMARTCARD_FALSE
 USE_SMARTCARD_TRUE
+USE_FARP_FALSE
+USE_FARP_TRUE
+USE_SOCKET_DYNAMIC_FALSE
+USE_SOCKET_DYNAMIC_TRUE
+USE_SOCKET_RAW_FALSE
+USE_SOCKET_RAW_TRUE
+USE_SOCKET_DEFAULT_FALSE
+USE_SOCKET_DEFAULT_TRUE
 USE_KERNEL_KLIPS_FALSE
 USE_KERNEL_KLIPS_TRUE
 USE_KERNEL_PFROUTE_FALSE
@@ -814,12 +826,16 @@ USE_EAP_SIM_FILE_FALSE
 USE_EAP_SIM_FILE_TRUE
 USE_EAP_SIM_FALSE
 USE_EAP_SIM_TRUE
+USE_HA_FALSE
+USE_HA_TRUE
 USE_LOAD_TESTER_FALSE
 USE_LOAD_TESTER_TRUE
 USE_UNIT_TESTS_FALSE
 USE_UNIT_TESTS_TRUE
 USE_RESOLVE_FALSE
 USE_RESOLVE_TRUE
+USE_DHCP_FALSE
+USE_DHCP_TRUE
 USE_ATTR_FALSE
 USE_ATTR_TRUE
 USE_UPDOWN_FALSE
@@ -828,6 +844,8 @@ USE_SQL_FALSE
 USE_SQL_TRUE
 USE_SMP_FALSE
 USE_SMP_TRUE
+USE_ANDROID_FALSE
+USE_ANDROID_TRUE
 USE_UCI_FALSE
 USE_UCI_TRUE
 USE_NM_FALSE
@@ -895,6 +913,7 @@ USE_CURL_TRUE
 USE_TEST_VECTORS_FALSE
 USE_TEST_VECTORS_TRUE
 pluto_plugins
+libhydra_plugins
 libstrongswan_plugins
 nm_LIBS
 nm_CFLAGS
@@ -1058,6 +1077,7 @@ with_linux_headers
 with_routing_table
 with_routing_table_prio
 with_capabilities
+with_mpz_powm_sec
 with_xauth_module
 with_user
 with_group
@@ -1110,6 +1130,10 @@ enable_kernel_netlink
 enable_kernel_pfkey
 enable_kernel_pfroute
 enable_kernel_klips
+enable_socket_default
+enable_socket_raw
+enable_socket_dynamic
+enable_farp
 enable_nat_transport
 enable_vendor_id
 enable_xauth_vid
@@ -1126,14 +1150,18 @@ enable_scripts
 enable_updown
 enable_attr
 enable_attr_sql
+enable_dhcp
 enable_resolve
 enable_padlock
 enable_openssl
 enable_gcrypt
 enable_agent
 enable_uci
+enable_android
 enable_nm
+enable_ha
 enable_vstr
+enable_monolithic
 enable_dependency_tracking
 with_lib_prefix
 enable_shared
@@ -1702,7 +1730,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures strongSwan 4.3.6 to adapt to many kinds of systems.
+\`configure' configures strongSwan 4.4.0 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1772,7 +1800,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of strongSwan 4.3.6:";;
+     short | recursive ) echo "Configuration of strongSwan 4.4.0:";;
    esac
   cat <<\_ACEOF
 
@@ -1843,6 +1871,13 @@ Optional Features:
   --enable-kernel-pfkey   enable the PF_KEY kernel interface.
   --enable-kernel-pfroute enable the PF_ROUTE kernel interface.
   --enable-kernel-klips   enable the KLIPS kernel interface.
+  --disable-socket-default
+                          disable default socket implementation for charon.
+  --enable-socket-raw     enable raw socket implementation of charon, enforced
+                          if pluto is enabled
+  --enable-socket-dynamic enable dynamic socket implementation for charon
+  --enable-farp           enable ARP faking plugin that responds to ARP
+                          requests to peers virtual IP
   --enable-nat-transport  enable NAT traversal with IPsec transport mode in
                           pluto.
   --disable-vendor-id     disable the sending of the strongSwan vendor ID in
@@ -1867,15 +1902,21 @@ Optional Features:
   --disable-attr          disable strongswan.conf based configuration
                           attribute plugin.
   --enable-attr-sql       enable SQL based configuration attribute plugin.
+  --enable-dhcp           enable DHCP based attribute provider plugin.
   --disable-resolve       disable resolve DNS handler plugin.
   --enable-padlock        enables VIA Padlock crypto plugin.
   --enable-openssl        enables the OpenSSL crypto plugin.
   --enable-gcrypt         enables the libgcrypt plugin.
   --enable-agent          enables the ssh-agent signing plugin.
   --enable-uci            enable OpenWRT UCI configuration plugin.
+  --enable-android        enable Android specific plugin.
   --enable-nm             enable NetworkManager plugin.
+  --enable-ha             enable high availability cluster plugin.
   --enable-vstr           enforce using the Vstr string library to replace
                           glibc-like printf hooks.
+  --enable-monolithic     build monolithic version of libstrongswan that
+                          includes all enabled plugins. Similarly, the plugins
+                          of charon are assembled in libcharon.
   --disable-dependency-tracking  speeds up one-time build
   --enable-dependency-tracking   do not reject slow dependency extractors
   --enable-shared[=PKGS]  build shared libraries [default=yes]
@@ -1919,6 +1960,8 @@ Optional Packages:
                           set priority for IPsec routing table (default: 220).
   --with-capabilities=arg set capability dropping library. Currently only the
                           value "libcap" is supported (default: no).
+  --with-mpz_powm_sec=arg use the more side-channel resistant mpz_powm_sec in
+                          libgmp, if available (default: yes).
   --with-xauth-module=lib set the path to the XAUTH module
   --with-user=user        change user of the daemons to "user" after startup
                           (default is "root").
@@ -2018,7 +2061,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-strongSwan configure 4.3.6
+strongSwan configure 4.4.0
 generated by GNU Autoconf 2.64
 
 Copyright (C) 2009 Free Software Foundation, Inc.
@@ -2494,7 +2537,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by strongSwan $as_me 4.3.6, which was
+It was created by strongSwan $as_me 4.4.0, which was
 generated by GNU Autoconf 2.64.  Invocation command line was
 
   $ $0 $@
@@ -3302,7 +3345,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='strongswan'
- VERSION='4.3.6'
+ VERSION='4.4.0'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -3710,6 +3753,16 @@ fi
 
 
 
+# Check whether --with-mpz_powm_sec was given.
+if test "${with_mpz_powm_sec+set}" = set; then :
+  withval=$with_mpz_powm_sec; mpz_powm_sec="$withval"
+else
+  mpz_powm_sec=yes
+
+fi
+
+
+
 
 # Check whether --with-xauth-module was given.
 if test "${with_xauth_module+set}" = set; then :
@@ -3764,949 +3817,1215 @@ fi
 
 # Check whether --enable-curl was given.
 if test "${enable_curl+set}" = set; then :
-  enableval=$enable_curl; if test x$enableval = xyes; then
+  enableval=$enable_curl; curl_given=true
+		if test x$enableval = xyes; then
 			curl=true
 		 else
 			curl=false
 		fi
 else
   curl=false
+		curl_given=false
 
 fi
 
 
 # Check whether --enable-ldap was given.
 if test "${enable_ldap+set}" = set; then :
-  enableval=$enable_ldap; if test x$enableval = xyes; then
+  enableval=$enable_ldap; ldap_given=true
+		if test x$enableval = xyes; then
 			ldap=true
 		 else
 			ldap=false
 		fi
 else
   ldap=false
+		ldap_given=false
 
 fi
 
 
 # Check whether --enable-aes was given.
 if test "${enable_aes+set}" = set; then :
-  enableval=$enable_aes; if test x$enableval = xyes; then
+  enableval=$enable_aes; aes_given=true
+		if test x$enableval = xyes; then
 			aes=true
 		 else
 			aes=false
 		fi
 else
   aes=true
+		aes_given=false
 
 fi
 
 
 # Check whether --enable-des was given.
 if test "${enable_des+set}" = set; then :
-  enableval=$enable_des; if test x$enableval = xyes; then
+  enableval=$enable_des; des_given=true
+		if test x$enableval = xyes; then
 			des=true
 		 else
 			des=false
 		fi
 else
   des=true
+		des_given=false
 
 fi
 
 
 # Check whether --enable-blowfish was given.
 if test "${enable_blowfish+set}" = set; then :
-  enableval=$enable_blowfish; if test x$enableval = xyes; then
+  enableval=$enable_blowfish; blowfish_given=true
+		if test x$enableval = xyes; then
 			blowfish=true
 		 else
 			blowfish=false
 		fi
 else
   blowfish=false
+		blowfish_given=false
 
 fi
 
 
 # Check whether --enable-md4 was given.
 if test "${enable_md4+set}" = set; then :
-  enableval=$enable_md4; if test x$enableval = xyes; then
+  enableval=$enable_md4; md4_given=true
+		if test x$enableval = xyes; then
 			md4=true
 		 else
 			md4=false
 		fi
 else
   md4=false
+		md4_given=false
 
 fi
 
 
 # Check whether --enable-md5 was given.
 if test "${enable_md5+set}" = set; then :
-  enableval=$enable_md5; if test x$enableval = xyes; then
+  enableval=$enable_md5; md5_given=true
+		if test x$enableval = xyes; then
 			md5=true
 		 else
 			md5=false
 		fi
 else
   md5=true
+		md5_given=false
 
 fi
 
 
 # Check whether --enable-sha1 was given.
 if test "${enable_sha1+set}" = set; then :
-  enableval=$enable_sha1; if test x$enableval = xyes; then
+  enableval=$enable_sha1; sha1_given=true
+		if test x$enableval = xyes; then
 			sha1=true
 		 else
 			sha1=false
 		fi
 else
   sha1=true
+		sha1_given=false
 
 fi
 
 
 # Check whether --enable-sha2 was given.
 if test "${enable_sha2+set}" = set; then :
-  enableval=$enable_sha2; if test x$enableval = xyes; then
+  enableval=$enable_sha2; sha2_given=true
+		if test x$enableval = xyes; then
 			sha2=true
 		 else
 			sha2=false
 		fi
 else
   sha2=true
+		sha2_given=false
 
 fi
 
 
 # Check whether --enable-fips-prf was given.
 if test "${enable_fips_prf+set}" = set; then :
-  enableval=$enable_fips_prf; if test x$enableval = xyes; then
+  enableval=$enable_fips_prf; fips_prf_given=true
+		if test x$enableval = xyes; then
 			fips_prf=true
 		 else
 			fips_prf=false
 		fi
 else
   fips_prf=true
+		fips_prf_given=false
 
 fi
 
 
 # Check whether --enable-gmp was given.
 if test "${enable_gmp+set}" = set; then :
-  enableval=$enable_gmp; if test x$enableval = xyes; then
+  enableval=$enable_gmp; gmp_given=true
+		if test x$enableval = xyes; then
 			gmp=true
 		 else
 			gmp=false
 		fi
 else
   gmp=true
+		gmp_given=false
 
 fi
 
 
 # Check whether --enable-random was given.
 if test "${enable_random+set}" = set; then :
-  enableval=$enable_random; if test x$enableval = xyes; then
+  enableval=$enable_random; random_given=true
+		if test x$enableval = xyes; then
 			random=true
 		 else
 			random=false
 		fi
 else
   random=true
+		random_given=false
 
 fi
 
 
 # Check whether --enable-x509 was given.
 if test "${enable_x509+set}" = set; then :
-  enableval=$enable_x509; if test x$enableval = xyes; then
+  enableval=$enable_x509; x509_given=true
+		if test x$enableval = xyes; then
 			x509=true
 		 else
 			x509=false
 		fi
 else
   x509=true
+		x509_given=false
 
 fi
 
 
 # Check whether --enable-pubkey was given.
 if test "${enable_pubkey+set}" = set; then :
-  enableval=$enable_pubkey; if test x$enableval = xyes; then
+  enableval=$enable_pubkey; pubkey_given=true
+		if test x$enableval = xyes; then
 			pubkey=true
 		 else
 			pubkey=false
 		fi
 else
   pubkey=true
+		pubkey_given=false
 
 fi
 
 
 # Check whether --enable-pkcs1 was given.
 if test "${enable_pkcs1+set}" = set; then :
-  enableval=$enable_pkcs1; if test x$enableval = xyes; then
+  enableval=$enable_pkcs1; pkcs1_given=true
+		if test x$enableval = xyes; then
 			pkcs1=true
 		 else
 			pkcs1=false
 		fi
 else
   pkcs1=true
+		pkcs1_given=false
 
 fi
 
 
 # Check whether --enable-pgp was given.
 if test "${enable_pgp+set}" = set; then :
-  enableval=$enable_pgp; if test x$enableval = xyes; then
+  enableval=$enable_pgp; pgp_given=true
+		if test x$enableval = xyes; then
 			pgp=true
 		 else
 			pgp=false
 		fi
 else
   pgp=true
+		pgp_given=false
 
 fi
 
 
 # Check whether --enable-dnskey was given.
 if test "${enable_dnskey+set}" = set; then :
-  enableval=$enable_dnskey; if test x$enableval = xyes; then
+  enableval=$enable_dnskey; dnskey_given=true
+		if test x$enableval = xyes; then
 			dnskey=true
 		 else
 			dnskey=false
 		fi
 else
   dnskey=true
+		dnskey_given=false
 
 fi
 
 
 # Check whether --enable-pem was given.
 if test "${enable_pem+set}" = set; then :
-  enableval=$enable_pem; if test x$enableval = xyes; then
+  enableval=$enable_pem; pem_given=true
+		if test x$enableval = xyes; then
 			pem=true
 		 else
 			pem=false
 		fi
 else
   pem=true
+		pem_given=false
 
 fi
 
 
 # Check whether --enable-hmac was given.
 if test "${enable_hmac+set}" = set; then :
-  enableval=$enable_hmac; if test x$enableval = xyes; then
+  enableval=$enable_hmac; hmac_given=true
+		if test x$enableval = xyes; then
 			hmac=true
 		 else
 			hmac=false
 		fi
 else
   hmac=true
+		hmac_given=false
 
 fi
 
 
 # Check whether --enable-xcbc was given.
 if test "${enable_xcbc+set}" = set; then :
-  enableval=$enable_xcbc; if test x$enableval = xyes; then
+  enableval=$enable_xcbc; xcbc_given=true
+		if test x$enableval = xyes; then
 			xcbc=true
 		 else
 			xcbc=false
 		fi
 else
   xcbc=true
+		xcbc_given=false
 
 fi
 
 
 # Check whether --enable-test-vectors was given.
 if test "${enable_test_vectors+set}" = set; then :
-  enableval=$enable_test_vectors; if test x$enableval = xyes; then
+  enableval=$enable_test_vectors; test_vectors_given=true
+		if test x$enableval = xyes; then
 			test_vectors=true
 		 else
 			test_vectors=false
 		fi
 else
   test_vectors=false
+		test_vectors_given=false
 
 fi
 
 
 # Check whether --enable-mysql was given.
 if test "${enable_mysql+set}" = set; then :
-  enableval=$enable_mysql; if test x$enableval = xyes; then
+  enableval=$enable_mysql; mysql_given=true
+		if test x$enableval = xyes; then
 			mysql=true
 		 else
 			mysql=false
 		fi
 else
   mysql=false
+		mysql_given=false
 
 fi
 
 
 # Check whether --enable-sqlite was given.
 if test "${enable_sqlite+set}" = set; then :
-  enableval=$enable_sqlite; if test x$enableval = xyes; then
+  enableval=$enable_sqlite; sqlite_given=true
+		if test x$enableval = xyes; then
 			sqlite=true
 		 else
 			sqlite=false
 		fi
 else
   sqlite=false
+		sqlite_given=false
 
 fi
 
 
 # Check whether --enable-stroke was given.
 if test "${enable_stroke+set}" = set; then :
-  enableval=$enable_stroke; if test x$enableval = xyes; then
+  enableval=$enable_stroke; stroke_given=true
+		if test x$enableval = xyes; then
 			stroke=true
 		 else
 			stroke=false
 		fi
 else
   stroke=true
+		stroke_given=false
 
 fi
 
 
 # Check whether --enable-medsrv was given.
 if test "${enable_medsrv+set}" = set; then :
-  enableval=$enable_medsrv; if test x$enableval = xyes; then
+  enableval=$enable_medsrv; medsrv_given=true
+		if test x$enableval = xyes; then
 			medsrv=true
 		 else
 			medsrv=false
 		fi
 else
   medsrv=false
+		medsrv_given=false
 
 fi
 
 
 # Check whether --enable-medcli was given.
 if test "${enable_medcli+set}" = set; then :
-  enableval=$enable_medcli; if test x$enableval = xyes; then
+  enableval=$enable_medcli; medcli_given=true
+		if test x$enableval = xyes; then
 			medcli=true
 		 else
 			medcli=false
 		fi
 else
   medcli=false
+		medcli_given=false
 
 fi
 
 
 # Check whether --enable-smp was given.
 if test "${enable_smp+set}" = set; then :
-  enableval=$enable_smp; if test x$enableval = xyes; then
+  enableval=$enable_smp; smp_given=true
+		if test x$enableval = xyes; then
 			smp=true
 		 else
 			smp=false
 		fi
 else
   smp=false
+		smp_given=false
 
 fi
 
 
 # Check whether --enable-sql was given.
 if test "${enable_sql+set}" = set; then :
-  enableval=$enable_sql; if test x$enableval = xyes; then
+  enableval=$enable_sql; sql_given=true
+		if test x$enableval = xyes; then
 			sql=true
 		 else
 			sql=false
 		fi
 else
   sql=false
+		sql_given=false
 
 fi
 
 
 # Check whether --enable-smartcard was given.
 if test "${enable_smartcard+set}" = set; then :
-  enableval=$enable_smartcard; if test x$enableval = xyes; then
+  enableval=$enable_smartcard; smartcard_given=true
+		if test x$enableval = xyes; then
 			smartcard=true
 		 else
 			smartcard=false
 		fi
 else
   smartcard=false
+		smartcard_given=false
 
 fi
 
 
 # Check whether --enable-cisco-quirks was given.
 if test "${enable_cisco_quirks+set}" = set; then :
-  enableval=$enable_cisco_quirks; if test x$enableval = xyes; then
+  enableval=$enable_cisco_quirks; cisco_quirks_given=true
+		if test x$enableval = xyes; then
 			cisco_quirks=true
 		 else
 			cisco_quirks=false
 		fi
 else
   cisco_quirks=false
+		cisco_quirks_given=false
 
 fi
 
 
 # Check whether --enable-leak-detective was given.
 if test "${enable_leak_detective+set}" = set; then :
-  enableval=$enable_leak_detective; if test x$enableval = xyes; then
+  enableval=$enable_leak_detective; leak_detective_given=true
+		if test x$enableval = xyes; then
 			leak_detective=true
 		 else
 			leak_detective=false
 		fi
 else
   leak_detective=false
+		leak_detective_given=false
 
 fi
 
 
 # Check whether --enable-lock-profiler was given.
 if test "${enable_lock_profiler+set}" = set; then :
-  enableval=$enable_lock_profiler; if test x$enableval = xyes; then
+  enableval=$enable_lock_profiler; lock_profiler_given=true
+		if test x$enableval = xyes; then
 			lock_profiler=true
 		 else
 			lock_profiler=false
 		fi
 else
   lock_profiler=false
+		lock_profiler_given=false
 
 fi
 
 
 # Check whether --enable-unit-tests was given.
 if test "${enable_unit_tests+set}" = set; then :
-  enableval=$enable_unit_tests; if test x$enableval = xyes; then
+  enableval=$enable_unit_tests; unit_tests_given=true
+		if test x$enableval = xyes; then
 			unit_tests=true
 		 else
 			unit_tests=false
 		fi
 else
   unit_tests=false
+		unit_tests_given=false
 
 fi
 
 
 # Check whether --enable-load-tester was given.
 if test "${enable_load_tester+set}" = set; then :
-  enableval=$enable_load_tester; if test x$enableval = xyes; then
+  enableval=$enable_load_tester; load_tester_given=true
+		if test x$enableval = xyes; then
 			load_tester=true
 		 else
 			load_tester=false
 		fi
 else
   load_tester=false
+		load_tester_given=false
 
 fi
 
 
 # Check whether --enable-eap-sim was given.
 if test "${enable_eap_sim+set}" = set; then :
-  enableval=$enable_eap_sim; if test x$enableval = xyes; then
+  enableval=$enable_eap_sim; eap_sim_given=true
+		if test x$enableval = xyes; then
 			eap_sim=true
 		 else
 			eap_sim=false
 		fi
 else
   eap_sim=false
+		eap_sim_given=false
 
 fi
 
 
 # Check whether --enable-eap-sim-file was given.
 if test "${enable_eap_sim_file+set}" = set; then :
-  enableval=$enable_eap_sim_file; if test x$enableval = xyes; then
+  enableval=$enable_eap_sim_file; eap_sim_file_given=true
+		if test x$enableval = xyes; then
 			eap_sim_file=true
 		 else
 			eap_sim_file=false
 		fi
 else
   eap_sim_file=false
+		eap_sim_file_given=false
 
 fi
 
 
 # Check whether --enable-eap-simaka-pseudonym was given.
 if test "${enable_eap_simaka_pseudonym+set}" = set; then :
-  enableval=$enable_eap_simaka_pseudonym; if test x$enableval = xyes; then
+  enableval=$enable_eap_simaka_pseudonym; eap_simaka_pseudonym_given=true
+		if test x$enableval = xyes; then
 			eap_simaka_pseudonym=true
 		 else
 			eap_simaka_pseudonym=false
 		fi
 else
   eap_simaka_pseudonym=false
+		eap_simaka_pseudonym_given=false
 
 fi
 
 
 # Check whether --enable-eap-simaka-reauth was given.
 if test "${enable_eap_simaka_reauth+set}" = set; then :
-  enableval=$enable_eap_simaka_reauth; if test x$enableval = xyes; then
+  enableval=$enable_eap_simaka_reauth; eap_simaka_reauth_given=true
+		if test x$enableval = xyes; then
 			eap_simaka_reauth=true
 		 else
 			eap_simaka_reauth=false
 		fi
 else
   eap_simaka_reauth=false
+		eap_simaka_reauth_given=false
 
 fi
 
 
 # Check whether --enable-eap-identity was given.
 if test "${enable_eap_identity+set}" = set; then :
-  enableval=$enable_eap_identity; if test x$enableval = xyes; then
+  enableval=$enable_eap_identity; eap_identity_given=true
+		if test x$enableval = xyes; then
 			eap_identity=true
 		 else
 			eap_identity=false
 		fi
 else
   eap_identity=false
+		eap_identity_given=false
 
 fi
 
 
 # Check whether --enable-eap-md5 was given.
 if test "${enable_eap_md5+set}" = set; then :
-  enableval=$enable_eap_md5; if test x$enableval = xyes; then
+  enableval=$enable_eap_md5; eap_md5_given=true
+		if test x$enableval = xyes; then
 			eap_md5=true
 		 else
 			eap_md5=false
 		fi
 else
   eap_md5=false
+		eap_md5_given=false
 
 fi
 
 
 # Check whether --enable-eap-gtc was given.
 if test "${enable_eap_gtc+set}" = set; then :
-  enableval=$enable_eap_gtc; if test x$enableval = xyes; then
+  enableval=$enable_eap_gtc; eap_gtc_given=true
+		if test x$enableval = xyes; then
 			eap_gtc=true
 		 else
 			eap_gtc=false
 		fi
 else
   eap_gtc=false
+		eap_gtc_given=false
 
 fi
 
 
 # Check whether --enable-eap-aka was given.
 if test "${enable_eap_aka+set}" = set; then :
-  enableval=$enable_eap_aka; if test x$enableval = xyes; then
+  enableval=$enable_eap_aka; eap_aka_given=true
+		if test x$enableval = xyes; then
 			eap_aka=true
 		 else
 			eap_aka=false
 		fi
 else
   eap_aka=false
+		eap_aka_given=false
 
 fi
 
 
 # Check whether --enable-eap-aka-3gpp2 was given.
 if test "${enable_eap_aka_3gpp2+set}" = set; then :
-  enableval=$enable_eap_aka_3gpp2; if test x$enableval = xyes; then
+  enableval=$enable_eap_aka_3gpp2; eap_aka_3gpp2_given=true
+		if test x$enableval = xyes; then
 			eap_aka_3gpp2=true
 		 else
 			eap_aka_3gpp2=false
 		fi
 else
   eap_aka_3gpp2=false
+		eap_aka_3gpp2_given=false
 
 fi
 
 
 # Check whether --enable-eap-mschapv2 was given.
 if test "${enable_eap_mschapv2+set}" = set; then :
-  enableval=$enable_eap_mschapv2; if test x$enableval = xyes; then
+  enableval=$enable_eap_mschapv2; eap_mschapv2_given=true
+		if test x$enableval = xyes; then
 			eap_mschapv2=true
 		 else
 			eap_mschapv2=false
 		fi
 else
   eap_mschapv2=false
+		eap_mschapv2_given=false
 
 fi
 
 
 # Check whether --enable-eap-radius was given.
 if test "${enable_eap_radius+set}" = set; then :
-  enableval=$enable_eap_radius; if test x$enableval = xyes; then
+  enableval=$enable_eap_radius; eap_radius_given=true
+		if test x$enableval = xyes; then
 			eap_radius=true
 		 else
 			eap_radius=false
 		fi
 else
   eap_radius=false
+		eap_radius_given=false
 
 fi
 
 
 # Check whether --enable-kernel-netlink was given.
 if test "${enable_kernel_netlink+set}" = set; then :
-  enableval=$enable_kernel_netlink; if test x$enableval = xyes; then
+  enableval=$enable_kernel_netlink; kernel_netlink_given=true
+		if test x$enableval = xyes; then
 			kernel_netlink=true
 		 else
 			kernel_netlink=false
 		fi
 else
   kernel_netlink=true
+		kernel_netlink_given=false
 
 fi
 
 
 # Check whether --enable-kernel-pfkey was given.
 if test "${enable_kernel_pfkey+set}" = set; then :
-  enableval=$enable_kernel_pfkey; if test x$enableval = xyes; then
+  enableval=$enable_kernel_pfkey; kernel_pfkey_given=true
+		if test x$enableval = xyes; then
 			kernel_pfkey=true
 		 else
 			kernel_pfkey=false
 		fi
 else
   kernel_pfkey=false
+		kernel_pfkey_given=false
 
 fi
 
 
 # Check whether --enable-kernel-pfroute was given.
 if test "${enable_kernel_pfroute+set}" = set; then :
-  enableval=$enable_kernel_pfroute; if test x$enableval = xyes; then
+  enableval=$enable_kernel_pfroute; kernel_pfroute_given=true
+		if test x$enableval = xyes; then
 			kernel_pfroute=true
 		 else
 			kernel_pfroute=false
 		fi
 else
   kernel_pfroute=false
+		kernel_pfroute_given=false
 
 fi
 
 
 # Check whether --enable-kernel-klips was given.
 if test "${enable_kernel_klips+set}" = set; then :
-  enableval=$enable_kernel_klips; if test x$enableval = xyes; then
+  enableval=$enable_kernel_klips; kernel_klips_given=true
+		if test x$enableval = xyes; then
 			kernel_klips=true
 		 else
 			kernel_klips=false
 		fi
 else
   kernel_klips=false
+		kernel_klips_given=false
+
+fi
+
+
+# Check whether --enable-socket-default was given.
+if test "${enable_socket_default+set}" = set; then :
+  enableval=$enable_socket_default; socket_default_given=true
+		if test x$enableval = xyes; then
+			socket_default=true
+		 else
+			socket_default=false
+		fi
+else
+  socket_default=true
+		socket_default_given=false
+
+fi
+
+
+# Check whether --enable-socket-raw was given.
+if test "${enable_socket_raw+set}" = set; then :
+  enableval=$enable_socket_raw; socket_raw_given=true
+		if test x$enableval = xyes; then
+			socket_raw=true
+		 else
+			socket_raw=false
+		fi
+else
+  socket_raw=false
+		socket_raw_given=false
+
+fi
+
+
+# Check whether --enable-socket-dynamic was given.
+if test "${enable_socket_dynamic+set}" = set; then :
+  enableval=$enable_socket_dynamic; socket_dynamic_given=true
+		if test x$enableval = xyes; then
+			socket_dynamic=true
+		 else
+			socket_dynamic=false
+		fi
+else
+  socket_dynamic=false
+		socket_dynamic_given=false
+
+fi
+
+
+# Check whether --enable-farp was given.
+if test "${enable_farp+set}" = set; then :
+  enableval=$enable_farp; farp_given=true
+		if test x$enableval = xyes; then
+			farp=true
+		 else
+			farp=false
+		fi
+else
+  farp=false
+		farp_given=false
 
 fi
 
 
 # Check whether --enable-nat-transport was given.
 if test "${enable_nat_transport+set}" = set; then :
-  enableval=$enable_nat_transport; if test x$enableval = xyes; then
+  enableval=$enable_nat_transport; nat_transport_given=true
+		if test x$enableval = xyes; then
 			nat_transport=true
 		 else
 			nat_transport=false
 		fi
 else
   nat_transport=false
+		nat_transport_given=false
 
 fi
 
 
 # Check whether --enable-vendor-id was given.
 if test "${enable_vendor_id+set}" = set; then :
-  enableval=$enable_vendor_id; if test x$enableval = xyes; then
+  enableval=$enable_vendor_id; vendor_id_given=true
+		if test x$enableval = xyes; then
 			vendor_id=true
 		 else
 			vendor_id=false
 		fi
 else
   vendor_id=true
+		vendor_id_given=false
 
 fi
 
 
 # Check whether --enable-xauth-vid was given.
 if test "${enable_xauth_vid+set}" = set; then :
-  enableval=$enable_xauth_vid; if test x$enableval = xyes; then
+  enableval=$enable_xauth_vid; xauth_vid_given=true
+		if test x$enableval = xyes; then
 			xauth_vid=true
 		 else
 			xauth_vid=false
 		fi
 else
   xauth_vid=true
+		xauth_vid_given=false
 
 fi
 
 
 # Check whether --enable-dumm was given.
 if test "${enable_dumm+set}" = set; then :
-  enableval=$enable_dumm; if test x$enableval = xyes; then
+  enableval=$enable_dumm; dumm_given=true
+		if test x$enableval = xyes; then
 			dumm=true
 		 else
 			dumm=false
 		fi
 else
   dumm=false
+		dumm_given=false
 
 fi
 
 
 # Check whether --enable-fast was given.
 if test "${enable_fast+set}" = set; then :
-  enableval=$enable_fast; if test x$enableval = xyes; then
+  enableval=$enable_fast; fast_given=true
+		if test x$enableval = xyes; then
 			fast=true
 		 else
 			fast=false
 		fi
 else
   fast=false
+		fast_given=false
 
 fi
 
 
 # Check whether --enable-manager was given.
 if test "${enable_manager+set}" = set; then :
-  enableval=$enable_manager; if test x$enableval = xyes; then
+  enableval=$enable_manager; manager_given=true
+		if test x$enableval = xyes; then
 			manager=true
 		 else
 			manager=false
 		fi
 else
   manager=false
+		manager_given=false
 
 fi
 
 
 # Check whether --enable-mediation was given.
 if test "${enable_mediation+set}" = set; then :
-  enableval=$enable_mediation; if test x$enableval = xyes; then
+  enableval=$enable_mediation; mediation_given=true
+		if test x$enableval = xyes; then
 			mediation=true
 		 else
 			mediation=false
 		fi
 else
   mediation=false
+		mediation_given=false
 
 fi
 
 
 # Check whether --enable-integrity-test was given.
 if test "${enable_integrity_test+set}" = set; then :
-  enableval=$enable_integrity_test; if test x$enableval = xyes; then
+  enableval=$enable_integrity_test; integrity_test_given=true
+		if test x$enableval = xyes; then
 			integrity_test=true
 		 else
 			integrity_test=false
 		fi
 else
   integrity_test=false
+		integrity_test_given=false
 
 fi
 
 
 # Check whether --enable-pluto was given.
 if test "${enable_pluto+set}" = set; then :
-  enableval=$enable_pluto; if test x$enableval = xyes; then
+  enableval=$enable_pluto; pluto_given=true
+		if test x$enableval = xyes; then
 			pluto=true
 		 else
 			pluto=false
 		fi
 else
   pluto=true
+		pluto_given=false
 
 fi
 
 
 # Check whether --enable-threads was given.
 if test "${enable_threads+set}" = set; then :
-  enableval=$enable_threads; if test x$enableval = xyes; then
+  enableval=$enable_threads; threads_given=true
+		if test x$enableval = xyes; then
 			threads=true
 		 else
 			threads=false
 		fi
 else
   threads=true
+		threads_given=false
 
 fi
 
 
 # Check whether --enable-charon was given.
 if test "${enable_charon+set}" = set; then :
-  enableval=$enable_charon; if test x$enableval = xyes; then
+  enableval=$enable_charon; charon_given=true
+		if test x$enableval = xyes; then
 			charon=true
 		 else
 			charon=false
 		fi
 else
   charon=true
+		charon_given=false
 
 fi
 
 
 # Check whether --enable-tools was given.
 if test "${enable_tools+set}" = set; then :
-  enableval=$enable_tools; if test x$enableval = xyes; then
+  enableval=$enable_tools; tools_given=true
+		if test x$enableval = xyes; then
 			tools=true
 		 else
 			tools=false
 		fi
 else
   tools=true
+		tools_given=false
 
 fi
 
 
 # Check whether --enable-scripts was given.
 if test "${enable_scripts+set}" = set; then :
-  enableval=$enable_scripts; if test x$enableval = xyes; then
+  enableval=$enable_scripts; scripts_given=true
+		if test x$enableval = xyes; then
 			scripts=true
 		 else
 			scripts=false
 		fi
 else
   scripts=true
+		scripts_given=false
 
 fi
 
 
 # Check whether --enable-updown was given.
 if test "${enable_updown+set}" = set; then :
-  enableval=$enable_updown; if test x$enableval = xyes; then
+  enableval=$enable_updown; updown_given=true
+		if test x$enableval = xyes; then
 			updown=true
 		 else
 			updown=false
 		fi
 else
   updown=true
+		updown_given=false
 
 fi
 
 
 # Check whether --enable-attr was given.
 if test "${enable_attr+set}" = set; then :
-  enableval=$enable_attr; if test x$enableval = xyes; then
+  enableval=$enable_attr; attr_given=true
+		if test x$enableval = xyes; then
 			attr=true
 		 else
 			attr=false
 		fi
 else
   attr=true
+		attr_given=false
 
 fi
 
 
 # Check whether --enable-attr-sql was given.
 if test "${enable_attr_sql+set}" = set; then :
-  enableval=$enable_attr_sql; if test x$enableval = xyes; then
+  enableval=$enable_attr_sql; attr_sql_given=true
+		if test x$enableval = xyes; then
 			attr_sql=true
 		 else
 			attr_sql=false
 		fi
 else
   attr_sql=false
+		attr_sql_given=false
+
+fi
+
+
+# Check whether --enable-dhcp was given.
+if test "${enable_dhcp+set}" = set; then :
+  enableval=$enable_dhcp; dhcp_given=true
+		if test x$enableval = xyes; then
+			dhcp=true
+		 else
+			dhcp=false
+		fi
+else
+  dhcp=false
+		dhcp_given=false
 
 fi
 
 
 # Check whether --enable-resolve was given.
 if test "${enable_resolve+set}" = set; then :
-  enableval=$enable_resolve; if test x$enableval = xyes; then
+  enableval=$enable_resolve; resolve_given=true
+		if test x$enableval = xyes; then
 			resolve=true
 		 else
 			resolve=false
 		fi
 else
   resolve=true
+		resolve_given=false
 
 fi
 
 
 # Check whether --enable-padlock was given.
 if test "${enable_padlock+set}" = set; then :
-  enableval=$enable_padlock; if test x$enableval = xyes; then
+  enableval=$enable_padlock; padlock_given=true
+		if test x$enableval = xyes; then
 			padlock=true
 		 else
 			padlock=false
 		fi
 else
   padlock=false
+		padlock_given=false
 
 fi
 
 
 # Check whether --enable-openssl was given.
 if test "${enable_openssl+set}" = set; then :
-  enableval=$enable_openssl; if test x$enableval = xyes; then
+  enableval=$enable_openssl; openssl_given=true
+		if test x$enableval = xyes; then
 			openssl=true
 		 else
 			openssl=false
 		fi
 else
   openssl=false
+		openssl_given=false
 
 fi
 
 
 # Check whether --enable-gcrypt was given.
 if test "${enable_gcrypt+set}" = set; then :
-  enableval=$enable_gcrypt; if test x$enableval = xyes; then
+  enableval=$enable_gcrypt; gcrypt_given=true
+		if test x$enableval = xyes; then
 			gcrypt=true
 		 else
 			gcrypt=false
 		fi
 else
   gcrypt=false
+		gcrypt_given=false
 
 fi
 
 
 # Check whether --enable-agent was given.
 if test "${enable_agent+set}" = set; then :
-  enableval=$enable_agent; if test x$enableval = xyes; then
+  enableval=$enable_agent; agent_given=true
+		if test x$enableval = xyes; then
 			agent=true
 		 else
 			agent=false
 		fi
 else
   agent=false
+		agent_given=false
 
 fi
 
 
 # Check whether --enable-uci was given.
 if test "${enable_uci+set}" = set; then :
-  enableval=$enable_uci; if test x$enableval = xyes; then
+  enableval=$enable_uci; uci_given=true
+		if test x$enableval = xyes; then
 			uci=true
 		 else
 			uci=false
 		fi
 else
   uci=false
+		uci_given=false
+
+fi
+
+
+# Check whether --enable-android was given.
+if test "${enable_android+set}" = set; then :
+  enableval=$enable_android; android_given=true
+		if test x$enableval = xyes; then
+			android=true
+		 else
+			android=false
+		fi
+else
+  android=false
+		android_given=false
 
 fi
 
 
 # Check whether --enable-nm was given.
 if test "${enable_nm+set}" = set; then :
-  enableval=$enable_nm; if test x$enableval = xyes; then
+  enableval=$enable_nm; nm_given=true
+		if test x$enableval = xyes; then
 			nm=true
 		 else
 			nm=false
 		fi
 else
   nm=false
+		nm_given=false
+
+fi
+
+
+# Check whether --enable-ha was given.
+if test "${enable_ha+set}" = set; then :
+  enableval=$enable_ha; ha_given=true
+		if test x$enableval = xyes; then
+			ha=true
+		 else
+			ha=false
+		fi
+else
+  ha=false
+		ha_given=false
 
 fi
 
 
 # Check whether --enable-vstr was given.
 if test "${enable_vstr+set}" = set; then :
-  enableval=$enable_vstr; if test x$enableval = xyes; then
+  enableval=$enable_vstr; vstr_given=true
+		if test x$enableval = xyes; then
 			vstr=true
 		 else
 			vstr=false
 		fi
 else
   vstr=false
+		vstr_given=false
+
+fi
+
+
+# Check whether --enable-monolithic was given.
+if test "${enable_monolithic+set}" = set; then :
+  enableval=$enable_monolithic; monolithic_given=true
+		if test x$enableval = xyes; then
+			monolithic=true
+		 else
+			monolithic=false
+		fi
+else
+  monolithic=false
+		monolithic_given=false
 
 fi
 
@@ -6997,13 +7316,13 @@ if test "${lt_cv_nm_interface+set}" = set; then :
 else
   lt_cv_nm_interface="BSD nm"
   echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:7000: $ac_compile\"" >&5)
+  (eval echo "\"\$as_me:7319: $ac_compile\"" >&5)
   (eval "$ac_compile" 2>conftest.err)
   cat conftest.err >&5
-  (eval echo "\"\$as_me:7003: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+  (eval echo "\"\$as_me:7322: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
   (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
   cat conftest.err >&5
-  (eval echo "\"\$as_me:7006: output\"" >&5)
+  (eval echo "\"\$as_me:7325: output\"" >&5)
   cat conftest.out >&5
   if $GREP 'External.*some_variable' conftest.out > /dev/null; then
     lt_cv_nm_interface="MS dumpbin"
@@ -8208,7 +8527,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 8211 "configure"' > conftest.$ac_ext
+  echo '#line 8530 "configure"' > conftest.$ac_ext
   if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -9470,11 +9789,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9473: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:9792: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:9477: \$? = $ac_status" >&5
+   echo "$as_me:9796: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -9809,11 +10128,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9812: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:10131: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:9816: \$? = $ac_status" >&5
+   echo "$as_me:10135: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -9914,11 +10233,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9917: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:10236: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:9921: \$? = $ac_status" >&5
+   echo "$as_me:10240: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -9969,11 +10288,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:9972: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:10291: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:9976: \$? = $ac_status" >&5
+   echo "$as_me:10295: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -12352,7 +12671,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 12355 "configure"
+#line 12674 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -12448,7 +12767,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 12451 "configure"
+#line 12770 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -13110,7 +13429,6 @@ fi
 
 if test x$eap_aka = xtrue; then
 	fips_prf=true;
-	sha1=true;
 	simaka=true;
 fi
 
@@ -13120,7 +13438,9 @@ if test x$eap_sim = xtrue; then
 fi
 
 if test x$fips_prf = xtrue; then
-	sha1=true;
+	if test x$openssl = xfalse; then
+		sha1=true;
+	fi
 fi
 
 if test x$smp = xtrue; then
@@ -13140,6 +13460,17 @@ if test x$medcli = xtrue; then
 	mediation=true
 fi
 
+if test x$pluto = xtrue; then
+	if test x$socket_raw = xfalse; then
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: Enforcing --enable-socket-raw, as pluto is enabled" >&5
+$as_echo "$as_me: Enforcing --enable-socket-raw, as pluto is enabled" >&6;}
+		socket_raw=true
+		if test x$socket_default_given = xfalse; then
+			socket_default=false
+		fi
+	fi
+fi
+
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5
 $as_echo_n "checking for stdbool.h that conforms to C99... " >&6; }
@@ -14213,6 +14544,7 @@ ac_cv_lib_vstr=ac_cv_lib_vstr_main
 fi
 
 if test x$gmp = xtrue; then
+	saved_LIBS=$LIBS
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lgmp" >&5
 $as_echo_n "checking for main in -lgmp... " >&6; }
 if test "${ac_cv_lib_gmp_main+set}" = set; then :
@@ -14244,12 +14576,48 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp_main" >&5
 $as_echo "$ac_cv_lib_gmp_main" >&6; }
 if test "x$ac_cv_lib_gmp_main" = x""yes; then :
-  LIBS="$LIBS"
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBGMP 1
+_ACEOF
+
+  LIBS="-lgmp $LIBS"
+
 else
   as_fn_error "GNU Multi Precision library gmp not found" "$LINENO" 5
 fi
 ac_cv_lib_gmp=ac_cv_lib_gmp_main
 
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking mpz_powm_sec" >&5
+$as_echo_n "checking mpz_powm_sec... " >&6; }
+	if test x$mpz_powm_sec = xyes; then
+		cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include "gmp.h"
+int
+main ()
+{
+
+				void *x = mpz_powm_sec;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }; $as_echo "#define HAVE_MPZ_POWM_SEC 1" >>confdefs.h
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+	else
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5
+$as_echo "disabled" >&6; }
+	fi
+	LIBS=$saved_LIBS
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking gmp.h version >= 4.1.4" >&5
 $as_echo_n "checking gmp.h version >= 4.1.4... " >&6; }
 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -15145,6 +15513,56 @@ fi
 
 fi
 
+if test x$android = xtrue; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcutils" >&5
+$as_echo_n "checking for main in -lcutils... " >&6; }
+if test "${ac_cv_lib_cutils_main+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcutils  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_cutils_main=yes
+else
+  ac_cv_lib_cutils_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cutils_main" >&5
+$as_echo "$ac_cv_lib_cutils_main" >&6; }
+if test "x$ac_cv_lib_cutils_main" = x""yes; then :
+  LIBS="$LIBS"
+else
+  as_fn_error "Android library libcutils not found" "$LINENO" 5
+fi
+ac_cv_lib_cutils=ac_cv_lib_cutils_main
+
+	ac_fn_c_check_header_mongrel "$LINENO" "cutils/properties.h" "ac_cv_header_cutils_properties_h" "$ac_includes_default"
+if test "x$ac_cv_header_cutils_properties_h" = x""yes; then :
+
+else
+  as_fn_error "Android header cutils/properties.h not found!" "$LINENO" 5
+fi
+
+
+			DLLIB="-ldl"
+
+fi
+
 if test x$nm = xtrue; then
 	if test -n "$PKG_CONFIG" && \
     { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5
@@ -15488,6 +15906,7 @@ fi
 
 
 libstrongswan_plugins=
+libhydra_plugins=
 pluto_plugins=
 
 if test x$test_vectors = xtrue; then
@@ -15529,9 +15948,6 @@ if test x$md5 = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" md5"
 	pluto_plugins=${pluto_plugins}" md5"
 fi
-if test x$fips_prf = xtrue; then
-	libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
-fi
 if test x$random = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" random"
 	pluto_plugins=${pluto_plugins}" random"
@@ -15568,10 +15984,6 @@ if test x$sqlite = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" sqlite"
 	pluto_plugins=${pluto_plugins}" sqlite"
 fi
-if test x$attr_sql = xtrue -o x$sql = xtrue; then
-	libstrongswan_plugins=${libstrongswan_plugins}" attr-sql"
-	pluto_plugins=${pluto_plugins}" attr-sql"
-fi
 if test x$padlock = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" padlock"
 fi
@@ -15583,6 +15995,9 @@ if test x$gcrypt = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" gcrypt"
 	pluto_plugins=${pluto_plugins}" gcrypt"
 fi
+if test x$fips_prf = xtrue; then
+	libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
+fi
 if test x$xcbc = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" xcbc"
 fi
@@ -15597,6 +16012,15 @@ if test x$gmp = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" gmp"
 	pluto_plugins=${pluto_plugins}" gmp"
 fi
+if test x$attr = xtrue; then
+	libhydra_plugins=${libhydra_plugins}" attr"
+	pluto_plugins=${pluto_plugins}" attr"
+fi
+if test x$attr_sql = xtrue -o x$sql = xtrue; then
+	libhydra_plugins=${libhydra_plugins}" attr-sql"
+	pluto_plugins=${pluto_plugins}" attr-sql"
+fi
+
 
 
 
@@ -15867,6 +16291,14 @@ else
   USE_UCI_FALSE=
 fi
 
+ if test x$android = xtrue; then
+  USE_ANDROID_TRUE=
+  USE_ANDROID_FALSE='#'
+else
+  USE_ANDROID_TRUE='#'
+  USE_ANDROID_FALSE=
+fi
+
  if test x$smp = xtrue; then
   USE_SMP_TRUE=
   USE_SMP_FALSE='#'
@@ -15899,6 +16331,14 @@ else
   USE_ATTR_FALSE=
 fi
 
+ if test x$dhcp = xtrue; then
+  USE_DHCP_TRUE=
+  USE_DHCP_FALSE='#'
+else
+  USE_DHCP_TRUE='#'
+  USE_DHCP_FALSE=
+fi
+
  if test x$resolve = xtrue; then
   USE_RESOLVE_TRUE=
   USE_RESOLVE_FALSE='#'
@@ -15923,6 +16363,14 @@ else
   USE_LOAD_TESTER_FALSE=
 fi
 
+ if test x$ha = xtrue; then
+  USE_HA_TRUE=
+  USE_HA_FALSE='#'
+else
+  USE_HA_TRUE='#'
+  USE_HA_FALSE=
+fi
+
  if test x$eap_sim = xtrue; then
   USE_EAP_SIM_TRUE=
   USE_EAP_SIM_FALSE='#'
@@ -16043,6 +16491,38 @@ else
   USE_KERNEL_KLIPS_FALSE=
 fi
 
+ if test x$socket_default = xtrue; then
+  USE_SOCKET_DEFAULT_TRUE=
+  USE_SOCKET_DEFAULT_FALSE='#'
+else
+  USE_SOCKET_DEFAULT_TRUE='#'
+  USE_SOCKET_DEFAULT_FALSE=
+fi
+
+ if test x$socket_raw = xtrue; then
+  USE_SOCKET_RAW_TRUE=
+  USE_SOCKET_RAW_FALSE='#'
+else
+  USE_SOCKET_RAW_TRUE='#'
+  USE_SOCKET_RAW_FALSE=
+fi
+
+ if test x$socket_dynamic = xtrue; then
+  USE_SOCKET_DYNAMIC_TRUE=
+  USE_SOCKET_DYNAMIC_FALSE='#'
+else
+  USE_SOCKET_DYNAMIC_TRUE='#'
+  USE_SOCKET_DYNAMIC_FALSE=
+fi
+
+ if test x$farp = xtrue; then
+  USE_FARP_TRUE=
+  USE_FARP_FALSE='#'
+else
+  USE_FARP_TRUE='#'
+  USE_FARP_FALSE=
+fi
+
 
  if test x$smartcard = xtrue; then
   USE_SMARTCARD_TRUE=
@@ -16196,6 +16676,14 @@ else
   USE_LIBSTRONGSWAN_FALSE=
 fi
 
+ if test x$charon = xtrue -o x$pluto = xtrue; then
+  USE_LIBHYDRA_TRUE=
+  USE_LIBHYDRA_FALSE='#'
+else
+  USE_LIBHYDRA_TRUE='#'
+  USE_LIBHYDRA_FALSE=
+fi
+
  if test x$pluto = xtrue -o x$stroke = xtrue; then
   USE_FILE_CONFIG_TRUE=
   USE_FILE_CONFIG_FALSE='#'
@@ -16220,6 +16708,14 @@ else
   USE_SIMAKA_FALSE=
 fi
 
+ if test x$monolithic = xtrue; then
+  MONOLITHIC_TRUE=
+  MONOLITHIC_FALSE='#'
+else
+  MONOLITHIC_TRUE='#'
+  MONOLITHIC_FALSE=
+fi
+
 
 
 if test x$mediation = xtrue; then
@@ -16230,9 +16726,14 @@ if test x$capabilities = xlibcap; then
 	$as_echo "#define CAPABILITIES 1" >>confdefs.h
 
 fi
+if test x$monolithic = xtrue; then
+	$as_echo "#define MONOLITHIC 1" >>confdefs.h
+
+fi
+
 
 
-ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/attr_sql/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_aka_3gpp2/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_simaka_pseudonym/Makefile src/charon/plugins/eap_simaka_reauth/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_pfroute/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/attr/Makefile src/charon/plugins/resolve/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile"
+ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_klips/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -16516,6 +17017,10 @@ if test -z "${USE_UCI_TRUE}" && test -z "${USE_UCI_FALSE}"; then
   as_fn_error "conditional \"USE_UCI\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_ANDROID_TRUE}" && test -z "${USE_ANDROID_FALSE}"; then
+  as_fn_error "conditional \"USE_ANDROID\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then
   as_fn_error "conditional \"USE_SMP\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16532,6 +17037,10 @@ if test -z "${USE_ATTR_TRUE}" && test -z "${USE_ATTR_FALSE}"; then
   as_fn_error "conditional \"USE_ATTR\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_DHCP_TRUE}" && test -z "${USE_DHCP_FALSE}"; then
+  as_fn_error "conditional \"USE_DHCP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_RESOLVE_TRUE}" && test -z "${USE_RESOLVE_FALSE}"; then
   as_fn_error "conditional \"USE_RESOLVE\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16544,6 +17053,10 @@ if test -z "${USE_LOAD_TESTER_TRUE}" && test -z "${USE_LOAD_TESTER_FALSE}"; then
   as_fn_error "conditional \"USE_LOAD_TESTER\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_HA_TRUE}" && test -z "${USE_HA_FALSE}"; then
+  as_fn_error "conditional \"USE_HA\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_EAP_SIM_TRUE}" && test -z "${USE_EAP_SIM_FALSE}"; then
   as_fn_error "conditional \"USE_EAP_SIM\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16604,6 +17117,22 @@ if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; th
   as_fn_error "conditional \"USE_KERNEL_KLIPS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_SOCKET_DEFAULT_TRUE}" && test -z "${USE_SOCKET_DEFAULT_FALSE}"; then
+  as_fn_error "conditional \"USE_SOCKET_DEFAULT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_SOCKET_RAW_TRUE}" && test -z "${USE_SOCKET_RAW_FALSE}"; then
+  as_fn_error "conditional \"USE_SOCKET_RAW\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_SOCKET_DYNAMIC_TRUE}" && test -z "${USE_SOCKET_DYNAMIC_FALSE}"; then
+  as_fn_error "conditional \"USE_SOCKET_DYNAMIC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_FARP_TRUE}" && test -z "${USE_FARP_FALSE}"; then
+  as_fn_error "conditional \"USE_FARP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_SMARTCARD_TRUE}" && test -z "${USE_SMARTCARD_FALSE}"; then
   as_fn_error "conditional \"USE_SMARTCARD\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16680,6 +17209,10 @@ if test -z "${USE_LIBSTRONGSWAN_TRUE}" && test -z "${USE_LIBSTRONGSWAN_FALSE}";
   as_fn_error "conditional \"USE_LIBSTRONGSWAN\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${USE_LIBHYDRA_TRUE}" && test -z "${USE_LIBHYDRA_FALSE}"; then
+  as_fn_error "conditional \"USE_LIBHYDRA\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then
   as_fn_error "conditional \"USE_FILE_CONFIG\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -16692,6 +17225,10 @@ if test -z "${USE_SIMAKA_TRUE}" && test -z "${USE_SIMAKA_FALSE}"; then
   as_fn_error "conditional \"USE_SIMAKA\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then
+  as_fn_error "conditional \"MONOLITHIC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 
 : ${CONFIG_STATUS=./config.status}
 ac_write_fail=0
@@ -17100,7 +17637,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by strongSwan $as_me 4.3.6, which was
+This file was extended by strongSwan $as_me 4.4.0, which was
 generated by GNU Autoconf 2.64.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -17155,7 +17692,7 @@ Report bugs to the package provider."
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_version="\\
-strongSwan config.status 4.3.6
+strongSwan config.status 4.4.0
 configured by $0, generated by GNU Autoconf 2.64,
   with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
 
@@ -17548,44 +18085,53 @@ do
     "src/libstrongswan/plugins/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ldap/Makefile" ;;
     "src/libstrongswan/plugins/mysql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/mysql/Makefile" ;;
     "src/libstrongswan/plugins/sqlite/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sqlite/Makefile" ;;
-    "src/libstrongswan/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/attr_sql/Makefile" ;;
     "src/libstrongswan/plugins/padlock/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/padlock/Makefile" ;;
     "src/libstrongswan/plugins/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/openssl/Makefile" ;;
     "src/libstrongswan/plugins/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcrypt/Makefile" ;;
     "src/libstrongswan/plugins/agent/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/agent/Makefile" ;;
     "src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;;
+    "src/libhydra/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/Makefile" ;;
+    "src/libhydra/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr/Makefile" ;;
+    "src/libhydra/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr_sql/Makefile" ;;
     "src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;;
     "src/libsimaka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libsimaka/Makefile" ;;
     "src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;;
     "src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;;
     "src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;;
-    "src/charon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka/Makefile" ;;
-    "src/charon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka_3gpp2/Makefile" ;;
-    "src/charon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_identity/Makefile" ;;
-    "src/charon/plugins/eap_md5/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_md5/Makefile" ;;
-    "src/charon/plugins/eap_gtc/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_gtc/Makefile" ;;
-    "src/charon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim/Makefile" ;;
-    "src/charon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim_file/Makefile" ;;
-    "src/charon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_pseudonym/Makefile" ;;
-    "src/charon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_reauth/Makefile" ;;
-    "src/charon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_mschapv2/Makefile" ;;
-    "src/charon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_radius/Makefile" ;;
-    "src/charon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_netlink/Makefile" ;;
-    "src/charon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfkey/Makefile" ;;
-    "src/charon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfroute/Makefile" ;;
-    "src/charon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_klips/Makefile" ;;
-    "src/charon/plugins/smp/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/smp/Makefile" ;;
-    "src/charon/plugins/sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/sql/Makefile" ;;
-    "src/charon/plugins/medsrv/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/medsrv/Makefile" ;;
-    "src/charon/plugins/medcli/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/medcli/Makefile" ;;
-    "src/charon/plugins/nm/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/nm/Makefile" ;;
-    "src/charon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/uci/Makefile" ;;
-    "src/charon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/stroke/Makefile" ;;
-    "src/charon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/updown/Makefile" ;;
-    "src/charon/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/attr/Makefile" ;;
-    "src/charon/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/resolve/Makefile" ;;
-    "src/charon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/unit_tester/Makefile" ;;
-    "src/charon/plugins/load_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/load_tester/Makefile" ;;
+    "src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;;
+    "src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;;
+    "src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;;
+    "src/libcharon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_identity/Makefile" ;;
+    "src/libcharon/plugins/eap_md5/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_md5/Makefile" ;;
+    "src/libcharon/plugins/eap_gtc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_gtc/Makefile" ;;
+    "src/libcharon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_sim/Makefile" ;;
+    "src/libcharon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_sim_file/Makefile" ;;
+    "src/libcharon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_pseudonym/Makefile" ;;
+    "src/libcharon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_reauth/Makefile" ;;
+    "src/libcharon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_mschapv2/Makefile" ;;
+    "src/libcharon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_radius/Makefile" ;;
+    "src/libcharon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_netlink/Makefile" ;;
+    "src/libcharon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfkey/Makefile" ;;
+    "src/libcharon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfroute/Makefile" ;;
+    "src/libcharon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_klips/Makefile" ;;
+    "src/libcharon/plugins/socket_default/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_default/Makefile" ;;
+    "src/libcharon/plugins/socket_raw/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_raw/Makefile" ;;
+    "src/libcharon/plugins/socket_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_dynamic/Makefile" ;;
+    "src/libcharon/plugins/farp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/farp/Makefile" ;;
+    "src/libcharon/plugins/smp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/smp/Makefile" ;;
+    "src/libcharon/plugins/sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/sql/Makefile" ;;
+    "src/libcharon/plugins/medsrv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/medsrv/Makefile" ;;
+    "src/libcharon/plugins/medcli/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/medcli/Makefile" ;;
+    "src/libcharon/plugins/nm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/nm/Makefile" ;;
+    "src/libcharon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/uci/Makefile" ;;
+    "src/libcharon/plugins/ha/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/ha/Makefile" ;;
+    "src/libcharon/plugins/android/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android/Makefile" ;;
+    "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;;
+    "src/libcharon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/updown/Makefile" ;;
+    "src/libcharon/plugins/dhcp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/dhcp/Makefile" ;;
+    "src/libcharon/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/resolve/Makefile" ;;
+    "src/libcharon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/unit_tester/Makefile" ;;
+    "src/libcharon/plugins/load_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/load_tester/Makefile" ;;
     "src/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/stroke/Makefile" ;;
     "src/ipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/ipsec/Makefile" ;;
     "src/starter/Makefile") CONFIG_FILES="$CONFIG_FILES src/starter/Makefile" ;;
diff --git a/configure.in b/configure.in
index 8ba844e9b..efcccbb42 100644
--- a/configure.in
+++ b/configure.in
@@ -16,7 +16,7 @@ dnl ===========================
 dnl  initialize & set some vars
 dnl ===========================
 
-AC_INIT(strongSwan,4.3.6)
+AC_INIT(strongSwan,4.4.0)
 AM_INIT_AUTOMAKE(tar-ustar)
 AC_CONFIG_MACRO_DIR([m4/config])
 PKG_PROG_PKG_CONFIG
@@ -41,6 +41,7 @@ ARG_WITH_SUBST([routing-table],      [220], [set routing table to use for IPsec
 ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
 
 ARG_WITH_SET([capabilities],         [no], [set capability dropping library. Currently only the value "libcap" is supported])
+ARG_WITH_SET([mpz_powm_sec],         [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
 
 AC_ARG_WITH(
 	[xauth-module],
@@ -113,6 +114,10 @@ ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.])
 ARG_ENABL_SET([kernel-pfkey],   [enable the PF_KEY kernel interface.])
 ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.])
 ARG_ENABL_SET([kernel-klips],   [enable the KLIPS kernel interface.])
+ARG_DISBL_SET([socket-default], [disable default socket implementation for charon.])
+ARG_ENABL_SET([socket-raw],     [enable raw socket implementation of charon, enforced if pluto is enabled])
+ARG_ENABL_SET([socket-dynamic], [enable dynamic socket implementation for charon])
+ARG_ENABL_SET([farp],           [enable ARP faking plugin that responds to ARP requests to peers virtual IP])
 ARG_ENABL_SET([nat-transport],  [enable NAT traversal with IPsec transport mode in pluto.])
 ARG_DISBL_SET([vendor-id],      [disable the sending of the strongSwan vendor ID in pluto.])
 ARG_DISBL_SET([xauth-vid],      [disable the sending of the XAUTH vendor ID.])
@@ -129,14 +134,18 @@ ARG_DISBL_SET([scripts],        [disable additional utilities (found in director
 ARG_DISBL_SET([updown],         [disable updown firewall script plugin.])
 ARG_DISBL_SET([attr],           [disable strongswan.conf based configuration attribute plugin.])
 ARG_ENABL_SET([attr-sql],       [enable SQL based configuration attribute plugin.])
+ARG_ENABL_SET([dhcp],           [enable DHCP based attribute provider plugin.])
 ARG_DISBL_SET([resolve],        [disable resolve DNS handler plugin.])
 ARG_ENABL_SET([padlock],        [enables VIA Padlock crypto plugin.])
 ARG_ENABL_SET([openssl],        [enables the OpenSSL crypto plugin.])
 ARG_ENABL_SET([gcrypt],         [enables the libgcrypt plugin.])
 ARG_ENABL_SET([agent],          [enables the ssh-agent signing plugin.])
 ARG_ENABL_SET([uci],            [enable OpenWRT UCI configuration plugin.])
+ARG_ENABL_SET([android],        [enable Android specific plugin.])
 ARG_ENABL_SET([nm],             [enable NetworkManager plugin.])
+ARG_ENABL_SET([ha],             [enable high availability cluster plugin.])
 ARG_ENABL_SET([vstr],           [enforce using the Vstr string library to replace glibc-like printf hooks.])
+ARG_ENABL_SET([monolithic],     [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.])
 
 dnl =========================
 dnl  set up compiler and flags
@@ -202,7 +211,6 @@ fi
 
 if test x$eap_aka = xtrue; then
 	fips_prf=true;
-	sha1=true;
 	simaka=true;
 fi
 
@@ -212,7 +220,9 @@ if test x$eap_sim = xtrue; then
 fi
 
 if test x$fips_prf = xtrue; then
-	sha1=true;
+	if test x$openssl = xfalse; then
+		sha1=true;
+	fi
 fi
 
 if test x$smp = xtrue; then
@@ -232,6 +242,16 @@ if test x$medcli = xtrue; then
 	mediation=true
 fi
 
+if test x$pluto = xtrue; then
+	if test x$socket_raw = xfalse; then
+		AC_MSG_NOTICE([Enforcing --enable-socket-raw, as pluto is enabled])
+		socket_raw=true
+		if test x$socket_default_given = xfalse; then
+			socket_default=false
+		fi
+	fi
+fi
+
 dnl ===========================================
 dnl  check required libraries and header files
 dnl ===========================================
@@ -431,7 +451,21 @@ if test x$vstr = xtrue; then
 fi
 
 if test x$gmp = xtrue; then
-	AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+	saved_LIBS=$LIBS
+	AC_HAVE_LIBRARY([gmp],,[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+	AC_MSG_CHECKING([mpz_powm_sec])
+	if test x$mpz_powm_sec = xyes; then
+		AC_TRY_COMPILE(
+			[#include "gmp.h"],
+			[
+				void *x = mpz_powm_sec;
+			],
+			[AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_MPZ_POWM_SEC)], [AC_MSG_RESULT([no])]
+		)
+	else
+		AC_MSG_RESULT([disabled])
+	fi
+	LIBS=$saved_LIBS
 	AC_MSG_CHECKING([gmp.h version >= 4.1.4])
 	AC_TRY_COMPILE(
 		[#include "gmp.h"],
@@ -554,6 +588,15 @@ if test x$uci = xtrue; then
 	AC_CHECK_HEADER([uci.h],,[AC_MSG_ERROR([UCI header uci.h not found!])])
 fi
 
+if test x$android = xtrue; then
+	AC_HAVE_LIBRARY([cutils],[LIBS="$LIBS"],[AC_MSG_ERROR([Android library libcutils not found])])
+	AC_CHECK_HEADER([cutils/properties.h],,[AC_MSG_ERROR([Android header cutils/properties.h not found!])])
+	dnl we have to force the use of libdl here because the autodetection
+	dnl above does not work correctly when cross-compiling for android.
+	DLLIB="-ldl"
+	AC_SUBST(DLLIB)
+fi
+
 if test x$nm = xtrue; then
 	PKG_CHECK_EXISTS([libnm-glib],
 		[PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn])],
@@ -592,11 +635,12 @@ if test x$integrity_test = xtrue; then
 	)
 fi
 
-dnl ======================================
-dnl  collect all plugins for libstrongswan
-dnl ======================================
+dnl ==========================================================
+dnl  collect all plugins for libstrongswan, libhydra and pluto
+dnl ==========================================================
 
 libstrongswan_plugins=
+libhydra_plugins=
 pluto_plugins=
 
 if test x$test_vectors = xtrue; then
@@ -638,9 +682,6 @@ if test x$md5 = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" md5"
 	pluto_plugins=${pluto_plugins}" md5"
 fi
-if test x$fips_prf = xtrue; then
-	libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
-fi
 if test x$random = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" random"
 	pluto_plugins=${pluto_plugins}" random"
@@ -677,10 +718,6 @@ if test x$sqlite = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" sqlite"
 	pluto_plugins=${pluto_plugins}" sqlite"
 fi
-if test x$attr_sql = xtrue -o x$sql = xtrue; then
-	libstrongswan_plugins=${libstrongswan_plugins}" attr-sql"
-	pluto_plugins=${pluto_plugins}" attr-sql"
-fi
 if test x$padlock = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" padlock"
 fi
@@ -692,6 +729,9 @@ if test x$gcrypt = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" gcrypt"
 	pluto_plugins=${pluto_plugins}" gcrypt"
 fi
+if test x$fips_prf = xtrue; then
+	libstrongswan_plugins=${libstrongswan_plugins}" fips-prf"
+fi
 if test x$xcbc = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" xcbc"
 fi
@@ -706,8 +746,17 @@ if test x$gmp = xtrue; then
 	libstrongswan_plugins=${libstrongswan_plugins}" gmp"
 	pluto_plugins=${pluto_plugins}" gmp"
 fi
+if test x$attr = xtrue; then
+	libhydra_plugins=${libhydra_plugins}" attr"
+	pluto_plugins=${pluto_plugins}" attr"
+fi
+if test x$attr_sql = xtrue -o x$sql = xtrue; then
+	libhydra_plugins=${libhydra_plugins}" attr-sql"
+	pluto_plugins=${pluto_plugins}" attr-sql"
+fi
 
 AC_SUBST(libstrongswan_plugins)
+AC_SUBST(libhydra_plugins)
 AC_SUBST(pluto_plugins)
 
 dnl =========================
@@ -752,13 +801,16 @@ AM_CONDITIONAL(USE_MEDSRV, test x$medsrv = xtrue)
 AM_CONDITIONAL(USE_MEDCLI, test x$medcli = xtrue)
 AM_CONDITIONAL(USE_NM, test x$nm = xtrue)
 AM_CONDITIONAL(USE_UCI, test x$uci = xtrue)
+AM_CONDITIONAL(USE_ANDROID, test x$android = xtrue)
 AM_CONDITIONAL(USE_SMP, test x$smp = xtrue)
 AM_CONDITIONAL(USE_SQL, test x$sql = xtrue)
 AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue)
 AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue)
+AM_CONDITIONAL(USE_DHCP, test x$dhcp = xtrue)
 AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue)
 AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tests = xtrue)
 AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue)
+AM_CONDITIONAL(USE_HA, test x$ha = xtrue)
 AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue)
 AM_CONDITIONAL(USE_EAP_SIM_FILE, test x$eap_sim_file = xtrue)
 AM_CONDITIONAL(USE_EAP_SIMAKA_PSEUDONYM, test x$eap_simaka_pseudonym = xtrue)
@@ -774,6 +826,10 @@ AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue)
 AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue)
 AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue)
 AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue)
+AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue)
+AM_CONDITIONAL(USE_SOCKET_RAW, test x$socket_raw = xtrue)
+AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue)
+AM_CONDITIONAL(USE_FARP, test x$farp = xtrue)
 
 dnl other options
 dnl =============
@@ -796,9 +852,11 @@ AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue)
 AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue)
 AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
 AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue)
+AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue)
 AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue)
 AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue)
 AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue)
+AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue)
 
 dnl ==============================
 dnl  set global definitions
@@ -810,6 +868,10 @@ fi
 if test x$capabilities = xlibcap; then
 	AC_DEFINE(CAPABILITIES)
 fi
+if test x$monolithic = xtrue; then
+	AC_DEFINE(MONOLITHIC)
+fi
+
 
 dnl ==============================
 dnl  build Makefiles
@@ -842,44 +904,53 @@ AC_OUTPUT(
 	src/libstrongswan/plugins/ldap/Makefile
 	src/libstrongswan/plugins/mysql/Makefile
 	src/libstrongswan/plugins/sqlite/Makefile
-	src/libstrongswan/plugins/attr_sql/Makefile
 	src/libstrongswan/plugins/padlock/Makefile
 	src/libstrongswan/plugins/openssl/Makefile
 	src/libstrongswan/plugins/gcrypt/Makefile
 	src/libstrongswan/plugins/agent/Makefile
 	src/libstrongswan/plugins/test_vectors/Makefile
+	src/libhydra/Makefile
+	src/libhydra/plugins/attr/Makefile
+	src/libhydra/plugins/attr_sql/Makefile
 	src/libfreeswan/Makefile
 	src/libsimaka/Makefile
 	src/pluto/Makefile
 	src/whack/Makefile
 	src/charon/Makefile
-	src/charon/plugins/eap_aka/Makefile
-	src/charon/plugins/eap_aka_3gpp2/Makefile
-	src/charon/plugins/eap_identity/Makefile
-	src/charon/plugins/eap_md5/Makefile
-	src/charon/plugins/eap_gtc/Makefile
-	src/charon/plugins/eap_sim/Makefile
-	src/charon/plugins/eap_sim_file/Makefile
-	src/charon/plugins/eap_simaka_pseudonym/Makefile
-	src/charon/plugins/eap_simaka_reauth/Makefile
-	src/charon/plugins/eap_mschapv2/Makefile
-	src/charon/plugins/eap_radius/Makefile
-	src/charon/plugins/kernel_netlink/Makefile
-	src/charon/plugins/kernel_pfkey/Makefile
-	src/charon/plugins/kernel_pfroute/Makefile
-	src/charon/plugins/kernel_klips/Makefile
-	src/charon/plugins/smp/Makefile
-	src/charon/plugins/sql/Makefile
-	src/charon/plugins/medsrv/Makefile
-	src/charon/plugins/medcli/Makefile
-	src/charon/plugins/nm/Makefile
-	src/charon/plugins/uci/Makefile
-	src/charon/plugins/stroke/Makefile
-	src/charon/plugins/updown/Makefile
-	src/charon/plugins/attr/Makefile
-	src/charon/plugins/resolve/Makefile
-	src/charon/plugins/unit_tester/Makefile
-	src/charon/plugins/load_tester/Makefile
+	src/libcharon/Makefile
+	src/libcharon/plugins/eap_aka/Makefile
+	src/libcharon/plugins/eap_aka_3gpp2/Makefile
+	src/libcharon/plugins/eap_identity/Makefile
+	src/libcharon/plugins/eap_md5/Makefile
+	src/libcharon/plugins/eap_gtc/Makefile
+	src/libcharon/plugins/eap_sim/Makefile
+	src/libcharon/plugins/eap_sim_file/Makefile
+	src/libcharon/plugins/eap_simaka_pseudonym/Makefile
+	src/libcharon/plugins/eap_simaka_reauth/Makefile
+	src/libcharon/plugins/eap_mschapv2/Makefile
+	src/libcharon/plugins/eap_radius/Makefile
+	src/libcharon/plugins/kernel_netlink/Makefile
+	src/libcharon/plugins/kernel_pfkey/Makefile
+	src/libcharon/plugins/kernel_pfroute/Makefile
+	src/libcharon/plugins/kernel_klips/Makefile
+	src/libcharon/plugins/socket_default/Makefile
+	src/libcharon/plugins/socket_raw/Makefile
+	src/libcharon/plugins/socket_dynamic/Makefile
+	src/libcharon/plugins/farp/Makefile
+	src/libcharon/plugins/smp/Makefile
+	src/libcharon/plugins/sql/Makefile
+	src/libcharon/plugins/medsrv/Makefile
+	src/libcharon/plugins/medcli/Makefile
+	src/libcharon/plugins/nm/Makefile
+	src/libcharon/plugins/uci/Makefile
+	src/libcharon/plugins/ha/Makefile
+	src/libcharon/plugins/android/Makefile
+	src/libcharon/plugins/stroke/Makefile
+	src/libcharon/plugins/updown/Makefile
+	src/libcharon/plugins/dhcp/Makefile
+	src/libcharon/plugins/resolve/Makefile
+	src/libcharon/plugins/unit_tester/Makefile
+	src/libcharon/plugins/load_tester/Makefile
 	src/stroke/Makefile
 	src/ipsec/Makefile
 	src/starter/Makefile
diff --git a/m4/macros/enable-disable.m4 b/m4/macros/enable-disable.m4
index 6d7959e4e..3d423652f 100644
--- a/m4/macros/enable-disable.m4
+++ b/m4/macros/enable-disable.m4
@@ -6,12 +6,14 @@ AC_DEFUN([ARG_ENABL_SET],
 	[AC_ARG_ENABLE(
 		[$1],
 		AS_HELP_STRING([--enable-$1], [$2]),
-		[if test x$enableval = xyes; then
+		[patsubst([$1], [-], [_])_given=true
+		if test x$enableval = xyes; then
 			patsubst([$1], [-], [_])=true
 		 else
 			patsubst([$1], [-], [_])=false
 		fi],
-		patsubst([$1], [-], [_])=false
+		[patsubst([$1], [-], [_])=false
+		patsubst([$1], [-], [_])_given=false]
 	)]
 )
 
@@ -22,11 +24,13 @@ AC_DEFUN([ARG_DISBL_SET],
 	[AC_ARG_ENABLE(
 		[$1],
 		AS_HELP_STRING([--disable-$1], [$2]),
-		[if test x$enableval = xyes; then
+		[patsubst([$1], [-], [_])_given=true
+		if test x$enableval = xyes; then
 			patsubst([$1], [-], [_])=true
 		 else
 			patsubst([$1], [-], [_])=false
 		fi],
-		patsubst([$1], [-], [_])=true
+		[patsubst([$1], [-], [_])=true
+		patsubst([$1], [-], [_])_given=false]
 	)]
 )
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
index 24e3cd164..70a56f697 100644
--- a/scripts/Makefile.am
+++ b/scripts/Makefile.am
@@ -17,3 +17,7 @@ key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 dh_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
 pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
+
+key2keyid.o :	$(top_builddir)/config.status
+
+keyid2sql.o :	$(top_builddir)/config.status
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index 7d1af0803..6a75fa7ae 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -226,6 +226,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -585,6 +586,10 @@ uninstall-am:
 	pdf pdf-am ps ps-am tags uninstall uninstall-am
 
 
+key2keyid.o :	$(top_builddir)/config.status
+
+keyid2sql.o :	$(top_builddir)/config.status
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c
index b85bf1ad8..ce102491b 100644
--- a/scripts/dh_speed.c
+++ b/scripts/dh_speed.c
@@ -15,19 +15,22 @@ struct {
 	char *name;
 	diffie_hellman_group_t group;
 } groups[] = {
-	{"modp768",		MODP_768_BIT},
-	{"modp1024",	MODP_1024_BIT},
-	{"modp1536",	MODP_1536_BIT},
-	{"modp2048",	MODP_2048_BIT},
-	{"modp3072",	MODP_3072_BIT},
-	{"modp4096",	MODP_4096_BIT},
-	{"modp6144",	MODP_6144_BIT},
-	{"modp8192",	MODP_8192_BIT},
-	{"ecp256",		ECP_256_BIT},
-	{"ecp384",		ECP_384_BIT},
-	{"ecp521",		ECP_521_BIT},
-	{"ecp192",		ECP_192_BIT},
-	{"ecp224",		ECP_224_BIT},
+	{"modp768",			MODP_768_BIT},
+	{"modp1024",		MODP_1024_BIT},
+	{"modp1024s160",	MODP_1024_160},
+	{"modp1536",		MODP_1536_BIT},
+	{"modp2048",		MODP_2048_BIT},
+	{"modp2048s224",	MODP_2048_224},
+	{"modp2048s256",	MODP_2048_256},
+	{"modp3072",		MODP_3072_BIT},
+	{"modp4096",		MODP_4096_BIT},
+	{"modp6144",		MODP_6144_BIT},
+	{"modp8192",		MODP_8192_BIT},
+	{"ecp256",			ECP_256_BIT},
+	{"ecp384",			ECP_384_BIT},
+	{"ecp521",			ECP_521_BIT},
+	{"ecp192",			ECP_192_BIT},
+	{"ecp224",			ECP_224_BIT},
 };
 
 static void start_timing(struct timespec *start)
diff --git a/src/Makefile.am b/src/Makefile.am
index ae3ec8a20..8d4dd2e37 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -4,6 +4,10 @@ if USE_LIBSTRONGSWAN
   SUBDIRS += libstrongswan
 endif
 
+if USE_LIBHYDRA
+  SUBDIRS += libhydra
+endif
+
 if USE_SIMAKA
   SUBDIRS += libsimaka
 endif
@@ -17,7 +21,7 @@ if USE_PLUTO
 endif
 
 if USE_CHARON
-  SUBDIRS += charon
+  SUBDIRS += libcharon charon
 endif
 
 if USE_STROKE
@@ -29,7 +33,7 @@ if USE_UPDOWN
 endif
 
 if USE_TOOLS
-  SUBDIRS += openac scepclient pki
+  SUBDIRS += libfreeswan openac scepclient pki
 endif
 
 if USE_DUMM
diff --git a/src/Makefile.in b/src/Makefile.in
index 2e305f50a..2a04c8b19 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -34,18 +34,19 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 @USE_LIBSTRONGSWAN_TRUE@am__append_1 = libstrongswan
-@USE_SIMAKA_TRUE@am__append_2 = libsimaka
-@USE_FILE_CONFIG_TRUE@am__append_3 = libfreeswan starter ipsec _copyright
-@USE_PLUTO_TRUE@am__append_4 = pluto whack
-@USE_CHARON_TRUE@am__append_5 = charon
-@USE_STROKE_TRUE@am__append_6 = stroke
-@USE_UPDOWN_TRUE@am__append_7 = _updown _updown_espmark
-@USE_TOOLS_TRUE@am__append_8 = openac scepclient pki
-@USE_DUMM_TRUE@am__append_9 = dumm
-@USE_FAST_TRUE@am__append_10 = libfast
-@USE_MANAGER_TRUE@am__append_11 = manager
-@USE_MEDSRV_TRUE@am__append_12 = medsrv
-@USE_INTEGRITY_TEST_TRUE@am__append_13 = checksum
+@USE_LIBHYDRA_TRUE@am__append_2 = libhydra
+@USE_SIMAKA_TRUE@am__append_3 = libsimaka
+@USE_FILE_CONFIG_TRUE@am__append_4 = libfreeswan starter ipsec _copyright
+@USE_PLUTO_TRUE@am__append_5 = pluto whack
+@USE_CHARON_TRUE@am__append_6 = libcharon charon
+@USE_STROKE_TRUE@am__append_7 = stroke
+@USE_UPDOWN_TRUE@am__append_8 = _updown _updown_espmark
+@USE_TOOLS_TRUE@am__append_9 = libfreeswan openac scepclient pki
+@USE_DUMM_TRUE@am__append_10 = dumm
+@USE_FAST_TRUE@am__append_11 = libfast
+@USE_MANAGER_TRUE@am__append_12 = manager
+@USE_MEDSRV_TRUE@am__append_13 = medsrv
+@USE_INTEGRITY_TEST_TRUE@am__append_14 = checksum
 subdir = src
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -78,10 +79,10 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
 	distdir
 ETAGS = etags
 CTAGS = ctags
-DIST_SUBDIRS = . include libstrongswan libsimaka libfreeswan starter \
-	ipsec _copyright pluto whack charon stroke _updown \
-	_updown_espmark openac scepclient pki dumm libfast manager \
-	medsrv checksum
+DIST_SUBDIRS = . include libstrongswan libhydra libsimaka libfreeswan \
+	starter ipsec _copyright pluto whack libcharon charon stroke \
+	_updown _updown_espmark openac scepclient pki dumm libfast \
+	manager medsrv checksum
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 am__relativize = \
   dir0=`pwd`; \
@@ -228,6 +229,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -266,7 +268,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_6) \
 	$(am__append_7) $(am__append_8) $(am__append_9) \
 	$(am__append_10) $(am__append_11) $(am__append_12) \
-	$(am__append_13)
+	$(am__append_13) $(am__append_14)
 EXTRA_DIST = strongswan.conf
 all: all-recursive
 
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index fe529a151..d4e1c157b 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -221,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index e99238ed8..cf153461d 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in
index ed88b67a6..a4379b44c 100644
--- a/src/_updown_espmark/Makefile.in
+++ b/src/_updown_espmark/Makefile.in
@@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/charon/Android.mk b/src/charon/Android.mk
new file mode 100644
index 000000000..491d7f946
--- /dev/null
+++ b/src/charon/Android.mk
@@ -0,0 +1,27 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+charon.c
+
+# build charon -----------------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+	$(libvstr_PATH) \
+	$(strongswan_PATH)/src/libhydra \
+	$(strongswan_PATH)/src/libcharon \
+	$(strongswan_PATH)/src/libstrongswan
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS)
+
+LOCAL_MODULE := charon
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libstrongswan libhydra libcharon
+
+include $(BUILD_EXECUTABLE)
+
diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am
index e20d45cf8..6481947f1 100644
--- a/src/charon/Makefile.am
+++ b/src/charon/Makefile.am
@@ -1,275 +1,22 @@
 ipsec_PROGRAMS = charon
 
 charon_SOURCES = \
-bus/bus.c bus/bus.h \
-bus/listeners/listener.h \
-bus/listeners/file_logger.c bus/listeners/file_logger.h \
-bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
-config/backend_manager.c config/backend_manager.h config/backend.h \
-config/child_cfg.c config/child_cfg.h \
-config/ike_cfg.c config/ike_cfg.h \
-config/peer_cfg.c config/peer_cfg.h \
-config/proposal.c config/proposal.h \
-config/auth_cfg.c config/auth_cfg.h \
-control/controller.c control/controller.h \
-daemon.c daemon.h \
-encoding/generator.c encoding/generator.h \
-encoding/message.c encoding/message.h \
-encoding/parser.c encoding/parser.h \
-encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
-encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
-encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
-encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
-encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
-encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
-encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
-encoding/payloads/encodings.c encoding/payloads/encodings.h \
-encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
-encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
-encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
-encoding/payloads/ke_payload.c  encoding/payloads/ke_payload.h \
-encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
-encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
-encoding/payloads/payload.c encoding/payloads/payload.h \
-encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
-encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
-encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
-encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
-encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
-encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
-encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
-encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
-kernel/kernel_interface.c kernel/kernel_interface.h \
-kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
-kernel/kernel_net.h \
-network/packet.c network/packet.h \
-network/receiver.c network/receiver.h \
-network/sender.c network/sender.h \
-network/socket.h \
-processing/jobs/job.h \
-processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
-processing/jobs/callback_job.c processing/jobs/callback_job.h \
-processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
-processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
-processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
-processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
-processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
-processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
-processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
-processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
-processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
-processing/jobs/roam_job.c processing/jobs/roam_job.h \
-processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \
-processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \
-processing/scheduler.c processing/scheduler.h \
-processing/processor.c processing/processor.h  \
-sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
-sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
-sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
-sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
-sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
-sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
-sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
-sa/child_sa.c sa/child_sa.h \
-sa/ike_sa.c sa/ike_sa.h \
-sa/ike_sa_id.c sa/ike_sa_id.h \
-sa/ike_sa_manager.c sa/ike_sa_manager.h \
-sa/task_manager.c sa/task_manager.h \
-sa/keymat.c sa/keymat.h \
-sa/trap_manager.c sa/trap_manager.h \
-sa/tasks/child_create.c sa/tasks/child_create.h \
-sa/tasks/child_delete.c sa/tasks/child_delete.h \
-sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
-sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
-sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
-sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
-sa/tasks/ike_config.c sa/tasks/ike_config.h \
-sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
-sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
-sa/tasks/ike_init.c sa/tasks/ike_init.h \
-sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
-sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \
-sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
-sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
-sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
-sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
-sa/tasks/task.c sa/tasks/task.h \
-credentials/credential_manager.c credentials/credential_manager.h \
-credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
-credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
-credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
-credentials/credential_set.h
+charon.c
 
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-AM_CFLAGS = -rdynamic \
-  -DIPSEC_DIR=\"${ipsecdir}\" \
-  -DIPSEC_PIDDIR=\"${piddir}\"
-charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB)
+INCLUDES = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
 
-# compile options
-#################
+AM_CFLAGS = \
+	-DIPSEC_DIR=\"${ipsecdir}\" \
+	-DIPSEC_PIDDIR=\"${piddir}\"
 
-# Use RAW socket if pluto gets built
-if USE_PLUTO
-  charon_SOURCES += network/socket-raw.c
-else
-  charon_SOURCES += network/socket.c
-endif
+charon_LDADD = \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libhydra/libhydra.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	-lm $(PTHREADLIB) $(DLLIB)
 
-if USE_ME
-  charon_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
-    processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
-    processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
-    sa/connect_manager.c sa/connect_manager.h \
-    sa/mediation_manager.c sa/mediation_manager.h \
-    sa/tasks/ike_me.c sa/tasks/ike_me.h
-endif
-
-if USE_CAPABILITIES
-  charon_LDADD += -lcap
-endif
-
-
-# build optional plugins
-########################
-
-SUBDIRS = .
-PLUGINS = ${libstrongswan_plugins}
-
-if USE_LOAD_TESTER
-  SUBDIRS += plugins/load_tester
-  PLUGINS += load-tester
-endif
-
-if USE_KERNEL_PFKEY
-  SUBDIRS += plugins/kernel_pfkey
-  PLUGINS += kernel-pfkey
-endif
-
-if USE_KERNEL_PFROUTE
-  SUBDIRS += plugins/kernel_pfroute
-  PLUGINS += kernel-pfroute
-endif
-
-if USE_KERNEL_KLIPS
-  SUBDIRS += plugins/kernel_klips
-  PLUGINS += kernel-klips
-endif
-
-if USE_KERNEL_NETLINK
-  SUBDIRS += plugins/kernel_netlink
-  PLUGINS += kernel-netlink
-endif
-
-if USE_STROKE
-  SUBDIRS += plugins/stroke
-  PLUGINS += stroke
-endif
-
-if USE_SMP
-  SUBDIRS += plugins/smp
-  PLUGINS += smp
-endif
-
-if USE_SQL
-  SUBDIRS += plugins/sql
-  PLUGINS += sql
-endif
-
-if USE_UPDOWN
-  SUBDIRS += plugins/updown
-  PLUGINS += updown
-endif
-
-if USE_ATTR
-  SUBDIRS += plugins/attr
-  PLUGINS += attr
-endif
-
-if USE_EAP_IDENTITY
-  SUBDIRS += plugins/eap_identity
-  PLUGINS += eap-identity
-endif
-
-if USE_EAP_SIM
-  SUBDIRS += plugins/eap_sim
-  PLUGINS += eap-sim
-endif
-
-if USE_EAP_SIM_FILE
-  SUBDIRS += plugins/eap_sim_file
-  PLUGINS += eap-sim-file
-endif
-
-if USE_EAP_SIMAKA_PSEUDONYM
-  SUBDIRS += plugins/eap_simaka_pseudonym
-  PLUGINS += eap-simaka-pseudonym
-endif
-
-if USE_EAP_SIMAKA_REAUTH
-  SUBDIRS += plugins/eap_simaka_reauth
-  PLUGINS += eap-simaka-reauth
-endif
-
-if USE_EAP_MD5
-  SUBDIRS += plugins/eap_md5
-  PLUGINS += eap-md5
-endif
-
-if USE_EAP_GTC
-  SUBDIRS += plugins/eap_gtc
-  PLUGINS += eap-gtc
-endif
-
-if USE_EAP_AKA
-  SUBDIRS += plugins/eap_aka
-  PLUGINS += eap-aka
-endif
-
-if USE_EAP_AKA_3GPP2
-  SUBDIRS += plugins/eap_aka_3gpp2
-  PLUGINS += eap-aka-3gpp2
-endif
-
-if USE_EAP_MSCHAPV2
-  SUBDIRS += plugins/eap_mschapv2
-  PLUGINS += eap-mschapv2
-endif
-
-if USE_EAP_RADIUS
-  SUBDIRS += plugins/eap_radius
-  PLUGINS += eap-radius
-endif
-
-if USE_MEDSRV
-  SUBDIRS += plugins/medsrv
-  PLUGINS += medsrv
-endif
-
-if USE_MEDCLI
-  SUBDIRS += plugins/medcli
-  PLUGINS += medcli
-endif
-
-if USE_NM
-  SUBDIRS += plugins/nm
-  PLUGINS += nm
-endif
-
-if USE_RESOLVE
-  SUBDIRS += plugins/resolve
-  PLUGINS += resolve
-endif
-
-if USE_UCI
-  SUBDIRS += plugins/uci
-  PLUGINS += uci
-endif
-
-if USE_UNIT_TESTS
-  SUBDIRS += plugins/unit_tester
-  PLUGINS += unit-tester
-endif
-
-AM_CFLAGS += -DPLUGINS=\""${PLUGINS}\""
+EXTRA_DIST = Android.mk
 
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index d7339b226..66690a37a 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -35,75 +35,6 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 ipsec_PROGRAMS = charon$(EXEEXT)
-
-# compile options
-#################
-
-# Use RAW socket if pluto gets built
-@USE_PLUTO_TRUE@am__append_1 = network/socket-raw.c
-@USE_PLUTO_FALSE@am__append_2 = network/socket.c
-@USE_ME_TRUE@am__append_3 = encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
-@USE_ME_TRUE@    processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
-@USE_ME_TRUE@    processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
-@USE_ME_TRUE@    sa/connect_manager.c sa/connect_manager.h \
-@USE_ME_TRUE@    sa/mediation_manager.c sa/mediation_manager.h \
-@USE_ME_TRUE@    sa/tasks/ike_me.c sa/tasks/ike_me.h
-
-@USE_CAPABILITIES_TRUE@am__append_4 = -lcap
-@USE_LOAD_TESTER_TRUE@am__append_5 = plugins/load_tester
-@USE_LOAD_TESTER_TRUE@am__append_6 = load-tester
-@USE_KERNEL_PFKEY_TRUE@am__append_7 = plugins/kernel_pfkey
-@USE_KERNEL_PFKEY_TRUE@am__append_8 = kernel-pfkey
-@USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute
-@USE_KERNEL_PFROUTE_TRUE@am__append_10 = kernel-pfroute
-@USE_KERNEL_KLIPS_TRUE@am__append_11 = plugins/kernel_klips
-@USE_KERNEL_KLIPS_TRUE@am__append_12 = kernel-klips
-@USE_KERNEL_NETLINK_TRUE@am__append_13 = plugins/kernel_netlink
-@USE_KERNEL_NETLINK_TRUE@am__append_14 = kernel-netlink
-@USE_STROKE_TRUE@am__append_15 = plugins/stroke
-@USE_STROKE_TRUE@am__append_16 = stroke
-@USE_SMP_TRUE@am__append_17 = plugins/smp
-@USE_SMP_TRUE@am__append_18 = smp
-@USE_SQL_TRUE@am__append_19 = plugins/sql
-@USE_SQL_TRUE@am__append_20 = sql
-@USE_UPDOWN_TRUE@am__append_21 = plugins/updown
-@USE_UPDOWN_TRUE@am__append_22 = updown
-@USE_ATTR_TRUE@am__append_23 = plugins/attr
-@USE_ATTR_TRUE@am__append_24 = attr
-@USE_EAP_IDENTITY_TRUE@am__append_25 = plugins/eap_identity
-@USE_EAP_IDENTITY_TRUE@am__append_26 = eap-identity
-@USE_EAP_SIM_TRUE@am__append_27 = plugins/eap_sim
-@USE_EAP_SIM_TRUE@am__append_28 = eap-sim
-@USE_EAP_SIM_FILE_TRUE@am__append_29 = plugins/eap_sim_file
-@USE_EAP_SIM_FILE_TRUE@am__append_30 = eap-sim-file
-@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_31 = plugins/eap_simaka_pseudonym
-@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_32 = eap-simaka-pseudonym
-@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_33 = plugins/eap_simaka_reauth
-@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_34 = eap-simaka-reauth
-@USE_EAP_MD5_TRUE@am__append_35 = plugins/eap_md5
-@USE_EAP_MD5_TRUE@am__append_36 = eap-md5
-@USE_EAP_GTC_TRUE@am__append_37 = plugins/eap_gtc
-@USE_EAP_GTC_TRUE@am__append_38 = eap-gtc
-@USE_EAP_AKA_TRUE@am__append_39 = plugins/eap_aka
-@USE_EAP_AKA_TRUE@am__append_40 = eap-aka
-@USE_EAP_AKA_3GPP2_TRUE@am__append_41 = plugins/eap_aka_3gpp2
-@USE_EAP_AKA_3GPP2_TRUE@am__append_42 = eap-aka-3gpp2
-@USE_EAP_MSCHAPV2_TRUE@am__append_43 = plugins/eap_mschapv2
-@USE_EAP_MSCHAPV2_TRUE@am__append_44 = eap-mschapv2
-@USE_EAP_RADIUS_TRUE@am__append_45 = plugins/eap_radius
-@USE_EAP_RADIUS_TRUE@am__append_46 = eap-radius
-@USE_MEDSRV_TRUE@am__append_47 = plugins/medsrv
-@USE_MEDSRV_TRUE@am__append_48 = medsrv
-@USE_MEDCLI_TRUE@am__append_49 = plugins/medcli
-@USE_MEDCLI_TRUE@am__append_50 = medcli
-@USE_NM_TRUE@am__append_51 = plugins/nm
-@USE_NM_TRUE@am__append_52 = nm
-@USE_RESOLVE_TRUE@am__append_53 = plugins/resolve
-@USE_RESOLVE_TRUE@am__append_54 = resolve
-@USE_UCI_TRUE@am__append_55 = plugins/uci
-@USE_UCI_TRUE@am__append_56 = uci
-@USE_UNIT_TESTS_TRUE@am__append_57 = plugins/unit_tester
-@USE_UNIT_TESTS_TRUE@am__append_58 = unit-tester
 subdir = src/charon
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -122,186 +53,13 @@ CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__installdirs = "$(DESTDIR)$(ipsecdir)"
 PROGRAMS = $(ipsec_PROGRAMS)
-am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \
-	bus/listeners/file_logger.c bus/listeners/file_logger.h \
-	bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
-	config/backend_manager.c config/backend_manager.h \
-	config/backend.h config/child_cfg.c config/child_cfg.h \
-	config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \
-	config/peer_cfg.h config/proposal.c config/proposal.h \
-	config/auth_cfg.c config/auth_cfg.h control/controller.c \
-	control/controller.h daemon.c daemon.h encoding/generator.c \
-	encoding/generator.h encoding/message.c encoding/message.h \
-	encoding/parser.c encoding/parser.h \
-	encoding/payloads/auth_payload.c \
-	encoding/payloads/auth_payload.h \
-	encoding/payloads/cert_payload.c \
-	encoding/payloads/cert_payload.h \
-	encoding/payloads/certreq_payload.c \
-	encoding/payloads/certreq_payload.h \
-	encoding/payloads/configuration_attribute.c \
-	encoding/payloads/configuration_attribute.h \
-	encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
-	encoding/payloads/delete_payload.c \
-	encoding/payloads/delete_payload.h \
-	encoding/payloads/eap_payload.c \
-	encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
-	encoding/payloads/encodings.h \
-	encoding/payloads/encryption_payload.c \
-	encoding/payloads/encryption_payload.h \
-	encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
-	encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
-	encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
-	encoding/payloads/nonce_payload.c \
-	encoding/payloads/nonce_payload.h \
-	encoding/payloads/notify_payload.c \
-	encoding/payloads/notify_payload.h encoding/payloads/payload.c \
-	encoding/payloads/payload.h \
-	encoding/payloads/proposal_substructure.c \
-	encoding/payloads/proposal_substructure.h \
-	encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
-	encoding/payloads/traffic_selector_substructure.c \
-	encoding/payloads/traffic_selector_substructure.h \
-	encoding/payloads/transform_attribute.c \
-	encoding/payloads/transform_attribute.h \
-	encoding/payloads/transform_substructure.c \
-	encoding/payloads/transform_substructure.h \
-	encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
-	encoding/payloads/unknown_payload.c \
-	encoding/payloads/unknown_payload.h \
-	encoding/payloads/vendor_id_payload.c \
-	encoding/payloads/vendor_id_payload.h \
-	kernel/kernel_interface.c kernel/kernel_interface.h \
-	kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
-	kernel/kernel_net.h network/packet.c network/packet.h \
-	network/receiver.c network/receiver.h network/sender.c \
-	network/sender.h network/socket.h processing/jobs/job.h \
-	processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
-	processing/jobs/callback_job.c processing/jobs/callback_job.h \
-	processing/jobs/delete_child_sa_job.c \
-	processing/jobs/delete_child_sa_job.h \
-	processing/jobs/delete_ike_sa_job.c \
-	processing/jobs/delete_ike_sa_job.h \
-	processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
-	processing/jobs/process_message_job.c \
-	processing/jobs/process_message_job.h \
-	processing/jobs/rekey_child_sa_job.c \
-	processing/jobs/rekey_child_sa_job.h \
-	processing/jobs/rekey_ike_sa_job.c \
-	processing/jobs/rekey_ike_sa_job.h \
-	processing/jobs/retransmit_job.c \
-	processing/jobs/retransmit_job.h \
-	processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
-	processing/jobs/send_keepalive_job.c \
-	processing/jobs/send_keepalive_job.h \
-	processing/jobs/roam_job.c processing/jobs/roam_job.h \
-	processing/jobs/update_sa_job.c \
-	processing/jobs/update_sa_job.h \
-	processing/jobs/inactivity_job.c \
-	processing/jobs/inactivity_job.h processing/scheduler.c \
-	processing/scheduler.h processing/processor.c \
-	processing/processor.h sa/authenticators/authenticator.c \
-	sa/authenticators/authenticator.h \
-	sa/authenticators/eap_authenticator.c \
-	sa/authenticators/eap_authenticator.h \
-	sa/authenticators/eap/eap_method.c \
-	sa/authenticators/eap/eap_method.h \
-	sa/authenticators/eap/eap_manager.c \
-	sa/authenticators/eap/eap_manager.h \
-	sa/authenticators/eap/sim_manager.c \
-	sa/authenticators/eap/sim_manager.h \
-	sa/authenticators/psk_authenticator.c \
-	sa/authenticators/psk_authenticator.h \
-	sa/authenticators/pubkey_authenticator.c \
-	sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
-	sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
-	sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
-	sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
-	sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
-	sa/tasks/child_create.h sa/tasks/child_delete.c \
-	sa/tasks/child_delete.h sa/tasks/child_rekey.c \
-	sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
-	sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
-	sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
-	sa/tasks/ike_config.c sa/tasks/ike_config.h \
-	sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
-	sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
-	sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
-	sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
-	sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
-	sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
-	sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
-	sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
-	credentials/credential_manager.c \
-	credentials/credential_manager.h \
-	credentials/sets/auth_cfg_wrapper.c \
-	credentials/sets/auth_cfg_wrapper.h \
-	credentials/sets/ocsp_response_wrapper.c \
-	credentials/sets/ocsp_response_wrapper.h \
-	credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
-	credentials/credential_set.h network/socket-raw.c \
-	network/socket.c encoding/payloads/endpoint_notify.c \
-	encoding/payloads/endpoint_notify.h \
-	processing/jobs/initiate_mediation_job.c \
-	processing/jobs/initiate_mediation_job.h \
-	processing/jobs/mediation_job.c \
-	processing/jobs/mediation_job.h sa/connect_manager.c \
-	sa/connect_manager.h sa/mediation_manager.c \
-	sa/mediation_manager.h sa/tasks/ike_me.c sa/tasks/ike_me.h
-@USE_PLUTO_TRUE@am__objects_1 = socket-raw.$(OBJEXT)
-@USE_PLUTO_FALSE@am__objects_2 = socket.$(OBJEXT)
-@USE_ME_TRUE@am__objects_3 = endpoint_notify.$(OBJEXT) \
-@USE_ME_TRUE@	initiate_mediation_job.$(OBJEXT) \
-@USE_ME_TRUE@	mediation_job.$(OBJEXT) connect_manager.$(OBJEXT) \
-@USE_ME_TRUE@	mediation_manager.$(OBJEXT) ike_me.$(OBJEXT)
-am_charon_OBJECTS = bus.$(OBJEXT) file_logger.$(OBJEXT) \
-	sys_logger.$(OBJEXT) backend_manager.$(OBJEXT) \
-	child_cfg.$(OBJEXT) ike_cfg.$(OBJEXT) peer_cfg.$(OBJEXT) \
-	proposal.$(OBJEXT) auth_cfg.$(OBJEXT) controller.$(OBJEXT) \
-	daemon.$(OBJEXT) generator.$(OBJEXT) message.$(OBJEXT) \
-	parser.$(OBJEXT) auth_payload.$(OBJEXT) cert_payload.$(OBJEXT) \
-	certreq_payload.$(OBJEXT) configuration_attribute.$(OBJEXT) \
-	cp_payload.$(OBJEXT) delete_payload.$(OBJEXT) \
-	eap_payload.$(OBJEXT) encodings.$(OBJEXT) \
-	encryption_payload.$(OBJEXT) id_payload.$(OBJEXT) \
-	ike_header.$(OBJEXT) ke_payload.$(OBJEXT) \
-	nonce_payload.$(OBJEXT) notify_payload.$(OBJEXT) \
-	payload.$(OBJEXT) proposal_substructure.$(OBJEXT) \
-	sa_payload.$(OBJEXT) traffic_selector_substructure.$(OBJEXT) \
-	transform_attribute.$(OBJEXT) transform_substructure.$(OBJEXT) \
-	ts_payload.$(OBJEXT) unknown_payload.$(OBJEXT) \
-	vendor_id_payload.$(OBJEXT) kernel_interface.$(OBJEXT) \
-	kernel_ipsec.$(OBJEXT) packet.$(OBJEXT) receiver.$(OBJEXT) \
-	sender.$(OBJEXT) acquire_job.$(OBJEXT) callback_job.$(OBJEXT) \
-	delete_child_sa_job.$(OBJEXT) delete_ike_sa_job.$(OBJEXT) \
-	migrate_job.$(OBJEXT) process_message_job.$(OBJEXT) \
-	rekey_child_sa_job.$(OBJEXT) rekey_ike_sa_job.$(OBJEXT) \
-	retransmit_job.$(OBJEXT) send_dpd_job.$(OBJEXT) \
-	send_keepalive_job.$(OBJEXT) roam_job.$(OBJEXT) \
-	update_sa_job.$(OBJEXT) inactivity_job.$(OBJEXT) \
-	scheduler.$(OBJEXT) processor.$(OBJEXT) \
-	authenticator.$(OBJEXT) eap_authenticator.$(OBJEXT) \
-	eap_method.$(OBJEXT) eap_manager.$(OBJEXT) \
-	sim_manager.$(OBJEXT) psk_authenticator.$(OBJEXT) \
-	pubkey_authenticator.$(OBJEXT) child_sa.$(OBJEXT) \
-	ike_sa.$(OBJEXT) ike_sa_id.$(OBJEXT) ike_sa_manager.$(OBJEXT) \
-	task_manager.$(OBJEXT) keymat.$(OBJEXT) trap_manager.$(OBJEXT) \
-	child_create.$(OBJEXT) child_delete.$(OBJEXT) \
-	child_rekey.$(OBJEXT) ike_auth.$(OBJEXT) \
-	ike_cert_pre.$(OBJEXT) ike_cert_post.$(OBJEXT) \
-	ike_config.$(OBJEXT) ike_delete.$(OBJEXT) ike_dpd.$(OBJEXT) \
-	ike_init.$(OBJEXT) ike_natd.$(OBJEXT) ike_mobike.$(OBJEXT) \
-	ike_rekey.$(OBJEXT) ike_reauth.$(OBJEXT) \
-	ike_auth_lifetime.$(OBJEXT) ike_vendor.$(OBJEXT) \
-	task.$(OBJEXT) credential_manager.$(OBJEXT) \
-	auth_cfg_wrapper.$(OBJEXT) ocsp_response_wrapper.$(OBJEXT) \
-	cert_cache.$(OBJEXT) $(am__objects_1) $(am__objects_2) \
-	$(am__objects_3)
+am_charon_OBJECTS = charon.$(OBJEXT)
 charon_OBJECTS = $(am_charon_OBJECTS)
 am__DEPENDENCIES_1 =
 charon_DEPENDENCIES =  \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(top_builddir)/src/libhydra/libhydra.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -317,57 +75,10 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
 	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
 	$(LDFLAGS) -o $@
 SOURCES = $(charon_SOURCES)
-DIST_SOURCES = $(am__charon_SOURCES_DIST)
-RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
-	html-recursive info-recursive install-data-recursive \
-	install-dvi-recursive install-exec-recursive \
-	install-html-recursive install-info-recursive \
-	install-pdf-recursive install-ps-recursive install-recursive \
-	installcheck-recursive installdirs-recursive pdf-recursive \
-	ps-recursive uninstall-recursive
-RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
-  distclean-recursive maintainer-clean-recursive
-AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
-	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
-	distdir
+DIST_SOURCES = $(charon_SOURCES)
 ETAGS = etags
 CTAGS = ctags
-DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \
-	plugins/kernel_pfroute plugins/kernel_klips \
-	plugins/kernel_netlink plugins/stroke plugins/smp plugins/sql \
-	plugins/updown plugins/attr plugins/eap_identity \
-	plugins/eap_sim plugins/eap_sim_file \
-	plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \
-	plugins/eap_md5 plugins/eap_gtc plugins/eap_aka \
-	plugins/eap_aka_3gpp2 plugins/eap_mschapv2 plugins/eap_radius \
-	plugins/medsrv plugins/medcli plugins/nm plugins/resolve \
-	plugins/uci plugins/unit_tester
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-am__relativize = \
-  dir0=`pwd`; \
-  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
-  sed_rest='s,^[^/]*/*,,'; \
-  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
-  sed_butlast='s,/*[^/]*$$,,'; \
-  while test -n "$$dir1"; do \
-    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
-    if test "$$first" != "."; then \
-      if test "$$first" = ".."; then \
-        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
-        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
-      else \
-        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
-        if test "$$first2" = "$$first"; then \
-          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
-        else \
-          dir2="../$$dir2"; \
-        fi; \
-        dir0="$$dir0"/"$$first"; \
-      fi; \
-    fi; \
-    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
-  done; \
-  reldir="$$dir2"
 ACLOCAL = @ACLOCAL@
 ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
@@ -488,6 +199,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -522,153 +234,26 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \
-	bus/listeners/file_logger.c bus/listeners/file_logger.h \
-	bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
-	config/backend_manager.c config/backend_manager.h \
-	config/backend.h config/child_cfg.c config/child_cfg.h \
-	config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \
-	config/peer_cfg.h config/proposal.c config/proposal.h \
-	config/auth_cfg.c config/auth_cfg.h control/controller.c \
-	control/controller.h daemon.c daemon.h encoding/generator.c \
-	encoding/generator.h encoding/message.c encoding/message.h \
-	encoding/parser.c encoding/parser.h \
-	encoding/payloads/auth_payload.c \
-	encoding/payloads/auth_payload.h \
-	encoding/payloads/cert_payload.c \
-	encoding/payloads/cert_payload.h \
-	encoding/payloads/certreq_payload.c \
-	encoding/payloads/certreq_payload.h \
-	encoding/payloads/configuration_attribute.c \
-	encoding/payloads/configuration_attribute.h \
-	encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
-	encoding/payloads/delete_payload.c \
-	encoding/payloads/delete_payload.h \
-	encoding/payloads/eap_payload.c \
-	encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
-	encoding/payloads/encodings.h \
-	encoding/payloads/encryption_payload.c \
-	encoding/payloads/encryption_payload.h \
-	encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
-	encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
-	encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
-	encoding/payloads/nonce_payload.c \
-	encoding/payloads/nonce_payload.h \
-	encoding/payloads/notify_payload.c \
-	encoding/payloads/notify_payload.h encoding/payloads/payload.c \
-	encoding/payloads/payload.h \
-	encoding/payloads/proposal_substructure.c \
-	encoding/payloads/proposal_substructure.h \
-	encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
-	encoding/payloads/traffic_selector_substructure.c \
-	encoding/payloads/traffic_selector_substructure.h \
-	encoding/payloads/transform_attribute.c \
-	encoding/payloads/transform_attribute.h \
-	encoding/payloads/transform_substructure.c \
-	encoding/payloads/transform_substructure.h \
-	encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
-	encoding/payloads/unknown_payload.c \
-	encoding/payloads/unknown_payload.h \
-	encoding/payloads/vendor_id_payload.c \
-	encoding/payloads/vendor_id_payload.h \
-	kernel/kernel_interface.c kernel/kernel_interface.h \
-	kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
-	kernel/kernel_net.h network/packet.c network/packet.h \
-	network/receiver.c network/receiver.h network/sender.c \
-	network/sender.h network/socket.h processing/jobs/job.h \
-	processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
-	processing/jobs/callback_job.c processing/jobs/callback_job.h \
-	processing/jobs/delete_child_sa_job.c \
-	processing/jobs/delete_child_sa_job.h \
-	processing/jobs/delete_ike_sa_job.c \
-	processing/jobs/delete_ike_sa_job.h \
-	processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
-	processing/jobs/process_message_job.c \
-	processing/jobs/process_message_job.h \
-	processing/jobs/rekey_child_sa_job.c \
-	processing/jobs/rekey_child_sa_job.h \
-	processing/jobs/rekey_ike_sa_job.c \
-	processing/jobs/rekey_ike_sa_job.h \
-	processing/jobs/retransmit_job.c \
-	processing/jobs/retransmit_job.h \
-	processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
-	processing/jobs/send_keepalive_job.c \
-	processing/jobs/send_keepalive_job.h \
-	processing/jobs/roam_job.c processing/jobs/roam_job.h \
-	processing/jobs/update_sa_job.c \
-	processing/jobs/update_sa_job.h \
-	processing/jobs/inactivity_job.c \
-	processing/jobs/inactivity_job.h processing/scheduler.c \
-	processing/scheduler.h processing/processor.c \
-	processing/processor.h sa/authenticators/authenticator.c \
-	sa/authenticators/authenticator.h \
-	sa/authenticators/eap_authenticator.c \
-	sa/authenticators/eap_authenticator.h \
-	sa/authenticators/eap/eap_method.c \
-	sa/authenticators/eap/eap_method.h \
-	sa/authenticators/eap/eap_manager.c \
-	sa/authenticators/eap/eap_manager.h \
-	sa/authenticators/eap/sim_manager.c \
-	sa/authenticators/eap/sim_manager.h \
-	sa/authenticators/psk_authenticator.c \
-	sa/authenticators/psk_authenticator.h \
-	sa/authenticators/pubkey_authenticator.c \
-	sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
-	sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
-	sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
-	sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
-	sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
-	sa/tasks/child_create.h sa/tasks/child_delete.c \
-	sa/tasks/child_delete.h sa/tasks/child_rekey.c \
-	sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
-	sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
-	sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
-	sa/tasks/ike_config.c sa/tasks/ike_config.h \
-	sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
-	sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
-	sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
-	sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
-	sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
-	sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
-	sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
-	sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
-	credentials/credential_manager.c \
-	credentials/credential_manager.h \
-	credentials/sets/auth_cfg_wrapper.c \
-	credentials/sets/auth_cfg_wrapper.h \
-	credentials/sets/ocsp_response_wrapper.c \
-	credentials/sets/ocsp_response_wrapper.h \
-	credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
-	credentials/credential_set.h $(am__append_1) $(am__append_2) \
-	$(am__append_3)
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \
-	-DIPSEC_PIDDIR=\"${piddir}\" -DPLUGINS=\""${PLUGINS}\""
-charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm \
-	$(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(am__append_4)
-
-# build optional plugins
-########################
-SUBDIRS = . $(am__append_5) $(am__append_7) $(am__append_9) \
-	$(am__append_11) $(am__append_13) $(am__append_15) \
-	$(am__append_17) $(am__append_19) $(am__append_21) \
-	$(am__append_23) $(am__append_25) $(am__append_27) \
-	$(am__append_29) $(am__append_31) $(am__append_33) \
-	$(am__append_35) $(am__append_37) $(am__append_39) \
-	$(am__append_41) $(am__append_43) $(am__append_45) \
-	$(am__append_47) $(am__append_49) $(am__append_51) \
-	$(am__append_53) $(am__append_55) $(am__append_57)
-PLUGINS = ${libstrongswan_plugins} $(am__append_6) $(am__append_8) \
-	$(am__append_10) $(am__append_12) $(am__append_14) \
-	$(am__append_16) $(am__append_18) $(am__append_20) \
-	$(am__append_22) $(am__append_24) $(am__append_26) \
-	$(am__append_28) $(am__append_30) $(am__append_32) \
-	$(am__append_34) $(am__append_36) $(am__append_38) \
-	$(am__append_40) $(am__append_42) $(am__append_44) \
-	$(am__append_46) $(am__append_48) $(am__append_50) \
-	$(am__append_52) $(am__append_54) $(am__append_56) \
-	$(am__append_58)
-all: all-recursive
+charon_SOURCES = \
+charon.c
+
+INCLUDES = \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+	-DIPSEC_DIR=\"${ipsecdir}\" \
+	-DIPSEC_PIDDIR=\"${piddir}\"
+
+charon_LDADD = \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libhydra/libhydra.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	-lm $(PTHREADLIB) $(DLLIB)
+
+EXTRA_DIST = Android.mk
+all: all-am
 
 .SUFFIXES:
 .SUFFIXES: .c .lo .o .obj
@@ -755,107 +340,7 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backend_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bus.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_cache.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreq_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_create.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_delete.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_rekey.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_sa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration_attribute.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connect_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/controller.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cp_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/credential_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_child_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_ike_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_method.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encodings.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encryption_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/endpoint_notify.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file_logger.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth_lifetime.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_post.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_pre.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_config.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_delete.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_dpd.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_header.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_init.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_me.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_mobike.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_natd.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_reauth.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_rekey.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_ipsec.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keymat.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/migrate_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonce_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/peer_cfg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_message_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/processor.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_substructure.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk_authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_authenticator.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/receiver.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_child_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_ike_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/retransmit_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/roam_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_dpd_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_keepalive_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket-raw.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trap_manager.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unknown_payload.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/update_sa_job.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor_id_payload.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/charon.Po@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -878,1482 +363,12 @@ distclean-compile:
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
 
-bus.o: bus/bus.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.o -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/bus.c' object='bus.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
-
-bus.obj: bus/bus.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.obj -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/bus.c' object='bus.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi`
-
-file_logger.o: bus/listeners/file_logger.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.o -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/listeners/file_logger.c' object='file_logger.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
-
-file_logger.obj: bus/listeners/file_logger.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.obj -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/listeners/file_logger.c' object='file_logger.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi`
-
-sys_logger.o: bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.o -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/listeners/sys_logger.c' object='sys_logger.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
-
-sys_logger.obj: bus/listeners/sys_logger.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.obj -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/listeners/sys_logger.c' object='sys_logger.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi`
-
-backend_manager.o: config/backend_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.o -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/backend_manager.c' object='backend_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
-
-backend_manager.obj: config/backend_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.obj -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/backend_manager.c' object='backend_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi`
-
-child_cfg.o: config/child_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.o -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/child_cfg.c' object='child_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
-
-child_cfg.obj: config/child_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.obj -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/child_cfg.c' object='child_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi`
-
-ike_cfg.o: config/ike_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.o -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/ike_cfg.c' object='ike_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
-
-ike_cfg.obj: config/ike_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.obj -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/ike_cfg.c' object='ike_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi`
-
-peer_cfg.o: config/peer_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.o -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/peer_cfg.c' object='peer_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
-
-peer_cfg.obj: config/peer_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.obj -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/peer_cfg.c' object='peer_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi`
-
-proposal.o: config/proposal.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.o -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/proposal.c' object='proposal.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
-
-proposal.obj: config/proposal.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.obj -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/proposal.c' object='proposal.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi`
-
-auth_cfg.o: config/auth_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.o -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/auth_cfg.c' object='auth_cfg.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
-
-auth_cfg.obj: config/auth_cfg.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.obj -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/auth_cfg.c' object='auth_cfg.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi`
-
-controller.o: control/controller.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.o -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='control/controller.c' object='controller.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
-
-controller.obj: control/controller.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.obj -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='control/controller.c' object='controller.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi`
-
-generator.o: encoding/generator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.o -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/generator.c' object='generator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
-
-generator.obj: encoding/generator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.obj -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/generator.c' object='generator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi`
-
-message.o: encoding/message.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.o -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/message.c' object='message.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
-
-message.obj: encoding/message.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.obj -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/message.c' object='message.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi`
-
-parser.o: encoding/parser.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.o -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/parser.c' object='parser.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
-
-parser.obj: encoding/parser.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.obj -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/parser.c' object='parser.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi`
-
-auth_payload.o: encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.o -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/auth_payload.c' object='auth_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
-
-auth_payload.obj: encoding/payloads/auth_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.obj -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/auth_payload.c' object='auth_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi`
-
-cert_payload.o: encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.o -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/cert_payload.c' object='cert_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
-
-cert_payload.obj: encoding/payloads/cert_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.obj -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/cert_payload.c' object='cert_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi`
-
-certreq_payload.o: encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.o -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/certreq_payload.c' object='certreq_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
-
-certreq_payload.obj: encoding/payloads/certreq_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.obj -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/certreq_payload.c' object='certreq_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi`
-
-configuration_attribute.o: encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.o -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
-
-configuration_attribute.obj: encoding/payloads/configuration_attribute.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.obj -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi`
-
-cp_payload.o: encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.o -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/cp_payload.c' object='cp_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
-
-cp_payload.obj: encoding/payloads/cp_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.obj -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/cp_payload.c' object='cp_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi`
-
-delete_payload.o: encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.o -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/delete_payload.c' object='delete_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
-
-delete_payload.obj: encoding/payloads/delete_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.obj -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/delete_payload.c' object='delete_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi`
-
-eap_payload.o: encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.o -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/eap_payload.c' object='eap_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
-
-eap_payload.obj: encoding/payloads/eap_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.obj -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/eap_payload.c' object='eap_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi`
-
-encodings.o: encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.o -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/encodings.c' object='encodings.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
-
-encodings.obj: encoding/payloads/encodings.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.obj -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/encodings.c' object='encodings.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi`
-
-encryption_payload.o: encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.o -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/encryption_payload.c' object='encryption_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
-
-encryption_payload.obj: encoding/payloads/encryption_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.obj -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/encryption_payload.c' object='encryption_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi`
-
-id_payload.o: encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.o -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/id_payload.c' object='id_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
-
-id_payload.obj: encoding/payloads/id_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.obj -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/id_payload.c' object='id_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi`
-
-ike_header.o: encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.o -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ike_header.c' object='ike_header.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
-
-ike_header.obj: encoding/payloads/ike_header.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.obj -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ike_header.c' object='ike_header.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi`
-
-ke_payload.o: encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.o -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ke_payload.c' object='ke_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
-
-ke_payload.obj: encoding/payloads/ke_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.obj -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ke_payload.c' object='ke_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi`
-
-nonce_payload.o: encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.o -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/nonce_payload.c' object='nonce_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
-
-nonce_payload.obj: encoding/payloads/nonce_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.obj -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/nonce_payload.c' object='nonce_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi`
-
-notify_payload.o: encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.o -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/notify_payload.c' object='notify_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
-
-notify_payload.obj: encoding/payloads/notify_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.obj -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/notify_payload.c' object='notify_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi`
-
-payload.o: encoding/payloads/payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.o -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/payload.c' object='payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
-
-payload.obj: encoding/payloads/payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.obj -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/payload.c' object='payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi`
-
-proposal_substructure.o: encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.o -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
-
-proposal_substructure.obj: encoding/payloads/proposal_substructure.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.obj -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi`
-
-sa_payload.o: encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.o -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/sa_payload.c' object='sa_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
-
-sa_payload.obj: encoding/payloads/sa_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.obj -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/sa_payload.c' object='sa_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi`
-
-traffic_selector_substructure.o: encoding/payloads/traffic_selector_substructure.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.o -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
-
-traffic_selector_substructure.obj: encoding/payloads/traffic_selector_substructure.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.obj -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi`
-
-transform_attribute.o: encoding/payloads/transform_attribute.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.o -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/transform_attribute.c' object='transform_attribute.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
-
-transform_attribute.obj: encoding/payloads/transform_attribute.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.obj -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/transform_attribute.c' object='transform_attribute.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi`
-
-transform_substructure.o: encoding/payloads/transform_substructure.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.o -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/transform_substructure.c' object='transform_substructure.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
-
-transform_substructure.obj: encoding/payloads/transform_substructure.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.obj -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/transform_substructure.c' object='transform_substructure.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi`
-
-ts_payload.o: encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.o -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ts_payload.c' object='ts_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
-
-ts_payload.obj: encoding/payloads/ts_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.obj -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ts_payload.c' object='ts_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi`
-
-unknown_payload.o: encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.o -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/unknown_payload.c' object='unknown_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
-
-unknown_payload.obj: encoding/payloads/unknown_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.obj -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/unknown_payload.c' object='unknown_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi`
-
-vendor_id_payload.o: encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.o -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
-
-vendor_id_payload.obj: encoding/payloads/vendor_id_payload.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.obj -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi`
-
-kernel_interface.o: kernel/kernel_interface.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.o -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='kernel/kernel_interface.c' object='kernel_interface.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
-
-kernel_interface.obj: kernel/kernel_interface.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.obj -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='kernel/kernel_interface.c' object='kernel_interface.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi`
-
-kernel_ipsec.o: kernel/kernel_ipsec.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.o -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='kernel/kernel_ipsec.c' object='kernel_ipsec.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
-
-kernel_ipsec.obj: kernel/kernel_ipsec.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.obj -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='kernel/kernel_ipsec.c' object='kernel_ipsec.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi`
-
-packet.o: network/packet.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.o -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/packet.c' object='packet.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
-
-packet.obj: network/packet.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.obj -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/packet.c' object='packet.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi`
-
-receiver.o: network/receiver.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.o -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/receiver.c' object='receiver.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
-
-receiver.obj: network/receiver.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.obj -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/receiver.c' object='receiver.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi`
-
-sender.o: network/sender.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.o -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/sender.c' object='sender.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
-
-sender.obj: network/sender.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.obj -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/sender.c' object='sender.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi`
-
-acquire_job.o: processing/jobs/acquire_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.o -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/acquire_job.c' object='acquire_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
-
-acquire_job.obj: processing/jobs/acquire_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.obj -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/acquire_job.c' object='acquire_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi`
-
-callback_job.o: processing/jobs/callback_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.o -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/callback_job.c' object='callback_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
-
-callback_job.obj: processing/jobs/callback_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.obj -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/callback_job.c' object='callback_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi`
-
-delete_child_sa_job.o: processing/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.o -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
-
-delete_child_sa_job.obj: processing/jobs/delete_child_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi`
-
-delete_ike_sa_job.o: processing/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.o -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
-
-delete_ike_sa_job.obj: processing/jobs/delete_ike_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi`
-
-migrate_job.o: processing/jobs/migrate_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.o -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/migrate_job.c' object='migrate_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
-
-migrate_job.obj: processing/jobs/migrate_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.obj -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/migrate_job.c' object='migrate_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi`
-
-process_message_job.o: processing/jobs/process_message_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.o -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/process_message_job.c' object='process_message_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
-
-process_message_job.obj: processing/jobs/process_message_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.obj -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/process_message_job.c' object='process_message_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi`
-
-rekey_child_sa_job.o: processing/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
-
-rekey_child_sa_job.obj: processing/jobs/rekey_child_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi`
-
-rekey_ike_sa_job.o: processing/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
-
-rekey_ike_sa_job.obj: processing/jobs/rekey_ike_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi`
-
-retransmit_job.o: processing/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.o -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/retransmit_job.c' object='retransmit_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
-
-retransmit_job.obj: processing/jobs/retransmit_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.obj -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/retransmit_job.c' object='retransmit_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi`
-
-send_dpd_job.o: processing/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.o -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/send_dpd_job.c' object='send_dpd_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
-
-send_dpd_job.obj: processing/jobs/send_dpd_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.obj -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/send_dpd_job.c' object='send_dpd_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi`
-
-send_keepalive_job.o: processing/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.o -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
-
-send_keepalive_job.obj: processing/jobs/send_keepalive_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.obj -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi`
-
-roam_job.o: processing/jobs/roam_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.o -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/roam_job.c' object='roam_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
-
-roam_job.obj: processing/jobs/roam_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.obj -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/roam_job.c' object='roam_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi`
-
-update_sa_job.o: processing/jobs/update_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.o -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/update_sa_job.c' object='update_sa_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
-
-update_sa_job.obj: processing/jobs/update_sa_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.obj -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/update_sa_job.c' object='update_sa_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi`
-
-inactivity_job.o: processing/jobs/inactivity_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.o -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/inactivity_job.c' object='inactivity_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
-
-inactivity_job.obj: processing/jobs/inactivity_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.obj -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/inactivity_job.c' object='inactivity_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi`
-
-scheduler.o: processing/scheduler.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.o -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/scheduler.c' object='scheduler.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
-
-scheduler.obj: processing/scheduler.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.obj -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/scheduler.c' object='scheduler.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi`
-
-processor.o: processing/processor.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.o -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/processor.c' object='processor.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
-
-processor.obj: processing/processor.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.obj -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/processor.c' object='processor.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi`
-
-authenticator.o: sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.o -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/authenticator.c' object='authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
-
-authenticator.obj: sa/authenticators/authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.obj -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/authenticator.c' object='authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi`
-
-eap_authenticator.o: sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.o -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
-
-eap_authenticator.obj: sa/authenticators/eap_authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.obj -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi`
-
-eap_method.o: sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.o -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/eap_method.c' object='eap_method.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
-
-eap_method.obj: sa/authenticators/eap/eap_method.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.obj -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/eap_method.c' object='eap_method.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi`
-
-eap_manager.o: sa/authenticators/eap/eap_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.o -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/eap_manager.c' object='eap_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
-
-eap_manager.obj: sa/authenticators/eap/eap_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.obj -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/eap_manager.c' object='eap_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi`
-
-sim_manager.o: sa/authenticators/eap/sim_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.o -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/sim_manager.c' object='sim_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
-
-sim_manager.obj: sa/authenticators/eap/sim_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.obj -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/sim_manager.c' object='sim_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi`
-
-psk_authenticator.o: sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.o -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
-
-psk_authenticator.obj: sa/authenticators/psk_authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.obj -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi`
-
-pubkey_authenticator.o: sa/authenticators/pubkey_authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.o -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
-
-pubkey_authenticator.obj: sa/authenticators/pubkey_authenticator.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.obj -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi`
-
-child_sa.o: sa/child_sa.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.o -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/child_sa.c' object='child_sa.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
-
-child_sa.obj: sa/child_sa.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.obj -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/child_sa.c' object='child_sa.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi`
-
-ike_sa.o: sa/ike_sa.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.o -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa.c' object='ike_sa.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
-
-ike_sa.obj: sa/ike_sa.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.obj -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa.c' object='ike_sa.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi`
-
-ike_sa_id.o: sa/ike_sa_id.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.o -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa_id.c' object='ike_sa_id.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
-
-ike_sa_id.obj: sa/ike_sa_id.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.obj -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa_id.c' object='ike_sa_id.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi`
-
-ike_sa_manager.o: sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.o -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa_manager.c' object='ike_sa_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
-
-ike_sa_manager.obj: sa/ike_sa_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.obj -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa_manager.c' object='ike_sa_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi`
-
-task_manager.o: sa/task_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.o -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/task_manager.c' object='task_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
-
-task_manager.obj: sa/task_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.obj -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/task_manager.c' object='task_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi`
-
-keymat.o: sa/keymat.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.o -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/keymat.c' object='keymat.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
-
-keymat.obj: sa/keymat.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.obj -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/keymat.c' object='keymat.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi`
-
-trap_manager.o: sa/trap_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.o -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/trap_manager.c' object='trap_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
-
-trap_manager.obj: sa/trap_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.obj -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/trap_manager.c' object='trap_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi`
-
-child_create.o: sa/tasks/child_create.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.o -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_create.c' object='child_create.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
-
-child_create.obj: sa/tasks/child_create.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.obj -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_create.c' object='child_create.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi`
-
-child_delete.o: sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.o -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_delete.c' object='child_delete.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
-
-child_delete.obj: sa/tasks/child_delete.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.obj -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_delete.c' object='child_delete.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi`
-
-child_rekey.o: sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.o -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_rekey.c' object='child_rekey.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
-
-child_rekey.obj: sa/tasks/child_rekey.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.obj -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_rekey.c' object='child_rekey.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi`
-
-ike_auth.o: sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.o -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_auth.c' object='ike_auth.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
-
-ike_auth.obj: sa/tasks/ike_auth.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.obj -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_auth.c' object='ike_auth.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi`
-
-ike_cert_pre.o: sa/tasks/ike_cert_pre.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.o -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
-
-ike_cert_pre.obj: sa/tasks/ike_cert_pre.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.obj -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi`
-
-ike_cert_post.o: sa/tasks/ike_cert_post.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.o -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_cert_post.c' object='ike_cert_post.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
-
-ike_cert_post.obj: sa/tasks/ike_cert_post.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.obj -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_cert_post.c' object='ike_cert_post.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi`
-
-ike_config.o: sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.o -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_config.c' object='ike_config.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
-
-ike_config.obj: sa/tasks/ike_config.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.obj -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_config.c' object='ike_config.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi`
-
-ike_delete.o: sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.o -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_delete.c' object='ike_delete.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
-
-ike_delete.obj: sa/tasks/ike_delete.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.obj -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_delete.c' object='ike_delete.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi`
-
-ike_dpd.o: sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.o -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_dpd.c' object='ike_dpd.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
-
-ike_dpd.obj: sa/tasks/ike_dpd.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.obj -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_dpd.c' object='ike_dpd.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi`
-
-ike_init.o: sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.o -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_init.c' object='ike_init.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
-
-ike_init.obj: sa/tasks/ike_init.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.obj -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_init.c' object='ike_init.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi`
-
-ike_natd.o: sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.o -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_natd.c' object='ike_natd.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
-
-ike_natd.obj: sa/tasks/ike_natd.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.obj -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_natd.c' object='ike_natd.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi`
-
-ike_mobike.o: sa/tasks/ike_mobike.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.o -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_mobike.c' object='ike_mobike.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
-
-ike_mobike.obj: sa/tasks/ike_mobike.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.obj -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_mobike.c' object='ike_mobike.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi`
-
-ike_rekey.o: sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.o -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_rekey.c' object='ike_rekey.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
-
-ike_rekey.obj: sa/tasks/ike_rekey.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.obj -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_rekey.c' object='ike_rekey.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi`
-
-ike_reauth.o: sa/tasks/ike_reauth.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.o -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_reauth.c' object='ike_reauth.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
-
-ike_reauth.obj: sa/tasks/ike_reauth.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.obj -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_reauth.c' object='ike_reauth.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi`
-
-ike_auth_lifetime.o: sa/tasks/ike_auth_lifetime.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.o -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
-
-ike_auth_lifetime.obj: sa/tasks/ike_auth_lifetime.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.obj -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi`
-
-ike_vendor.o: sa/tasks/ike_vendor.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.o -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_vendor.c' object='ike_vendor.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
-
-ike_vendor.obj: sa/tasks/ike_vendor.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.obj -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_vendor.c' object='ike_vendor.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi`
-
-task.o: sa/tasks/task.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.o -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/task.c' object='task.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
-
-task.obj: sa/tasks/task.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.obj -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/task.c' object='task.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi`
-
-credential_manager.o: credentials/credential_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.o -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/credential_manager.c' object='credential_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
-
-credential_manager.obj: credentials/credential_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.obj -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/credential_manager.c' object='credential_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi`
-
-auth_cfg_wrapper.o: credentials/sets/auth_cfg_wrapper.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.o -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
-
-auth_cfg_wrapper.obj: credentials/sets/auth_cfg_wrapper.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.obj -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi`
-
-ocsp_response_wrapper.o: credentials/sets/ocsp_response_wrapper.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.o -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
-
-ocsp_response_wrapper.obj: credentials/sets/ocsp_response_wrapper.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.obj -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi`
-
-cert_cache.o: credentials/sets/cert_cache.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.o -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/cert_cache.c' object='cert_cache.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
-
-cert_cache.obj: credentials/sets/cert_cache.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.obj -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/cert_cache.c' object='cert_cache.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi`
-
-socket-raw.o: network/socket-raw.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.o -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/socket-raw.c' object='socket-raw.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c
-
-socket-raw.obj: network/socket-raw.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.obj -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/socket-raw.c' object='socket-raw.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi`
-
-socket.o: network/socket.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.o -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/socket.c' object='socket.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c
-
-socket.obj: network/socket.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.obj -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/socket.c' object='socket.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi`
-
-endpoint_notify.o: encoding/payloads/endpoint_notify.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.o -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
-
-endpoint_notify.obj: encoding/payloads/endpoint_notify.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.obj -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi`
-
-initiate_mediation_job.o: processing/jobs/initiate_mediation_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.o -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
-
-initiate_mediation_job.obj: processing/jobs/initiate_mediation_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.obj -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi`
-
-mediation_job.o: processing/jobs/mediation_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.o -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/mediation_job.c' object='mediation_job.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
-
-mediation_job.obj: processing/jobs/mediation_job.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.obj -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/mediation_job.c' object='mediation_job.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi`
-
-connect_manager.o: sa/connect_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.o -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/connect_manager.c' object='connect_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
-
-connect_manager.obj: sa/connect_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.obj -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/connect_manager.c' object='connect_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi`
-
-mediation_manager.o: sa/mediation_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.o -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/mediation_manager.c' object='mediation_manager.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
-
-mediation_manager.obj: sa/mediation_manager.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.obj -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/mediation_manager.c' object='mediation_manager.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi`
-
-ike_me.o: sa/tasks/ike_me.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.o -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_me.c' object='ike_me.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
-
-ike_me.obj: sa/tasks/ike_me.c
-@am__fastdepCC_TRUE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.obj -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi`
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_me.c' object='ike_me.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi`
-
 mostlyclean-libtool:
 	-rm -f *.lo
 
 clean-libtool:
 	-rm -rf .libs _libs
 
-# This directory's subdirectories are mostly independent; you can cd
-# into them and run `make' without going through this Makefile.
-# To change the values of `make' variables: instead of editing Makefiles,
-# (1) if the variable is set in `config.status', edit `config.status'
-#     (which will cause the Makefiles to be regenerated when you run `make');
-# (2) otherwise, pass the desired values on the `make' command line.
-$(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	target=`echo $@ | sed s/-recursive//`; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    dot_seen=yes; \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done; \
-	if test "$$dot_seen" = "no"; then \
-	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
-	fi; test -z "$$fail"
-
-$(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
-	for f in x $$MAKEFLAGS; do \
-	  case $$f in \
-	    *=* | --[!k]*);; \
-	    *k*) failcom='fail=yes';; \
-	  esac; \
-	done; \
-	dot_seen=no; \
-	case "$@" in \
-	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
-	  *) list='$(SUBDIRS)' ;; \
-	esac; \
-	rev=''; for subdir in $$list; do \
-	  if test "$$subdir" = "."; then :; else \
-	    rev="$$subdir $$rev"; \
-	  fi; \
-	done; \
-	rev="$$rev ."; \
-	target=`echo $@ | sed s/-recursive//`; \
-	for subdir in $$rev; do \
-	  echo "Making $$target in $$subdir"; \
-	  if test "$$subdir" = "."; then \
-	    local_target="$$target-am"; \
-	  else \
-	    local_target="$$target"; \
-	  fi; \
-	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
-	  || eval $$failcom; \
-	done && test -z "$$fail"
-tags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
-	done
-ctags-recursive:
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
-	done
-
 ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
 	unique=`for i in $$list; do \
@@ -2364,23 +379,10 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	mkid -fID $$unique
 tags: TAGS
 
-TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
 	set x; \
 	here=`pwd`; \
-	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
-	  include_option=--etags-include; \
-	  empty_fix=.; \
-	else \
-	  include_option=--include; \
-	  empty_fix=; \
-	fi; \
-	list='$(SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test ! -f $$subdir/TAGS || \
-	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
-	  fi; \
-	done; \
 	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
 	unique=`for i in $$list; do \
 	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
@@ -2399,7 +401,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 	  fi; \
 	fi
 ctags: CTAGS
-CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
 		$(TAGS_FILES) $(LISP)
 	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
 	unique=`for i in $$list; do \
@@ -2449,51 +451,22 @@ distdir: $(DISTFILES)
 	    || exit 1; \
 	  fi; \
 	done
-	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    test -d "$(distdir)/$$subdir" \
-	    || $(MKDIR_P) "$(distdir)/$$subdir" \
-	    || exit 1; \
-	  fi; \
-	done
-	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
-	  if test "$$subdir" = .; then :; else \
-	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
-	    $(am__relativize); \
-	    new_distdir=$$reldir; \
-	    dir1=$$subdir; dir2="$(top_distdir)"; \
-	    $(am__relativize); \
-	    new_top_distdir=$$reldir; \
-	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
-	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
-	    ($(am__cd) $$subdir && \
-	      $(MAKE) $(AM_MAKEFLAGS) \
-	        top_distdir="$$new_top_distdir" \
-	        distdir="$$new_distdir" \
-		am__remove_distdir=: \
-		am__skip_length_check=: \
-		am__skip_mode_fix=: \
-	        distdir) \
-	      || exit 1; \
-	  fi; \
-	done
 check-am: all-am
-check: check-recursive
+check: check-am
 all-am: Makefile $(PROGRAMS)
-installdirs: installdirs-recursive
-installdirs-am:
+installdirs:
 	for dir in "$(DESTDIR)$(ipsecdir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
-install: install-recursive
-install-exec: install-exec-recursive
-install-data: install-data-recursive
-uninstall: uninstall-recursive
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
 
 install-am: all-am
 	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
 
-installcheck: installcheck-recursive
+installcheck: installcheck-am
 install-strip:
 	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
 	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
@@ -2510,95 +483,92 @@ distclean-generic:
 maintainer-clean-generic:
 	@echo "This command is intended for maintainers to use"
 	@echo "it deletes files that may require special tools to rebuild."
-clean: clean-recursive
+clean: clean-am
 
 clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \
 	mostlyclean-am
 
-distclean: distclean-recursive
+distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
 
-dvi: dvi-recursive
+dvi: dvi-am
 
 dvi-am:
 
-html: html-recursive
+html: html-am
 
 html-am:
 
-info: info-recursive
+info: info-am
 
 info-am:
 
 install-data-am: install-ipsecPROGRAMS
 
-install-dvi: install-dvi-recursive
+install-dvi: install-dvi-am
 
 install-dvi-am:
 
 install-exec-am:
 
-install-html: install-html-recursive
+install-html: install-html-am
 
 install-html-am:
 
-install-info: install-info-recursive
+install-info: install-info-am
 
 install-info-am:
 
 install-man:
 
-install-pdf: install-pdf-recursive
+install-pdf: install-pdf-am
 
 install-pdf-am:
 
-install-ps: install-ps-recursive
+install-ps: install-ps-am
 
 install-ps-am:
 
 installcheck-am:
 
-maintainer-clean: maintainer-clean-recursive
+maintainer-clean: maintainer-clean-am
 	-rm -rf ./$(DEPDIR)
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
-mostlyclean: mostlyclean-recursive
+mostlyclean: mostlyclean-am
 
 mostlyclean-am: mostlyclean-compile mostlyclean-generic \
 	mostlyclean-libtool
 
-pdf: pdf-recursive
+pdf: pdf-am
 
 pdf-am:
 
-ps: ps-recursive
+ps: ps-am
 
 ps-am:
 
 uninstall-am: uninstall-ipsecPROGRAMS
 
-.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
-	install-am install-strip tags-recursive
-
-.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
-	all all-am check check-am clean clean-generic \
-	clean-ipsecPROGRAMS clean-libtool ctags ctags-recursive \
-	distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-ipsecPROGRAMS install-man install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs installdirs-am \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
-	uninstall-ipsecPROGRAMS
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-ipsecPROGRAMS clean-libtool ctags distclean \
+	distclean-compile distclean-generic distclean-libtool \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am \
+	install-ipsecPROGRAMS install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-ipsecPROGRAMS
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/charon.c b/src/charon/charon.c
new file mode 100644
index 000000000..9b552fb62
--- /dev/null
+++ b/src/charon/charon.c
@@ -0,0 +1,417 @@
+/*
+ * Copyright (C) 2006-2010 Tobias Brunner
+ * Copyright (C) 2005-2009 Martin Willi
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+#ifdef HAVE_PRCTL
+#include <sys/prctl.h>
+#endif
+#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
+#include <signal.h>
+#undef _POSIX_PTHREAD_SEMANTICS
+#include <pthread.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <pwd.h>
+#include <grp.h>
+
+#include <hydra.h>
+#include <daemon.h>
+
+#include <library.h>
+#include <utils/backtrace.h>
+#include <threading/thread.h>
+
+/**
+ * PID file, in which charon stores its process id
+ */
+#define PID_FILE IPSEC_PIDDIR "/charon.pid"
+
+/**
+ * hook in library for debugging messages
+ */
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
+
+/**
+ * Logging hook for library logs, using stderr output
+ */
+static void dbg_stderr(debug_t group, level_t level, char *fmt, ...)
+{
+	va_list args;
+
+	if (level <= 1)
+	{
+		va_start(args, fmt);
+		fprintf(stderr, "00[%N] ", debug_names, group);
+		vfprintf(stderr, fmt, args);
+		fprintf(stderr, "\n");
+		va_end(args);
+	}
+}
+
+/**
+ * Run the daemon and handle unix signals
+ */
+static void run()
+{
+	sigset_t set;
+
+	/* handle SIGINT, SIGHUP ans SIGTERM in this handler */
+	sigemptyset(&set);
+	sigaddset(&set, SIGINT);
+	sigaddset(&set, SIGHUP);
+	sigaddset(&set, SIGTERM);
+	sigprocmask(SIG_BLOCK, &set, NULL);
+
+	while (TRUE)
+	{
+		int sig;
+		int error;
+
+		error = sigwait(&set, &sig);
+		if (error)
+		{
+			DBG1(DBG_DMN, "error %d while waiting for a signal", error);
+			return;
+		}
+		switch (sig)
+		{
+			case SIGHUP:
+			{
+				DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored");
+				break;
+			}
+			case SIGINT:
+			{
+				DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
+				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
+				return;
+			}
+			case SIGTERM:
+			{
+				DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
+				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
+				return;
+			}
+			default:
+			{
+				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
+				break;
+			}
+		}
+	}
+}
+
+/**
+ * drop daemon capabilities
+ */
+static bool drop_capabilities()
+{
+#ifdef HAVE_PRCTL
+	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+#endif
+
+	if (setgid(charon->gid) != 0)
+	{
+		DBG1(DBG_DMN, "change to unprivileged group failed");
+		return FALSE;
+	}
+	if (setuid(charon->uid) != 0)
+	{
+		DBG1(DBG_DMN, "change to unprivileged user failed");
+		return FALSE;
+	}
+	if (!charon->drop_capabilities(charon))
+	{
+		DBG1(DBG_DMN, "unable to drop daemon capabilities");
+		return FALSE;
+	}
+	return TRUE;
+}
+
+/**
+ * lookup UID and GID
+ */
+static bool lookup_uid_gid()
+{
+#ifdef IPSEC_USER
+	{
+		char buf[1024];
+		struct passwd passwd, *pwp;
+
+		if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
+			pwp == NULL)
+		{
+			DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
+			return FALSE;
+		}
+		charon->uid = pwp->pw_uid;
+	}
+#endif
+#ifdef IPSEC_GROUP
+	{
+		char buf[1024];
+		struct group group, *grp;
+
+		if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
+			grp == NULL)
+		{
+			DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
+			return FALSE;
+		}
+		charon->gid = grp->gr_gid;
+	}
+#endif
+	return TRUE;
+}
+
+/**
+ * Handle SIGSEGV/SIGILL signals raised by threads
+ */
+static void segv_handler(int signal)
+{
+	backtrace_t *backtrace;
+
+	DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
+	backtrace = backtrace_create(2);
+	backtrace->log(backtrace, stderr);
+	backtrace->destroy(backtrace);
+
+	DBG1(DBG_DMN, "killing ourself, received critical signal");
+	abort();
+}
+
+/**
+ * Check/create PID file, return TRUE if already running
+ */
+static bool check_pidfile()
+{
+	struct stat stb;
+	FILE *file;
+
+	if (stat(PID_FILE, &stb) == 0)
+	{
+		file = fopen(PID_FILE, "r");
+		if (file)
+		{
+			char buf[64];
+			pid_t pid = 0;
+
+			memset(buf, 0, sizeof(buf));
+			if (fread(buf, 1, sizeof(buf), file))
+			{
+				pid = atoi(buf);
+			}
+			fclose(file);
+			if (pid && kill(pid, 0) == 0)
+			{	/* such a process is running */
+				return TRUE;
+			}
+		}
+		DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running");
+		unlink(PID_FILE);
+	}
+
+	/* create new pidfile */
+	file = fopen(PID_FILE, "w");
+	if (file)
+	{
+		fprintf(file, "%d\n", getpid());
+		ignore_result(fchown(fileno(file), charon->uid, charon->gid));
+		fclose(file);
+	}
+	return FALSE;
+}
+
+/**
+ * print command line usage and exit
+ */
+static void usage(const char *msg)
+{
+	if (msg != NULL && *msg != '\0')
+	{
+		fprintf(stderr, "%s\n", msg);
+	}
+	fprintf(stderr, "Usage: charon\n"
+					"         [--help]\n"
+					"         [--version]\n"
+					"         [--use-syslog]\n"
+					"         [--debug-<type> <level>]\n"
+					"           <type>:  log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n"
+					"           <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
+					"                                    2 = controlmore, 3 = raw, 4 = private)\n"
+					"\n"
+		   );
+	exit(msg == NULL? 0 : 1);
+}
+
+/**
+ * Main function, starts the daemon.
+ */
+int main(int argc, char *argv[])
+{
+	struct sigaction action;
+	bool use_syslog = FALSE;
+	level_t levels[DBG_MAX];
+	int group, status = SS_RC_INITIALIZATION_FAILED;
+
+	/* logging for library during initialization, as we have no bus yet */
+	dbg = dbg_stderr;
+
+	/* initialize library */
+	if (!library_init(NULL))
+	{
+		library_deinit();
+		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
+	}
+
+	if (lib->integrity &&
+		!lib->integrity->check_file(lib->integrity, "charon", argv[0]))
+	{
+		dbg_stderr(DBG_DMN, 1, "integrity check of charon failed");
+		library_deinit();
+		exit(SS_RC_DAEMON_INTEGRITY);
+	}
+
+	if (!libhydra_init("charon"))
+	{
+		dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
+		libhydra_deinit();
+		library_deinit();
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+
+	if (!libcharon_init())
+	{
+		dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon");
+		goto deinit;
+	}
+
+	/* use CTRL loglevel for default */
+	for (group = 0; group < DBG_MAX; group++)
+	{
+		levels[group] = LEVEL_CTRL;
+	}
+
+	/* handle arguments */
+	for (;;)
+	{
+		struct option long_opts[] = {
+			{ "help", no_argument, NULL, 'h' },
+			{ "version", no_argument, NULL, 'v' },
+			{ "use-syslog", no_argument, NULL, 'l' },
+			/* TODO: handle "debug-all" */
+			{ "debug-dmn", required_argument, &group, DBG_DMN },
+			{ "debug-mgr", required_argument, &group, DBG_MGR },
+			{ "debug-ike", required_argument, &group, DBG_IKE },
+			{ "debug-chd", required_argument, &group, DBG_CHD },
+			{ "debug-job", required_argument, &group, DBG_JOB },
+			{ "debug-cfg", required_argument, &group, DBG_CFG },
+			{ "debug-knl", required_argument, &group, DBG_KNL },
+			{ "debug-net", required_argument, &group, DBG_NET },
+			{ "debug-enc", required_argument, &group, DBG_ENC },
+			{ "debug-lib", required_argument, &group, DBG_LIB },
+			{ 0,0,0,0 }
+		};
+
+		int c = getopt_long(argc, argv, "", long_opts, NULL);
+		switch (c)
+		{
+			case EOF:
+				break;
+			case 'h':
+				usage(NULL);
+				break;
+			case 'v':
+				printf("Linux strongSwan %s\n", VERSION);
+				status = 0;
+				goto deinit;
+			case 'l':
+				use_syslog = TRUE;
+				continue;
+			case 0:
+				/* option is in group */
+				levels[group] = atoi(optarg);
+				continue;
+			default:
+				usage("");
+				break;
+		}
+		break;
+	}
+
+	if (!lookup_uid_gid())
+	{
+		dbg_stderr(DBG_DMN, 1, "invalid uid/gid - aborting charon");
+		goto deinit;
+	}
+
+	/* initialize daemon */
+	if (!charon->initialize(charon, use_syslog, levels))
+	{
+		DBG1(DBG_DMN, "initialization failed - aborting charon");
+		goto deinit;
+	}
+
+	if (check_pidfile())
+	{
+		DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
+		status = -1;
+		goto deinit;
+	}
+
+	if (!drop_capabilities())
+	{
+		DBG1(DBG_DMN, "capability dropping failed - aborting charon");
+		goto deinit;
+	}
+
+	/* add handler for SEGV and ILL,
+	 * INT, TERM and HUP are handled by sigwait() in run() */
+	action.sa_handler = segv_handler;
+	action.sa_flags = 0;
+	sigemptyset(&action.sa_mask);
+	sigaddset(&action.sa_mask, SIGINT);
+	sigaddset(&action.sa_mask, SIGTERM);
+	sigaddset(&action.sa_mask, SIGHUP);
+	sigaction(SIGSEGV, &action, NULL);
+	sigaction(SIGILL, &action, NULL);
+	sigaction(SIGBUS, &action, NULL);
+	action.sa_handler = SIG_IGN;
+	sigaction(SIGPIPE, &action, NULL);
+
+	pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
+
+	/* start daemon (i.e. the threads in the thread-pool) */
+	charon->start(charon);
+
+	/* main thread goes to run loop */
+	run();
+
+	/* normal termination, cleanup and exit */
+	unlink(PID_FILE);
+	status = 0;
+
+deinit:
+	libcharon_deinit();
+	libhydra_deinit();
+	library_deinit();
+	return status;
+}
+
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
deleted file mode 100644
index 99bf94e9b..000000000
--- a/src/charon/kernel/kernel_interface.c
+++ /dev/null
@@ -1,430 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "kernel_interface.h"
-
-#include <daemon.h>
-
-typedef struct private_kernel_interface_t private_kernel_interface_t;
-
-/**
- * Private data of a kernel_interface_t object.
- */
-struct private_kernel_interface_t {
-
-	/**
-	 * Public part of kernel_interface_t object.
-	 */
-	kernel_interface_t public;
-
-	/**
-	 * ipsec interface
-	 */
-	kernel_ipsec_t *ipsec;
-
-	/**
-	 * network interface
-	 */
-	kernel_net_t *net;
-};
-
-/**
- * Implementation of kernel_interface_t.get_spi
- */
-static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst,
-				 protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi);
-}
-
-/**
- * Implementation of kernel_interface_t.get_cpi
- */
-static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst,
-					u_int32_t reqid, u_int16_t *cpi)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi);
-}
-
-/**
- * Implementation of kernel_interface_t.add_sa
- */
-static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
-				u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
-				lifetime_cfg_t *lifetime,
-				u_int16_t enc_alg, chunk_t enc_key,
-				u_int16_t int_alg, chunk_t int_key,
-				ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
-				bool inbound, traffic_selector_t *src_ts,
-				traffic_selector_t *dst_ts)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
-			lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi,
-			encap, inbound, src_ts, dst_ts);
-}
-
-/**
- * Implementation of kernel_interface_t.update_sa
- */
-static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi,
-				   protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst,
-				   host_t *new_src, host_t *new_dst, bool encap, bool new_encap)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
-			new_src, new_dst, encap, new_encap);
-}
-
-/**
- * Implementation of kernel_interface_t.query_sa
- */
-static status_t query_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
-						 u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes);
-}
-
-/**
- * Implementation of kernel_interface_t.del_sa
- */
-static status_t del_sa(private_kernel_interface_t *this, host_t *src, host_t *dst,
-				u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi);
-}
-
-/**
- * Implementation of kernel_interface_t.add_policy
- */
-static status_t add_policy(private_kernel_interface_t *this, host_t *src, host_t *dst,
-					traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-					policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
-					u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-					bool routed)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
-			direction, spi, protocol, reqid, mode, ipcomp, cpi, routed);
-}
-
-/**
- * Implementation of kernel_interface_t.query_policy
- */
-static status_t query_policy(private_kernel_interface_t *this,
-					  traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-					  policy_dir_t direction, u_int32_t *use_time)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, direction, use_time);
-}
-
-/**
- * Implementation of kernel_interface_t.del_policy
- */
-static status_t del_policy(private_kernel_interface_t *this,
-					traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
-					policy_dir_t direction, bool unrouted)
-{
-	if (!this->ipsec)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts, direction, unrouted);
-}
-
-/**
- * Implementation of kernel_interface_t.get_source_addr
- */
-static host_t *get_source_addr(private_kernel_interface_t *this,
-							   host_t *dest, host_t *src)
-{
-	if (!this->net)
-	{
-		return NULL;
-	}
-	return this->net->get_source_addr(this->net, dest, src);
-}
-
-/**
- * Implementation of kernel_interface_t.get_nexthop
- */
-static host_t *get_nexthop(private_kernel_interface_t *this, host_t *dest)
-{
-	if (!this->net)
-	{
-		return NULL;
-	}
-	return this->net->get_nexthop(this->net, dest);
-}
-
-/**
- * Implementation of kernel_interface_t.get_interface
- */
-static char* get_interface(private_kernel_interface_t *this, host_t *host)
-{
-	if (!this->net)
-	{
-		return NULL;
-	}
-	return this->net->get_interface(this->net, host);
-}
-
-/**
- * Implementation of kernel_interface_t.create_address_enumerator
- */
-static enumerator_t *create_address_enumerator(private_kernel_interface_t *this,
-		bool include_down_ifaces, bool include_virtual_ips)
-{
-	if (!this->net)
-	{
-		return enumerator_create_empty();
-	}
-	return this->net->create_address_enumerator(this->net, include_down_ifaces,
-			include_virtual_ips);
-}
-
-/**
- * Implementation of kernel_interface_t.add_ip
- */
-static status_t add_ip(private_kernel_interface_t *this, host_t *virtual_ip,
-				host_t *iface_ip)
-{
-	if (!this->net)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->net->add_ip(this->net, virtual_ip, iface_ip);
-}
-
-/**
- * Implementation of kernel_interface_t.del_ip
- */
-static status_t del_ip(private_kernel_interface_t *this, host_t *virtual_ip)
-{
-	if (!this->net)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->net->del_ip(this->net, virtual_ip);
-}
-
-/**
- * Implementation of kernel_interface_t.add_route
- */
-static status_t add_route(private_kernel_interface_t *this, chunk_t dst_net,
-		u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
-{
-	if (!this->net)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->net->add_route(this->net, dst_net, prefixlen, gateway, src_ip,
-			if_name);
-}
-
-/**
- * Implementation of kernel_interface_t.del_route
- */
-static status_t del_route(private_kernel_interface_t *this, chunk_t dst_net,
-		u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
-{
-	if (!this->net)
-	{
-		return NOT_SUPPORTED;
-	}
-	return this->net->del_route(this->net, dst_net, prefixlen, gateway, src_ip,
-			if_name);
-}
-
-
-/**
- * Implementation of kernel_interface_t.get_address_by_ts
- */
-static status_t get_address_by_ts(private_kernel_interface_t *this,
-								  traffic_selector_t *ts, host_t **ip)
-{
-	enumerator_t *addrs;
-	host_t *host;
-	int family;
-	bool found = FALSE;
-
-	DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
-
-	/* if we have a family which includes localhost, we do not
-	 * search for an IP, we use the default */
-	family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
-
-	if (family == AF_INET)
-	{
-		host = host_create_from_string("127.0.0.1", 0);
-	}
-	else
-	{
-		host = host_create_from_string("::1", 0);
-	}
-
-	if (ts->includes(ts, host))
-	{
-		*ip = host_create_any(family);
-		host->destroy(host);
-		DBG2(DBG_KNL, "using host %H", *ip);
-		return SUCCESS;
-	}
-	host->destroy(host);
-
-	addrs = create_address_enumerator(this, TRUE, TRUE);
-	while (addrs->enumerate(addrs, (void**)&host))
-	{
-		if (ts->includes(ts, host))
-		{
-			found = TRUE;
-			*ip = host->clone(host);
-			break;
-		}
-	}
-	addrs->destroy(addrs);
-
-	if (!found)
-	{
-		DBG1(DBG_KNL, "no local address found in traffic selector %R", ts);
-		return FAILED;
-	}
-
-	DBG2(DBG_KNL, "using host %H", *ip);
-	return SUCCESS;
-}
-
-
-/**
- * Implementation of kernel_interface_t.add_ipsec_interface.
- */
-static void add_ipsec_interface(private_kernel_interface_t *this,
-		kernel_ipsec_constructor_t constructor)
-{
-	if (!this->ipsec)
-	{
-		this->ipsec = constructor();
-	}
-}
-
-/**
- * Implementation of kernel_interface_t.remove_ipsec_interface.
- */
-static void remove_ipsec_interface(private_kernel_interface_t *this,
-		kernel_ipsec_constructor_t constructor)
-{
-	/* TODO: replace if interface currently in use */
-}
-
-/**
- * Implementation of kernel_interface_t.add_net_interface.
- */
-static void add_net_interface(private_kernel_interface_t *this,
-		kernel_net_constructor_t constructor)
-{
-	if (!this->net)
-	{
-		this->net = constructor();
-	}
-}
-
-/**
- * Implementation of kernel_interface_t.remove_net_interface.
- */
-static void remove_net_interface(private_kernel_interface_t *this,
-		kernel_net_constructor_t constructor)
-{
-	/* TODO: replace if interface currently in use */
-}
-
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_interface_t *this)
-{
-	DESTROY_IF(this->ipsec);
-	DESTROY_IF(this->net);
-	free(this);
-}
-
-/*
- * Described in header-file
- */
-kernel_interface_t *kernel_interface_create()
-{
-	private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t);
-
-	this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
-	this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
-	this->public.add_sa  = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
-	this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
-	this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
-	this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
-	this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
-	this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
-	this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-
-	this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr;
-	this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop;
-	this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface;
-	this->public.create_address_enumerator = (enumerator_t*(*)(kernel_interface_t*,bool,bool))create_address_enumerator;
-	this->public.add_ip = (status_t(*)(kernel_interface_t*,host_t*,host_t*)) add_ip;
-	this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip;
-	this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route;
-	this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route;
-
-	this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts;
-
-	this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface;
-	this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface;
-	this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface;
-	this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface;
-
-	this->public.destroy = (void (*)(kernel_interface_t*))destroy;
-
-	this->ipsec = NULL;
-	this->net = NULL;
-
-	return &this->public;
-}
diff --git a/src/charon/network/packet.c b/src/charon/network/packet.c
deleted file mode 100644
index 19a62603d..000000000
--- a/src/charon/network/packet.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "packet.h"
-
-typedef struct private_packet_t private_packet_t;
-
-/**
- * Private data of an packet_t object.
- */
-struct private_packet_t {
-
-	/**
-	 * Public part of a packet_t object.
-	 */
-	packet_t public;
-
-	/**
-	 * source address
-	 */
-	host_t *source;
-
-	/**
-	 * destination address
-	 */
-	host_t *destination;
-
-	 /**
-	  * message data
-	  */
-	chunk_t data;
-};
-
-/**
- * Implements packet_t.get_source
- */
-static void set_source(private_packet_t *this, host_t *source)
-{
-	DESTROY_IF(this->source);
-	this->source = source;
-}
-
-/**
- * Implements packet_t.set_destination
- */
-static void set_destination(private_packet_t *this, host_t *destination)
-{
-	DESTROY_IF(this->destination);
-	this->destination = destination;
-}
-
-/**
- * Implements packet_t.get_source
- */
-static host_t *get_source(private_packet_t *this)
-{
-	return this->source;
-}
-
-/**
- * Implements packet_t.get_destination
- */
-static host_t *get_destination(private_packet_t *this)
-{
-	return this->destination;
-}
-
-/**
- * Implements packet_t.get_data
- */
-static chunk_t get_data(private_packet_t *this)
-{
-	return this->data;
-}
-
-/**
- * Implements packet_t.set_data
- */
-static void set_data(private_packet_t *this, chunk_t data)
-{
-	free(this->data.ptr);
-	this->data = data;
-}
-
-/**
- * Implements packet_t.destroy.
- */
-static void destroy(private_packet_t *this)
-{
-	if (this->source != NULL)
-	{
-		this->source->destroy(this->source);
-	}
-	if (this->destination != NULL)
-	{
-		this->destination->destroy(this->destination);
-	}
-	free(this->data.ptr);
-	free(this);
-}
-
-/**
- * Implements packet_t.clone.
- */
-static packet_t *clone_(private_packet_t *this)
-{
-	private_packet_t *other = (private_packet_t*)packet_create();
-
-	if (this->destination != NULL)
-	{
-		other->destination = this->destination->clone(this->destination);
-	}
-	if (this->source != NULL)
-	{
-		other->source = this->source->clone(this->source);
-	}
-	if (this->data.ptr != NULL)
-	{
-		other->data.ptr = clalloc(this->data.ptr,this->data.len);
-		other->data.len = this->data.len;
-	}
-	return &(other->public);
-}
-
-/*
- * Documented in header
- */
-packet_t *packet_create(void)
-{
-	private_packet_t *this = malloc_thing(private_packet_t);
-
-	this->public.set_data = (void(*) (packet_t *,chunk_t)) set_data;
-	this->public.get_data = (chunk_t(*) (packet_t *)) get_data;
-	this->public.set_source = (void(*) (packet_t *,host_t*)) set_source;
-	this->public.get_source = (host_t*(*) (packet_t *)) get_source;
-	this->public.set_destination = (void(*) (packet_t *,host_t*)) set_destination;
-	this->public.get_destination = (host_t*(*) (packet_t *)) get_destination;
-	this->public.clone = (packet_t*(*) (packet_t *))clone_;
-	this->public.destroy = (void(*) (packet_t *)) destroy;
-
-	this->destination = NULL;
-	this->source = NULL;
-	this->data = chunk_empty;
-
-	return &(this->public);
-}
diff --git a/src/charon/plugins/attr/Makefile.am b/src/charon/plugins/attr/Makefile.am
deleted file mode 100644
index b4b3b7da6..000000000
--- a/src/charon/plugins/attr/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-attr.la
-libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \
-  attr_provider.h attr_provider.c
-libstrongswan_attr_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_aka/Makefile.am b/src/charon/plugins/eap_aka/Makefile.am
deleted file mode 100644
index e007f5f00..000000000
--- a/src/charon/plugins/eap_aka/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
-  -I$(top_srcdir)/src/libsimaka
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-aka.la
-
-libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \
-  eap_aka_peer.h eap_aka_peer.c \
-  eap_aka_server.h eap_aka_server.c
-libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
-libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.am b/src/charon/plugins/eap_aka_3gpp2/Makefile.am
deleted file mode 100644
index 1a4a3765b..000000000
--- a/src/charon/plugins/eap_aka_3gpp2/Makefile.am
+++ /dev/null
@@ -1,15 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
-
-libstrongswan_eap_aka_3gpp2_la_SOURCES = \
-  eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
-  eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
-  eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
-  eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
-libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version
-libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp
-
diff --git a/src/charon/plugins/eap_gtc/Makefile.am b/src/charon/plugins/eap_gtc/Makefile.am
deleted file mode 100644
index 0d938cacd..000000000
--- a/src/charon/plugins/eap_gtc/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
-
-libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
-libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam
-
diff --git a/src/charon/plugins/eap_md5/Makefile.am b/src/charon/plugins/eap_md5/Makefile.am
deleted file mode 100644
index f49928cd2..000000000
--- a/src/charon/plugins/eap_md5/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-md5.la
-
-libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
-libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_radius/Makefile.am b/src/charon/plugins/eap_radius/Makefile.am
deleted file mode 100644
index e476fbed6..000000000
--- a/src/charon/plugins/eap_radius/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-radius.la
-
-libstrongswan_eap_radius_la_SOURCES = \
-  eap_radius_plugin.h eap_radius_plugin.c \
-  eap_radius.h eap_radius.c \
-  radius_client.h radius_client.c \
-  radius_message.h radius_message.c
-libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_sim/Makefile.am b/src/charon/plugins/eap_sim/Makefile.am
deleted file mode 100644
index 74b9bb4e8..000000000
--- a/src/charon/plugins/eap_sim/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
-  -I$(top_srcdir)/src/libsimaka
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-sim.la
-
-libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \
-  eap_sim_peer.h eap_sim_peer.c \
-  eap_sim_server.h eap_sim_server.c
-libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
-libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_sim_file/Makefile.am b/src/charon/plugins/eap_sim_file/Makefile.am
deleted file mode 100644
index 350d4244f..000000000
--- a/src/charon/plugins/eap_sim_file/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"
-
-plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
-
-libstrongswan_eap_sim_file_la_SOURCES = \
-  eap_sim_file_plugin.h eap_sim_file_plugin.c \
-  eap_sim_file_card.h eap_sim_file_card.c \
-  eap_sim_file_provider.h eap_sim_file_provider.c \
-  eap_sim_file_triplets.h eap_sim_file_triplets.c
-libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.am b/src/charon/plugins/eap_simaka_pseudonym/Makefile.am
deleted file mode 100644
index fe87d6d62..000000000
--- a/src/charon/plugins/eap_simaka_pseudonym/Makefile.am
+++ /dev/null
@@ -1,13 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
-
-libstrongswan_eap_simaka_pseudonym_la_SOURCES = \
-  eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
-  eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
-  eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
-libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.am b/src/charon/plugins/eap_simaka_reauth/Makefile.am
deleted file mode 100644
index 0ba727136..000000000
--- a/src/charon/plugins/eap_simaka_reauth/Makefile.am
+++ /dev/null
@@ -1,13 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
-
-libstrongswan_eap_simaka_reauth_la_SOURCES = \
-  eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
-  eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
-  eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
-libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/kernel_klips/Makefile.am b/src/charon/plugins/kernel_klips/Makefile.am
deleted file mode 100644
index a7ae06df1..000000000
--- a/src/charon/plugins/kernel_klips/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
-
-libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \
-	kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
-libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/load_tester/Makefile.am b/src/charon/plugins/load_tester/Makefile.am
deleted file mode 100644
index e6e04229a..000000000
--- a/src/charon/plugins/load_tester/Makefile.am
+++ /dev/null
@@ -1,17 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-load-tester.la
-
-libstrongswan_load_tester_la_SOURCES = \
-  load_tester_plugin.c load_tester_plugin.h \
-  load_tester_config.c load_tester_config.h \
-  load_tester_creds.c load_tester_creds.h \
-  load_tester_ipsec.c load_tester_ipsec.h \
-  load_tester_listener.c load_tester_listener.h \
-  load_tester_diffie_hellman.c load_tester_diffie_hellman.h
-
-libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/medcli/Makefile.am b/src/charon/plugins/medcli/Makefile.am
deleted file mode 100644
index a5f018f82..000000000
--- a/src/charon/plugins/medcli/Makefile.am
+++ /dev/null
@@ -1,12 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-medcli.la
-libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
-			      medcli_creds.h medcli_creds.c \
-			      medcli_config.h medcli_config.c \
-			      medcli_listener.h medcli_listener.c
-libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/medsrv/Makefile.am b/src/charon/plugins/medsrv/Makefile.am
deleted file mode 100644
index f3611a79e..000000000
--- a/src/charon/plugins/medsrv/Makefile.am
+++ /dev/null
@@ -1,11 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-medsrv.la
-libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
-			      medsrv_creds.h medsrv_creds.c \
-			      medsrv_config.h medsrv_config.c
-libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/nm/Makefile.am b/src/charon/plugins/nm/Makefile.am
deleted file mode 100644
index 56eae6e00..000000000
--- a/src/charon/plugins/nm/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS}
-
-AM_CFLAGS = -rdynamic \
-  -DNM_CA_DIR=\"${nm_ca_dir}\"
-
-plugin_LTLIBRARIES = libstrongswan-nm.la
-libstrongswan_nm_la_SOURCES = \
-  nm_plugin.h nm_plugin.c \
-  nm_service.h nm_service.c \
-  nm_creds.h nm_creds.c \
-  nm_handler.h nm_handler.c
-libstrongswan_nm_la_LDFLAGS = -module -avoid-version
-libstrongswan_nm_la_LIBADD = ${nm_LIBS}
diff --git a/src/charon/plugins/stroke/Makefile.am b/src/charon/plugins/stroke/Makefile.am
deleted file mode 100644
index 94d311609..000000000
--- a/src/charon/plugins/stroke/Makefile.am
+++ /dev/null
@@ -1,22 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
-
-AM_CFLAGS = \
--rdynamic \
--DIPSEC_CONFDIR=\"${sysconfdir}\" \
--DIPSEC_PIDDIR=\"${piddir}\"
-
-plugin_LTLIBRARIES = libstrongswan-stroke.la
-
-libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
-  stroke_socket.h stroke_socket.c \
-  stroke_config.h stroke_config.c \
-  stroke_control.h stroke_control.c \
-  stroke_cred.h stroke_cred.c \
-  stroke_ca.h stroke_ca.c \
-  stroke_attribute.h stroke_attribute.c \
-  stroke_list.h stroke_list.c \
-  stroke_shared_key.h stroke_shared_key.c
-
-libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c
deleted file mode 100644
index 7a5ce683e..000000000
--- a/src/charon/plugins/stroke/stroke_attribute.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include "stroke_attribute.h"
-
-#include <daemon.h>
-#include <utils/linked_list.h>
-#include <utils/hashtable.h>
-#include <threading/mutex.h>
-
-#define POOL_LIMIT (sizeof(uintptr_t)*8)
-
-typedef struct private_stroke_attribute_t private_stroke_attribute_t;
-
-/**
- * private data of stroke_attribute
- */
-struct private_stroke_attribute_t {
-
-	/**
-	 * public functions
-	 */
-	stroke_attribute_t public;
-
-	/**
-	 * list of pools, contains pool_t
-	 */
-	linked_list_t *pools;
-
-	/**
-	 * mutex to lock access to pools
-	 */
-	mutex_t *mutex;
-};
-
-typedef struct {
-	/** name of the pool */
-	char *name;
-	/** base address of the pool */
-	host_t *base;
-	/** size of the pool */
-	int size;
-	/** next unused address */
-	int unused;
-	/** hashtable [identity => offset], for online leases */
-	hashtable_t *online;
-	/** hashtable [identity => offset], for offline leases */
-	hashtable_t *offline;
-	/** hashtable [identity => identity], handles identity references */
-	hashtable_t *ids;
-} pool_t;
-
-/**
- * hashtable hash function for identities
- */
-static u_int id_hash(identification_t *id)
-{
-	return chunk_hash(id->get_encoding(id));
-}
-
-/**
- * hashtable equals function for identities
- */
-static bool id_equals(identification_t *a, identification_t *b)
-{
-	return a->equals(a, b);
-}
-
-/**
- * destroy a pool_t
- */
-static void pool_destroy(pool_t *this)
-{
-	enumerator_t *enumerator;
-	identification_t *id;
-
-	enumerator = this->ids->create_enumerator(this->ids);
-	while (enumerator->enumerate(enumerator, &id, NULL))
-	{
-		id->destroy(id);
-	}
-	enumerator->destroy(enumerator);
-	this->ids->destroy(this->ids);
-	this->online->destroy(this->online);
-	this->offline->destroy(this->offline);
-	DESTROY_IF(this->base);
-	free(this->name);
-	free(this);
-}
-
-/**
- * find a pool by name
- */
-static pool_t *find_pool(private_stroke_attribute_t *this, char *name)
-{
-	enumerator_t *enumerator;
-	pool_t *current, *found = NULL;
-
-	enumerator = this->pools->create_enumerator(this->pools);
-	while (enumerator->enumerate(enumerator, &current))
-	{
-		if (streq(name, current->name))
-		{
-			found = current;
-			break;
-		}
-	}
-	enumerator->destroy(enumerator);
-	return found;
-}
-
-/**
- * convert an pool offset to an address
- */
-host_t* offset2host(pool_t *pool, int offset)
-{
-	chunk_t addr;
-	host_t *host;
-	u_int32_t *pos;
-
-	offset--;
-	if (offset > pool->size)
-	{
-		return NULL;
-	}
-
-	addr = chunk_clone(pool->base->get_address(pool->base));
-	if (pool->base->get_family(pool->base) == AF_INET6)
-	{
-		pos = (u_int32_t*)(addr.ptr + 12);
-	}
-	else
-	{
-		pos = (u_int32_t*)addr.ptr;
-	}
-	*pos = htonl(offset + ntohl(*pos));
-	host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
-	free(addr.ptr);
-	return host;
-}
-
-/**
- * convert a host to a pool offset
- */
-int host2offset(pool_t *pool, host_t *addr)
-{
-	chunk_t host, base;
-	u_int32_t hosti, basei;
-
-	if (addr->get_family(addr) != pool->base->get_family(pool->base))
-	{
-		return -1;
-	}
-	host = addr->get_address(addr);
-	base = pool->base->get_address(pool->base);
-	if (addr->get_family(addr) == AF_INET6)
-	{
-		/* only look at last /32 block */
-		if (!memeq(host.ptr, base.ptr, 12))
-		{
-			return -1;
-		}
-		host = chunk_skip(host, 12);
-		base = chunk_skip(base, 12);
-	}
-	hosti = ntohl(*(u_int32_t*)(host.ptr));
-	basei = ntohl(*(u_int32_t*)(base.ptr));
-	if (hosti > basei + pool->size)
-	{
-		return -1;
-	}
-	return hosti - basei + 1;
-}
-
-/**
- * Implementation of attribute_provider_t.acquire_address
- */
-static host_t* acquire_address(private_stroke_attribute_t *this,
-							   char *name, identification_t *id,
-							   host_t *requested)
-{
-	pool_t *pool;
-	uintptr_t offset = 0;
-	enumerator_t *enumerator;
-	identification_t *old_id;
-
-	this->mutex->lock(this->mutex);
-	pool = find_pool(this, name);
-	while (pool)
-	{
-		/* handle %config case by mirroring requested address */
-		if (pool->size == 0)
-		{
-			this->mutex->unlock(this->mutex);
-			return requested->clone(requested);
-		}
-
-		if (!requested->is_anyaddr(requested) &&
-			requested->get_family(requested) !=
-			pool->base->get_family(pool->base))
-		{
-			DBG1(DBG_CFG, "IP pool address family mismatch");
-			break;
-		}
-
-		/* check for a valid offline lease, refresh */
-		offset = (uintptr_t)pool->offline->remove(pool->offline, id);
-		if (offset)
-		{
-			id = pool->ids->get(pool->ids, id);
-			if (id)
-			{
-				DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id);
-				pool->online->put(pool->online, id, (void*)offset);
-				break;
-			}
-		}
-
-		/* check for a valid online lease, reassign */
-		offset = (uintptr_t)pool->online->get(pool->online, id);
-		if (offset && offset == host2offset(pool, requested))
-		{
-			DBG1(DBG_CFG, "reassigning online lease to '%Y'", id);
-			break;
-		}
-
-		if (pool->unused < pool->size)
-		{
-			/* assigning offset, starting by 1. Handling 0 in hashtable
-			 * is difficult. */
-			offset = ++pool->unused;
-			id = id->clone(id);
-			pool->ids->put(pool->ids, id, id);
-			pool->online->put(pool->online, id, (void*)offset);
-			DBG1(DBG_CFG, "assigning new lease to '%Y'", id);
-			break;
-		}
-		/* no more addresses, replace the first found offline lease */
-		enumerator = pool->offline->create_enumerator(pool->offline);
-		if (enumerator->enumerate(enumerator, &old_id, &offset))
-		{
-			offset = (uintptr_t)pool->offline->remove(pool->offline, old_id);
-			if (offset)
-			{
-				/* destroy reference to old ID */
-				old_id = pool->ids->remove(pool->ids, old_id);
-				DBG1(DBG_CFG, "reassigning existing offline lease by '%Y' to '%Y'",
-					 old_id, id);
-				if (old_id)
-				{
-					old_id->destroy(old_id);
-				}
-				id = id->clone(id);
-				pool->ids->put(pool->ids, id, id);
-				pool->online->put(pool->online, id, (void*)offset);
-				enumerator->destroy(enumerator);
-				break;
-			}
-		}
-		enumerator->destroy(enumerator);
-
-		DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name);
-		break;
-	}
-	this->mutex->unlock(this->mutex);
-	if (offset)
-	{
-		return offset2host(pool, offset);
-	}
-	return NULL;
-}
-
-/**
- * Implementation of attribute_provider_t.release_address
- */
-static bool release_address(private_stroke_attribute_t *this,
-							char *name, host_t *address, identification_t *id)
-{
-	pool_t *pool;
-	bool found = FALSE;
-	uintptr_t offset;
-
-	this->mutex->lock(this->mutex);
-	pool = find_pool(this, name);
-	if (pool)
-	{
-		if (pool->size != 0)
-		{
-			offset = (uintptr_t)pool->online->remove(pool->online, id);
-			if (offset)
-			{
-				id = pool->ids->get(pool->ids, id);
-				if (id)
-				{
-					DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id);
-					pool->offline->put(pool->offline, id, (void*)offset);
-					found = TRUE;
-				}
-			}
-		}
-	}
-	this->mutex->unlock(this->mutex);
-	return found;
-}
-
-/**
- * Implementation of stroke_attribute_t.add_pool.
- */
-static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
-{
-	if (msg->add_conn.other.sourceip_mask)
-	{
-		pool_t *pool;
-
-		pool = malloc_thing(pool_t);
-		pool->base = NULL;
-		pool->size = 0;
-		pool->unused = 0;
-		pool->name = strdup(msg->add_conn.name);
-		pool->online = hashtable_create((hashtable_hash_t)id_hash,
-										(hashtable_equals_t)id_equals, 16);
-		pool->offline = hashtable_create((hashtable_hash_t)id_hash,
-										(hashtable_equals_t)id_equals, 16);
-		pool->ids = hashtable_create((hashtable_hash_t)id_hash,
-										(hashtable_equals_t)id_equals, 16);
-
-		/* if %config, add an empty pool, otherwise */
-		if (msg->add_conn.other.sourceip)
-		{
-			u_int32_t bits;
-			int family;
-
-			DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d",
-				 msg->add_conn.name, msg->add_conn.other.sourceip,
-				 msg->add_conn.other.sourceip_mask);
-
-			pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0);
-			if (!pool->base)
-			{
-				pool_destroy(pool);
-				DBG1(DBG_CFG, "virtual IP address invalid, discarded");
-				return;
-			}
-			family = pool->base->get_family(pool->base);
-			bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_mask;
-			if (bits > POOL_LIMIT)
-			{
-				bits = POOL_LIMIT;
-				DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d",
-					 msg->add_conn.other.sourceip,
-					 (family == AF_INET ? 32 : 128) - bits);
-			}
-			pool->size = 1 << (bits);
-
-			if (pool->size > 2)
-			{	/* do not use first and last addresses of a block */
-				pool->unused++;
-				pool->size--;
-			}
-		}
-		this->mutex->lock(this->mutex);
-		this->pools->insert_last(this->pools, pool);
-		this->mutex->unlock(this->mutex);
-	}
-}
-
-/**
- * Implementation of stroke_attribute_t.del_pool.
- */
-static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg)
-{
-	enumerator_t *enumerator;
-	pool_t *pool;
-
-	this->mutex->lock(this->mutex);
-	enumerator = this->pools->create_enumerator(this->pools);
-	while (enumerator->enumerate(enumerator, &pool))
-	{
-		if (streq(msg->del_conn.name, pool->name))
-		{
-			this->pools->remove_at(this->pools, enumerator);
-			pool_destroy(pool);
-			break;
-		}
-	}
-	enumerator->destroy(enumerator);
-	this->mutex->unlock(this->mutex);
-}
-
-/**
- * Pool enumerator filter function, converts pool_t to name, size, ...
- */
-static bool pool_filter(void *mutex, pool_t **poolp, char **name,
-						void *d1, u_int *size, void *d2, u_int *online,
-						void *d3, u_int *offline)
-{
-	pool_t *pool = *poolp;
-
-	*name = pool->name;
-	*size = pool->size;
-	*online = pool->online->get_count(pool->online);
-	*offline = pool->offline->get_count(pool->offline);
-	return TRUE;
-}
-
-/**
- * Implementation of stroke_attribute_t.create_pool_enumerator
- */
-static enumerator_t* create_pool_enumerator(private_stroke_attribute_t *this)
-{
-	this->mutex->lock(this->mutex);
-	return enumerator_create_filter(this->pools->create_enumerator(this->pools),
-									(void*)pool_filter,
-									this->mutex, (void*)this->mutex->unlock);
-}
-
-/**
- * lease enumerator
- */
-typedef struct {
-	/** implemented enumerator interface */
-	enumerator_t public;
-	/** inner hash-table enumerator */
-	enumerator_t *inner;
-	/** enumerated pool */
-	pool_t *pool;
-	/** mutex to unlock on destruction */
-	mutex_t *mutex;
-	/** currently enumerated lease address */
-	host_t *current;
-} lease_enumerator_t;
-
-/**
- * Implementation of lease_enumerator_t.enumerate
- */
-static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out,
-							host_t **addr_out, bool *online)
-{
-	identification_t *id;
-	uintptr_t offset;
-
-	DESTROY_IF(this->current);
-	this->current = NULL;
-
-	if (this->inner->enumerate(this->inner, &id, NULL))
-	{
-		offset = (uintptr_t)this->pool->online->get(this->pool->online, id);
-		if (offset)
-		{
-			*id_out = id;
-			*addr_out = this->current = offset2host(this->pool, offset);
-			*online = TRUE;
-			return TRUE;
-		}
-		offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id);
-		if (offset)
-		{
-			*id_out = id;
-			*addr_out = this->current = offset2host(this->pool, offset);
-			*online = FALSE;
-			return TRUE;
-		}
-	}
-	return FALSE;
-}
-
-/**
- * Implementation of lease_enumerator_t.destroy
- */
-static void lease_enumerator_destroy(lease_enumerator_t *this)
-{
-	DESTROY_IF(this->current);
-	this->inner->destroy(this->inner);
-	this->mutex->unlock(this->mutex);
-	free(this);
-}
-
-/**
- * Implementation of stroke_attribute_t.create_lease_enumerator
- */
-static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this,
-											 char *pool)
-{
-	lease_enumerator_t *enumerator;
-
-	this->mutex->lock(this->mutex);
-	enumerator = malloc_thing(lease_enumerator_t);
-	enumerator->pool = find_pool(this, pool);
-	if (!enumerator->pool)
-	{
-		this->mutex->unlock(this->mutex);
-		free(enumerator);
-		return NULL;
-	}
-	enumerator->public.enumerate = (void*)lease_enumerate;
-	enumerator->public.destroy = (void*)lease_enumerator_destroy;
-	enumerator->inner = enumerator->pool->ids->create_enumerator(enumerator->pool->ids);
-	enumerator->mutex = this->mutex;
-	enumerator->current = NULL;
-	return &enumerator->public;
-}
-
-/**
- * Implementation of stroke_attribute_t.destroy
- */
-static void destroy(private_stroke_attribute_t *this)
-{
-	this->mutex->destroy(this->mutex);
-	this->pools->destroy_function(this->pools, (void*)pool_destroy);
-	free(this);
-}
-
-/*
- * see header file
- */
-stroke_attribute_t *stroke_attribute_create()
-{
-	private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t);
-
-	this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address;
-	this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address;
-	this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *vip))enumerator_create_empty;
-	this->public.add_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))add_pool;
-	this->public.del_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))del_pool;
-	this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator;
-	this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator;
-	this->public.destroy = (void(*)(stroke_attribute_t*))destroy;
-
-	this->pools = linked_list_create();
-	this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE);
-
-	return &this->public;
-}
-
diff --git a/src/charon/plugins/uci/Makefile.am b/src/charon/plugins/uci/Makefile.am
deleted file mode 100644
index 9fdbfb709..000000000
--- a/src/charon/plugins/uci/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-uci.la
-libstrongswan_uci_la_SOURCES = \
-  uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
-  uci_config.h uci_config.c uci_creds.h uci_creds.c \
-  uci_control.h uci_control.c
-libstrongswan_uci_la_LDFLAGS = -module -avoid-version
-libstrongswan_uci_la_LIBADD = -luci
-
-
diff --git a/src/charon/plugins/unit_tester/Makefile.am b/src/charon/plugins/unit_tester/Makefile.am
deleted file mode 100644
index 64846f995..000000000
--- a/src/charon/plugins/unit_tester/Makefile.am
+++ /dev/null
@@ -1,24 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
-
-AM_CFLAGS = -rdynamic
-
-plugin_LTLIBRARIES = libstrongswan-unit-tester.la
-
-libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
-  tests/test_enumerator.c \
-  tests/test_auth_info.c \
-  tests/test_curl.c \
-  tests/test_mysql.c \
-  tests/test_sqlite.c \
-  tests/test_mutex.c \
-  tests/test_rsa_gen.c \
-  tests/test_cert.c \
-  tests/test_med_db.c \
-  tests/test_chunk.c \
-  tests/test_pool.c \
-  tests/test_agent.c \
-  tests/test_id.c
-
-libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am
index d0413e64e..27d615dab 100644
--- a/src/checksum/Makefile.am
+++ b/src/checksum/Makefile.am
@@ -5,17 +5,28 @@ nodist_libchecksum_la_SOURCES = checksum.c
 libchecksum_la_LDFLAGS = -module -avoid-version
 
 checksum_builder_SOURCES = checksum_builder.c
-checksum_builder_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+checksum_builder_LDADD = \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libhydra/libhydra.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	$(DLLIB)
 
 BUILT_SOURCES = checksum.c
 CLEANFILES = checksum.c
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
 
-libs =	$(shell find $(top_builddir)/src/libstrongswan $(top_builddir)/src/charon \
+libs =	$(shell find $(top_builddir)/src/libstrongswan \
+			$(top_builddir)/src/libcharon \
+			$(top_builddir)/src/libhydra \
 			-name 'libstrongswan*.so')
 
+if USE_LIBHYDRA
+  libs += $(top_builddir)/src/libhydra/.libs/libhydra.so
+endif
+
 if USE_CHARON
+  libs += $(top_builddir)/src/libcharon/.libs/libcharon.so
   libs += $(top_builddir)/src/charon/.libs/charon
 endif
 
@@ -30,7 +41,7 @@ if USE_TOOLS
 endif
 
 if USE_ATTR_SQL
-  libs += $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool
+  libs += $(top_builddir)/src/libhydra/plugins/attr_sql/.libs/pool
 endif
 
 checksum.c : checksum_builder $(libs)
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index 6769c2601..3e0ab1e69 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -36,13 +36,15 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 noinst_PROGRAMS = checksum_builder$(EXEEXT)
-@USE_CHARON_TRUE@am__append_1 = $(top_builddir)/src/charon/.libs/charon
-@USE_PLUTO_TRUE@am__append_2 = $(top_builddir)/src/pluto/.libs/pluto
-@USE_TOOLS_TRUE@am__append_3 =  \
+@USE_LIBHYDRA_TRUE@am__append_1 = $(top_builddir)/src/libhydra/.libs/libhydra.so
+@USE_CHARON_TRUE@am__append_2 = $(top_builddir)/src/libcharon/.libs/libcharon.so \
+@USE_CHARON_TRUE@	$(top_builddir)/src/charon/.libs/charon
+@USE_PLUTO_TRUE@am__append_3 = $(top_builddir)/src/pluto/.libs/pluto
+@USE_TOOLS_TRUE@am__append_4 =  \
 @USE_TOOLS_TRUE@	$(top_builddir)/src/openac/.libs/openac \
 @USE_TOOLS_TRUE@	$(top_builddir)/src/pki/.libs/pki \
 @USE_TOOLS_TRUE@	$(top_builddir)/src/scepclient/.libs/scepclient
-@USE_ATTR_SQL_TRUE@am__append_4 = $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool
+@USE_ATTR_SQL_TRUE@am__append_5 = $(top_builddir)/src/libhydra/plugins/attr_sql/.libs/pool
 subdir = src/checksum
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -91,8 +93,12 @@ libchecksum_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 PROGRAMS = $(noinst_PROGRAMS)
 am_checksum_builder_OBJECTS = checksum_builder.$(OBJEXT)
 checksum_builder_OBJECTS = $(am_checksum_builder_OBJECTS)
+am__DEPENDENCIES_1 =
 checksum_builder_DEPENDENCIES =  \
-	$(top_builddir)/src/libstrongswan/libstrongswan.la
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libhydra/libhydra.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	$(am__DEPENDENCIES_1)
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -231,6 +237,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -269,15 +276,20 @@ ipsec_LTLIBRARIES = libchecksum.la
 nodist_libchecksum_la_SOURCES = checksum.c
 libchecksum_la_LDFLAGS = -module -avoid-version
 checksum_builder_SOURCES = checksum_builder.c
-checksum_builder_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+checksum_builder_LDADD = \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libhydra/libhydra.la \
+	$(top_builddir)/src/libcharon/libcharon.la \
+	$(DLLIB)
+
 BUILT_SOURCES = checksum.c
 CLEANFILES = checksum.c
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
 libs = $(shell find $(top_builddir)/src/libstrongswan \
-	$(top_builddir)/src/charon -name 'libstrongswan*.so') \
-	$(am__append_1) $(am__append_2) $(am__append_3) \
-	$(am__append_4)
+	$(top_builddir)/src/libcharon $(top_builddir)/src/libhydra \
+	-name 'libstrongswan*.so') $(am__append_1) $(am__append_2) \
+	$(am__append_3) $(am__append_4) $(am__append_5)
 all: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) all-am
 
diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c
index 54f4539ff..b68a25a19 100644
--- a/src/checksum/checksum_builder.c
+++ b/src/checksum/checksum_builder.c
@@ -13,17 +13,13 @@
  * for more details.
  */
 
+#define _GNU_SOURCE
 #include <stdlib.h>
 #include <stdio.h>
 #include <dlfcn.h>
 
 #include <library.h>
 
-/* we need to fake some charon symbols to dlopen() its plugins */
-void *charon, *eap_type_names, *auth_class_names, *protocol_id_names,
-*action_names, *ipsec_mode_names, *ike_sa_state_names, *child_sa_state_names,
-*policy_dir_names, *ipcomp_transform_names, *debug_names, *controller_cb_empty;
-
 int main(int argc, char* argv[])
 {
 	int i;
@@ -62,12 +58,30 @@ int main(int argc, char* argv[])
 			name[strlen(name) - 3] = '"';
 			name[strlen(name) - 2] = ',';
 			name[strlen(name) - 1] = '\0';
-			sname = "plugin_create";
+			if (asprintf(&sname, "%.*s_plugin_create", strlen(name) - 2,
+						 name) < 0)
+			{
+				fprintf(stderr, "failed to format plugin constructor "
+						"for '%s', ignored", path);
+				free(name);
+				continue;
+			}
+			translate(sname, "-", "_");
 		}
 		else if (strstr(path, "libstrongswan.so"))
 		{
 			name = strdup("libstrongswan\",");
-			sname = "library_init";
+			sname = strdup("library_init");
+		}
+		else if (strstr(path, "libhydra.so"))
+		{
+			name = strdup("libhydra\",");
+			sname = strdup("libhydra_init");
+		}
+		else if (strstr(path, "libcharon.so"))
+		{
+			name = strdup("libcharon\",");
+			sname = strdup("libcharon_init");
 		}
 		else if (strstr(path, "pool"))
 		{
@@ -126,6 +140,7 @@ int main(int argc, char* argv[])
 			   name, fsize, fsum, ssize, ssum);
 		fprintf(stderr, "\"%-20s%7u / 0x%08x       %6u / 0x%08x\n",
 				name, fsize, fsum, ssize, ssum);
+		free(sname);
 		free(name);
 	}
 	printf("};\n");
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
index 8bc08e2c1..36fdbff28 100644
--- a/src/dumm/Makefile.in
+++ b/src/dumm/Makefile.in
@@ -226,6 +226,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c
index 592fecefd..9c63beed9 100644
--- a/src/dumm/bridge.c
+++ b/src/dumm/bridge.c
@@ -69,8 +69,8 @@ static bool disconnect_iface(private_bridge_t *this, iface_t *iface)
 		{
 			if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
 			{
-				DBG1("removing iface '%s' from bridge '%s' in kernel failed: %m",
-					 iface->get_hostif(iface), this->name);
+				DBG1(DBG_LIB, "removing iface '%s' from bridge '%s' in kernel"
+					 " failed: %m", iface->get_hostif(iface), this->name);
 			}
 			else
 			{
@@ -83,8 +83,8 @@ static bool disconnect_iface(private_bridge_t *this, iface_t *iface)
 	}
 	if (iface != current)
 	{
-		DBG1("iface '%s' not found on bridge '%s'", iface->get_hostif(iface),
-			 this->name);
+		DBG1(DBG_LIB, "iface '%s' not found on bridge '%s'",
+			 iface->get_hostif(iface), this->name);
 	}
 	enumerator->destroy(enumerator);
 	return good;
@@ -97,7 +97,7 @@ static bool connect_iface(private_bridge_t *this, iface_t *iface)
 {
 	if (br_add_interface(this->name, iface->get_hostif(iface)) != 0)
 	{
-		DBG1("adding iface '%s' to bridge '%s' failed: %m",
+		DBG1(DBG_LIB, "adding iface '%s' to bridge '%s' failed: %m",
 			 iface->get_hostif(iface), this->name);
 		return FALSE;
 	}
@@ -124,7 +124,8 @@ static void destroy(private_bridge_t *this)
 	{
 		if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
 		{
-			DBG1("disconnecting iface '%s' failed: %m", iface->get_hostif(iface));
+			DBG1(DBG_LIB, "disconnecting iface '%s' failed: %m",
+				 iface->get_hostif(iface));
 		}
 		iface->set_bridge(iface, NULL);
 	}
@@ -133,7 +134,8 @@ static void destroy(private_bridge_t *this)
 	iface_control(this->name, FALSE);
 	if (br_del_bridge(this->name) != 0)
 	{
-		DBG1("deleting bridge '%s' from kernel failed: %m", this->name);
+		DBG1(DBG_LIB, "deleting bridge '%s' from kernel failed: %m",
+			 this->name);
 	}
 	free(this->name);
 	free(this);
@@ -154,7 +156,7 @@ bridge_t *bridge_create(char *name)
 	{
 		if (br_init() != 0)
 		{
-			DBG1("libbridge initialization failed: %m");
+			DBG1(DBG_LIB, "libbridge initialization failed: %m");
 			return NULL;
 		}
 	}
@@ -168,13 +170,13 @@ bridge_t *bridge_create(char *name)
 
 	if (br_add_bridge(name) != 0)
 	{
-		DBG1("creating bridge '%s' failed: %m", name);
+		DBG1(DBG_LIB, "creating bridge '%s' failed: %m", name);
 		free(this);
 		return NULL;
 	}
 	if (!iface_control(name, TRUE))
 	{
-		DBG1("bringing bridge '%s' up failed: %m", name);
+		DBG1(DBG_LIB, "bringing bridge '%s' up failed: %m", name);
 	}
 
 	this->name = strdup(name);
diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c
index f7b6b0cf3..70767890b 100644
--- a/src/dumm/cowfs.c
+++ b/src/dumm/cowfs.c
@@ -493,12 +493,12 @@ static int cowfs_link(const char *from, const char *to)
 
 	if (!clone_path(rd, wr, to))
 	{
-		DBG1("cloning path '%s' failed", to);
+		DBG1(DBG_LIB, "cloning path '%s' failed", to);
 		return -errno;
 	}
 	if (linkat(rd, from, wr, to, 0) < 0)
 	{
-		DBG1("linking '%s' to '%s' failed", from, to);
+		DBG1(DBG_LIB, "linking '%s' to '%s' failed", from, to);
 		return -errno;
 	}
 	return 0;
@@ -777,7 +777,7 @@ static bool set_overlay(private_cowfs_t *this, char *path)
 		this->over_fd = open(path, O_RDONLY | O_DIRECTORY);
 		if (this->over_fd < 0)
 		{
-			DBG1("failed to open overlay directory '%s': %m", path);
+			DBG1(DBG_LIB, "failed to open overlay directory '%s': %m", path);
 			return FALSE;
 		}
 		this->over = strdup(path);
@@ -821,14 +821,14 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
 	this->master_fd = open(master, O_RDONLY | O_DIRECTORY);
 	if (this->master_fd < 0)
 	{
-		DBG1("failed to open master filesystem '%s'", master);
+		DBG1(DBG_LIB, "failed to open master filesystem '%s'", master);
 		free(this);
 		return NULL;
 	}
 	this->host_fd = open(host, O_RDONLY | O_DIRECTORY);
 	if (this->host_fd < 0)
 	{
-		DBG1("failed to open host filesystem '%s'", host);
+		DBG1(DBG_LIB, "failed to open host filesystem '%s'", host);
 		close(this->master_fd);
 		free(this);
 		return NULL;
@@ -838,7 +838,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
 	this->chan = fuse_mount(mount, &args);
 	if (this->chan == NULL)
 	{
-		DBG1("mounting cowfs FUSE on '%s' failed", mount);
+		DBG1(DBG_LIB, "mounting cowfs FUSE on '%s' failed", mount);
 		close(this->master_fd);
 		close(this->host_fd);
 		free(this);
@@ -849,7 +849,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
 						  sizeof(cowfs_operations), this);
 	if (this->fuse == NULL)
 	{
-		DBG1("creating cowfs FUSE handle failed");
+		DBG1(DBG_LIB, "creating cowfs FUSE handle failed");
 		close(this->master_fd);
 		close(this->host_fd);
 		fuse_unmount(mount, this->chan);
@@ -865,7 +865,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount)
 	this->thread = thread_create((thread_main_t)fuse_loop, this->fuse);
 	if (!this->thread)
 	{
-		DBG1("creating thread to handle FUSE failed");
+		DBG1(DBG_LIB, "creating thread to handle FUSE failed");
 		fuse_unmount(mount, this->chan);
 		free(this->mount);
 		free(this->master);
diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c
index 0e8ab43f3..7ec340089 100644
--- a/src/dumm/dumm.c
+++ b/src/dumm/dumm.c
@@ -162,7 +162,7 @@ static bool load_template(private_dumm_t *this, char *dir)
 	}
 	if (strlen(dir) > PATH_MAX)
 	{
-		DBG1("template directory string '%s' is too long", dir);
+		DBG1(DBG_LIB, "template directory string '%s' is too long", dir);
 		return FALSE;
 	}
 
@@ -175,7 +175,8 @@ static bool load_template(private_dumm_t *this, char *dir)
 	{	/* does not exist, create template */
 		if (!mkdir_p(this->template, PERME))
 		{
-			DBG1("creating template directory '%s' failed: %m", this->template);
+			DBG1(DBG_LIB, "creating template directory '%s' failed: %m",
+				 this->template);
 			return FALSE;
 		}
 	}
@@ -302,7 +303,8 @@ static void load_guests(private_dumm_t *this)
 		}
 		else
 		{
-			DBG1("loading guest in directory '%s' failed, skipped", ent->d_name);
+			DBG1(DBG_LIB, "loading guest in directory '%s' failed, skipped",
+				 ent->d_name);
 		}
 	}
 	closedir(dir);
@@ -360,7 +362,8 @@ dumm_t *dumm_create(char *dir)
 	if (this->dir == NULL || this->guest_dir == NULL ||
 		(mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST))
 	{
-		DBG1("creating guest directory '%s' failed: %m", this->guest_dir);
+		DBG1(DBG_LIB, "creating guest directory '%s' failed: %m",
+			 this->guest_dir);
 		destroy(this);
 		return NULL;
 	}
diff --git a/src/dumm/guest.c b/src/dumm/guest.c
index 112adb441..ebd87769a 100644
--- a/src/dumm/guest.c
+++ b/src/dumm/guest.c
@@ -100,7 +100,8 @@ static iface_t* create_iface(private_guest_t *this, char *name)
 
 	if (this->state != GUEST_RUNNING)
 	{
-		DBG1("guest '%s' not running, unable to add interface", this->name);
+		DBG1(DBG_LIB, "guest '%s' not running, unable to add interface",
+			 this->name);
 		return NULL;
 	}
 
@@ -109,7 +110,8 @@ static iface_t* create_iface(private_guest_t *this, char *name)
 	{
 		if (streq(name, iface->get_guestif(iface)))
 		{
-			DBG1("guest '%s' already has an interface '%s'", this->name, name);
+			DBG1(DBG_LIB, "guest '%s' already has an interface '%s'",
+				 this->name, name);
 			enumerator->destroy(enumerator);
 			return NULL;
 		}
@@ -251,7 +253,8 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data,
 
 	if (this->state != GUEST_STOPPED)
 	{
-		DBG1("unable to start guest in state %N", guest_state_names, this->state);
+		DBG1(DBG_LIB, "unable to start guest in state %N", guest_state_names,
+			 this->state);
 		return FALSE;
 	}
 	this->state = GUEST_STARTING;
@@ -284,7 +287,7 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data,
 	this->mconsole = mconsole_create(notify, idle);
 	if (this->mconsole == NULL)
 	{
-		DBG1("opening mconsole at '%s' failed, stopping guest", buf);
+		DBG1(DBG_LIB, "opening mconsole at '%s' failed, stopping guest", buf);
 		stop(this, NULL);
 		return FALSE;
 	}
@@ -315,7 +318,8 @@ static bool load_template(private_guest_t *this, char *path)
 	{
 		if (!mkdir_p(dir, PERME))
 		{
-			DBG1("creating overlay for guest '%s' failed: %m", this->name);
+			DBG1(DBG_LIB, "creating overlay for guest '%s' failed: %m",
+				 this->name);
 			return FALSE;
 		}
 	}
@@ -595,7 +599,7 @@ static private_guest_t *guest_create_generic(char *parent, char *name,
 	this->dir = open(this->dirname, O_DIRECTORY, PERME);
 	if (this->dir < 0)
 	{
-		DBG1("opening guest directory '%s' failed: %m", this->dirname);
+		DBG1(DBG_LIB, "opening guest directory '%s' failed: %m", this->dirname);
 		free(this->dirname);
 		free(this);
 		return NULL;
@@ -647,7 +651,7 @@ guest_t *guest_create(char *parent, char *name, char *kernel,
 	if (!make_symlink(this, master, MASTER_DIR) ||
 		!make_symlink(this, kernel, KERNEL_FILE))
 	{
-		DBG1("creating master/kernel symlink failed: %m");
+		DBG1(DBG_LIB, "creating master/kernel symlink failed: %m");
 		destroy(this);
 		return NULL;
 	}
@@ -655,7 +659,7 @@ guest_t *guest_create(char *parent, char *name, char *kernel,
 	if (mkdirat(this->dir, UNION_DIR, PERME) != 0 ||
 		mkdirat(this->dir, DIFF_DIR, PERME) != 0)
 	{
-		DBG1("unable to create directories for '%s': %m", name);
+		DBG1(DBG_LIB, "unable to create directories for '%s': %m", name);
 		destroy(this);
 		return NULL;
 	}
diff --git a/src/dumm/iface.c b/src/dumm/iface.c
index 9910c392e..1b5b7d717 100644
--- a/src/dumm/iface.c
+++ b/src/dumm/iface.c
@@ -196,7 +196,7 @@ static bool destroy_tap(private_iface_t *this)
 
 	if (!iface_control(this->hostif, FALSE))
 	{
-		DBG1("bringing iface down failed: %m");
+		DBG1(DBG_LIB, "bringing iface down failed: %m");
 	}
 	memset(&ifr, 0, sizeof(ifr));
 	ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
@@ -205,13 +205,13 @@ static bool destroy_tap(private_iface_t *this)
 	tap = open(TAP_DEVICE, O_RDWR);
 	if (tap < 0)
 	{
-		DBG1("unable to open tap device %s: %m", TAP_DEVICE);
+		DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
 		return FALSE;
 	}
 	if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
 		ioctl(tap, TUNSETPERSIST, 0) < 0)
 	{
-		DBG1("removing %s failed: %m", this->hostif);
+		DBG1(DBG_LIB, "removing %s failed: %m", this->hostif);
 		close(tap);
 		return FALSE;
 	}
@@ -235,14 +235,14 @@ static char* create_tap(private_iface_t *this)
 	tap = open(TAP_DEVICE, O_RDWR);
 	if (tap < 0)
 	{
-		DBG1("unable to open tap device %s: %m", TAP_DEVICE);
+		DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
 		return NULL;
 	}
 	if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
 		ioctl(tap, TUNSETPERSIST, 1) < 0 ||
 		ioctl(tap, TUNSETOWNER, 0))
 	{
-		DBG1("creating new tap device failed: %m");
+		DBG1(DBG_LIB, "creating new tap device failed: %m");
 		close(tap);
 		return NULL;
 	}
@@ -299,7 +299,7 @@ iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole)
 	}
 	if (!this->mconsole->add_iface(this->mconsole, this->guestif, this->hostif))
 	{
-		DBG1("creating interface '%s' in guest failed", this->guestif);
+		DBG1(DBG_LIB, "creating interface '%s' in guest failed", this->guestif);
 		destroy_tap(this);
 		free(this->guestif);
 		free(this->hostif);
@@ -308,7 +308,7 @@ iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole)
 	}
 	if (!iface_control(this->hostif, TRUE))
 	{
-		DBG1("bringing iface '%s' up failed: %m", this->hostif);
+		DBG1(DBG_LIB, "bringing iface '%s' up failed: %m", this->hostif);
 	}
 	return &this->public;
 }
diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c
index 35984bdd5..7d982a54c 100644
--- a/src/dumm/mconsole.c
+++ b/src/dumm/mconsole.c
@@ -120,7 +120,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
 
 	if (len < 0)
 	{
-		DBG1("sending mconsole command to UML failed: %m");
+		DBG1(DBG_LIB, "sending mconsole command to UML failed: %m");
 		return -1;
 	}
 	do
@@ -136,7 +136,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
 		}
 		if (len < 0)
 		{
-			DBG1("receiving from mconsole failed: %m");
+			DBG1(DBG_LIB, "receiving from mconsole failed: %m");
 			return -1;
 		}
 		if (len > 0)
@@ -149,7 +149,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
 			{
 				if (reply.len && *reply.data)
 				{
-					DBG1("received mconsole error %d: %.*s",
+					DBG1(DBG_LIB, "received mconsole error %d: %.*s",
 						 reply.err, reply.len, reply.data);
 				}
 				break;
@@ -245,7 +245,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
 	this->notify = socket(AF_UNIX, SOCK_DGRAM, 0);
 	if (this->notify < 0)
 	{
-		DBG1("opening mconsole notify socket failed: %m");
+		DBG1(DBG_LIB, "opening mconsole notify socket failed: %m");
 		return FALSE;
 	}
 	memset(&addr, 0, sizeof(addr));
@@ -253,7 +253,8 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
 	strncpy(addr.sun_path, nsock, sizeof(addr.sun_path));
 	if (bind(this->notify, (struct sockaddr*)&addr, sizeof(addr)) < 0)
 	{
-		DBG1("binding mconsole notify socket to '%s' failed: %m", nsock);
+		DBG1(DBG_LIB, "binding mconsole notify socket to '%s' failed: %m",
+			 nsock);
 		close(this->notify);
 		return FALSE;
 	}
@@ -273,7 +274,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
 
 	if (len < 0 || len >= sizeof(notify))
 	{
-		DBG1("reading from mconsole notify socket failed: %m");
+		DBG1(DBG_LIB, "reading from mconsole notify socket failed: %m");
 		close(this->notify);
 		unlink(nsock);
 		return FALSE;
@@ -282,8 +283,8 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock)
 		notify.version != MCONSOLE_VERSION ||
 		notify.type != MCONSOLE_SOCKET)
 	{
-		DBG1("received unexpected message from mconsole notify socket: %b",
-			 &notify, sizeof(notify));
+		DBG1(DBG_LIB, "received unexpected message from mconsole notify"
+			 " socket: %b", &notify, sizeof(notify));
 		close(this->notify);
 		unlink(nsock);
 		return FALSE;
@@ -304,7 +305,7 @@ static bool setup_console(private_mconsole_t *this)
 	this->console = socket(AF_UNIX, SOCK_DGRAM, 0);
 	if (this->console < 0)
 	{
-		DBG1("opening mconsole socket failed: %m");
+		DBG1(DBG_LIB, "opening mconsole socket failed: %m");
 		return FALSE;
 	}
 	memset(&addr, 0, sizeof(addr));
@@ -313,7 +314,8 @@ static bool setup_console(private_mconsole_t *this)
 			 getpid(), this->console);
 	if (bind(this->console, (struct sockaddr*)&addr, sizeof(addr)) < 0)
 	{
-		DBG1("binding mconsole socket to '%s' failed: %m", &addr.sun_path[1]);
+		DBG1(DBG_LIB, "binding mconsole socket to '%s' failed: %m",
+			 &addr.sun_path[1]);
 		close(this->console);
 		return FALSE;
 	}
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 6aeb84bae..9edad1141 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -1,3 +1,3 @@
 EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
              linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \
-             sys/queue.h
+             linux/jhash.h sys/queue.h
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index 762b32649..720ba3a11 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -172,6 +172,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -208,7 +209,7 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \
              linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \
-             sys/queue.h
+             linux/jhash.h sys/queue.h
 
 all: all-am
 
diff --git a/src/include/linux/jhash.h b/src/include/linux/jhash.h
new file mode 100644
index 000000000..2a2f99fbc
--- /dev/null
+++ b/src/include/linux/jhash.h
@@ -0,0 +1,143 @@
+#ifndef _LINUX_JHASH_H
+#define _LINUX_JHASH_H
+
+/* jhash.h: Jenkins hash support.
+ *
+ * Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net)
+ *
+ * http://burtleburtle.net/bob/hash/
+ *
+ * These are the credits from Bob's sources:
+ *
+ * lookup2.c, by Bob Jenkins, December 1996, Public Domain.
+ * hash(), hash2(), hash3, and mix() are externally useful functions.
+ * Routines to test the hash are included if SELF_TEST is defined.
+ * You can use this free for any purpose.  It has no warranty.
+ *
+ * Copyright (C) 2003 David S. Miller (davem@redhat.com)
+ *
+ * I've modified Bob's hash to be useful in the Linux kernel, and
+ * any bugs present are surely my fault.  -DaveM
+ */
+
+/* NOTE: Arguments are modified. */
+#define __jhash_mix(a, b, c) \
+{ \
+  a -= b; a -= c; a ^= (c>>13); \
+  b -= c; b -= a; b ^= (a<<8); \
+  c -= a; c -= b; c ^= (b>>13); \
+  a -= b; a -= c; a ^= (c>>12);  \
+  b -= c; b -= a; b ^= (a<<16); \
+  c -= a; c -= b; c ^= (b>>5); \
+  a -= b; a -= c; a ^= (c>>3);  \
+  b -= c; b -= a; b ^= (a<<10); \
+  c -= a; c -= b; c ^= (b>>15); \
+}
+
+/* The golden ration: an arbitrary value */
+#define JHASH_GOLDEN_RATIO	0x9e3779b9
+
+/* The most generic version, hashes an arbitrary sequence
+ * of bytes.  No alignment or length assumptions are made about
+ * the input key.
+ */
+static inline u32 jhash(const void *key, u32 length, u32 initval)
+{
+	u32 a, b, c, len;
+	const u8 *k = key;
+
+	len = length;
+	a = b = JHASH_GOLDEN_RATIO;
+	c = initval;
+
+	while (len >= 12) {
+		a += (k[0] +((u32)k[1]<<8) +((u32)k[2]<<16) +((u32)k[3]<<24));
+		b += (k[4] +((u32)k[5]<<8) +((u32)k[6]<<16) +((u32)k[7]<<24));
+		c += (k[8] +((u32)k[9]<<8) +((u32)k[10]<<16)+((u32)k[11]<<24));
+
+		__jhash_mix(a,b,c);
+
+		k += 12;
+		len -= 12;
+	}
+
+	c += length;
+	switch (len) {
+	case 11: c += ((u32)k[10]<<24);
+	case 10: c += ((u32)k[9]<<16);
+	case 9 : c += ((u32)k[8]<<8);
+	case 8 : b += ((u32)k[7]<<24);
+	case 7 : b += ((u32)k[6]<<16);
+	case 6 : b += ((u32)k[5]<<8);
+	case 5 : b += k[4];
+	case 4 : a += ((u32)k[3]<<24);
+	case 3 : a += ((u32)k[2]<<16);
+	case 2 : a += ((u32)k[1]<<8);
+	case 1 : a += k[0];
+	};
+
+	__jhash_mix(a,b,c);
+
+	return c;
+}
+
+/* A special optimized version that handles 1 or more of u32s.
+ * The length parameter here is the number of u32s in the key.
+ */
+static inline u32 jhash2(const u32 *k, u32 length, u32 initval)
+{
+	u32 a, b, c, len;
+
+	a = b = JHASH_GOLDEN_RATIO;
+	c = initval;
+	len = length;
+
+	while (len >= 3) {
+		a += k[0];
+		b += k[1];
+		c += k[2];
+		__jhash_mix(a, b, c);
+		k += 3; len -= 3;
+	}
+
+	c += length * 4;
+
+	switch (len) {
+	case 2 : b += k[1];
+	case 1 : a += k[0];
+	};
+
+	__jhash_mix(a,b,c);
+
+	return c;
+}
+
+
+/* A special ultra-optimized versions that knows they are hashing exactly
+ * 3, 2 or 1 word(s).
+ *
+ * NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally
+ *       done at the end is not done here.
+ */
+static inline u32 jhash_3words(u32 a, u32 b, u32 c, u32 initval)
+{
+	a += JHASH_GOLDEN_RATIO;
+	b += JHASH_GOLDEN_RATIO;
+	c += initval;
+
+	__jhash_mix(a, b, c);
+
+	return c;
+}
+
+static inline u32 jhash_2words(u32 a, u32 b, u32 initval)
+{
+	return jhash_3words(a, b, 0, initval);
+}
+
+static inline u32 jhash_1word(u32 a, u32 initval)
+{
+	return jhash_3words(a, 0, 0, initval);
+}
+
+#endif /* _LINUX_JHASH_H */
diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h
index b4b0712a4..7379d1a94 100644
--- a/src/include/linux/pfkeyv2.h
+++ b/src/include/linux/pfkeyv2.h
@@ -315,6 +315,7 @@ struct sadb_x_kmaddress {
 #define SADB_X_EALG_AES_GCM_ICV12	19
 #define SADB_X_EALG_AES_GCM_ICV16	20
 #define SADB_X_EALG_CAMELLIACBC		22
+#define SADB_X_EALG_NULL_AES_GMAC	23
 #define SADB_EALG_MAX                   253 /* last EALG */
 /* private allocations should use 249-255 (RFC2407) */
 #define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index ff88ed1ff..3834b672a 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in
index 1da3c2d90..0bddc201a 100755
--- a/src/ipsec/ipsec.in
+++ b/src/ipsec/ipsec.in
@@ -2,13 +2,13 @@
 # prefix command to run stuff from our programs directory
 # Copyright (C) 1998-2002  Henry Spencer.
 # Copyright (C) 2006 Andreas Steffen
-# Copyright (C) 2006 Martin Willi 
-# 
+# Copyright (C) 2006 Martin Willi
+#
 # This program is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by the
 # Free Software Foundation; either version 2 of the License, or (at your
 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
-# 
+#
 # This program is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
@@ -67,7 +67,7 @@ case "$1" in
 	echo "	rereadacerts|rereadcrls|rereadall"
 	echo "	purgeocsp|purgeike"
 	echo "	scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
- 	echo "	openac"
+	echo "	openac"
 	echo "	pluto"
 	echo "	scepclient"
 	echo "	secrets"
@@ -138,17 +138,26 @@ listcards|rereadgroups)
 		$IPSEC_WHACK "$@" "--$op"
 		rc="$?"
 	fi
-	if [ -e $IPSEC_CHARON_PID ] 
-	then 
-		exit 3 
-	else 
-		exit 7 
-	fi 
+	if [ -e $IPSEC_CHARON_PID ]
+	then
+		exit 3
+	else
+		exit 7
+	fi
 	;;
 leases)
 	op="$1"
 	rc=7
 	shift
+	if [ -e $IPSEC_PLUTO_PID ]
+	then
+		case "$#" in
+		0) $IPSEC_WHACK "--$op" ;;
+		1) $IPSEC_WHACK "--$op" --name "$1" ;;
+		*) $IPSEC_WHACK "--$op" --name "$1" --lease-addr "$2" ;;
+		esac
+		rc="$?"
+	fi
 	if [ -e $IPSEC_CHARON_PID ]
 	then
 		case "$#" in
@@ -330,7 +339,7 @@ stop)
 			fi
 		fi
 	else
-	    	echo "Stopping strongSwan IPsec failed: starter is not running" >&2
+		echo "Stopping strongSwan IPsec failed: starter is not running" >&2
 	fi
 	if [ -d /var/lock/subsys ]; then
 		rm -f /var/lock/subsys/ipsec
diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk
new file mode 100644
index 000000000..d473b455e
--- /dev/null
+++ b/src/libcharon/Android.mk
@@ -0,0 +1,174 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+bus/bus.c bus/bus.h \
+bus/listeners/listener.h \
+bus/listeners/file_logger.c bus/listeners/file_logger.h \
+bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+config/backend_manager.c config/backend_manager.h config/backend.h \
+config/child_cfg.c config/child_cfg.h \
+config/ike_cfg.c config/ike_cfg.h \
+config/peer_cfg.c config/peer_cfg.h \
+config/proposal.c config/proposal.h \
+config/auth_cfg.c config/auth_cfg.h \
+control/controller.c control/controller.h \
+daemon.c daemon.h \
+encoding/generator.c encoding/generator.h \
+encoding/message.c encoding/message.h \
+encoding/parser.c encoding/parser.h \
+encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
+encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
+encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
+encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
+encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
+encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
+encoding/payloads/encodings.c encoding/payloads/encodings.h \
+encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+encoding/payloads/ke_payload.c  encoding/payloads/ke_payload.h \
+encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
+encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
+encoding/payloads/payload.c encoding/payloads/payload.h \
+encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
+encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
+encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
+encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
+encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
+encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+kernel/kernel_net.h \
+network/packet.c network/packet.h \
+network/receiver.c network/receiver.h \
+network/sender.c network/sender.h \
+network/socket_manager.c network/socket_manager.h network/socket.h \
+processing/jobs/job.h \
+processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
+processing/jobs/callback_job.c processing/jobs/callback_job.h \
+processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
+processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
+processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
+processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
+processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
+processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
+processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
+processing/jobs/roam_job.c processing/jobs/roam_job.h \
+processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \
+processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \
+processing/scheduler.c processing/scheduler.h \
+processing/processor.c processing/processor.h  \
+sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
+sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
+sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
+sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
+sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
+sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
+sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
+sa/child_sa.c sa/child_sa.h \
+sa/ike_sa.c sa/ike_sa.h \
+sa/ike_sa_id.c sa/ike_sa_id.h \
+sa/ike_sa_manager.c sa/ike_sa_manager.h \
+sa/task_manager.c sa/task_manager.h \
+sa/keymat.c sa/keymat.h \
+sa/trap_manager.c sa/trap_manager.h \
+sa/tasks/child_create.c sa/tasks/child_create.h \
+sa/tasks/child_delete.c sa/tasks/child_delete.h \
+sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
+sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+sa/tasks/ike_config.c sa/tasks/ike_config.h \
+sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
+sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
+sa/tasks/ike_init.c sa/tasks/ike_init.h \
+sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \
+sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
+sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
+sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
+sa/tasks/task.c sa/tasks/task.h \
+credentials/credential_manager.c credentials/credential_manager.h \
+credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
+credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
+credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/credential_set.h
+
+# adding the plugin source files
+
+LOCAL_SRC_FILES += $(call add_plugin, android)
+ifneq ($(call plugin_enabled, android)),)
+LOCAL_SHARED_LIBRARIES += libcutils
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, attr)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-aka)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-aka-3gpp2)
+ifneq ($(call plugin_enabled, eap-aka-3gpp2)),)
+LOCAL_C_INCLUDES += $(libgmp_PATH)
+LOCAL_SHARED_LIBRARIES += libgmp
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-gtc)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-identity)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-md5)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-mschapv2)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-sim)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-simaka-pseudonym)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-simaka-reauth)
+
+LOCAL_SRC_FILES += $(call add_plugin, eap-sim-file)
+
+# adding libakasim if either eap-aka or eap-sim is enabled
+ifneq ($(or $(call plugin_enabled, eap-aka), $(call plugin_enabled, eap-sim)),)
+LOCAL_C_INCLUDES += $(LOCAL_PATH)/../libsimaka/
+LOCAL_SRC_FILES += $(addprefix ../libsimaka/, \
+		simaka_message.h simaka_message.c \
+		simaka_crypto.h simaka_crypto.c \
+	)
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
+
+LOCAL_SRC_FILES += $(call add_plugin, load-tester)
+
+LOCAL_SRC_FILES += $(call add_plugin, socket-default)
+
+LOCAL_SRC_FILES += $(call add_plugin, socket-dynamic)
+
+# build libcharon --------------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+	$(libvstr_PATH) \
+	$(strongswan_PATH)/src/include \
+	$(strongswan_PATH)/src/libhydra \
+	$(strongswan_PATH)/src/libstrongswan
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS)
+
+LOCAL_MODULE := libcharon
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libstrongswan libhydra
+
+include $(BUILD_SHARED_LIBRARY)
+
diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am
new file mode 100644
index 000000000..0eaccf7a0
--- /dev/null
+++ b/src/libcharon/Makefile.am
@@ -0,0 +1,418 @@
+lib_LTLIBRARIES = libcharon.la
+
+libcharon_la_SOURCES = \
+bus/bus.c bus/bus.h \
+bus/listeners/listener.h \
+bus/listeners/file_logger.c bus/listeners/file_logger.h \
+bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+config/backend_manager.c config/backend_manager.h config/backend.h \
+config/child_cfg.c config/child_cfg.h \
+config/ike_cfg.c config/ike_cfg.h \
+config/peer_cfg.c config/peer_cfg.h \
+config/proposal.c config/proposal.h \
+config/auth_cfg.c config/auth_cfg.h \
+control/controller.c control/controller.h \
+daemon.c daemon.h \
+encoding/generator.c encoding/generator.h \
+encoding/message.c encoding/message.h \
+encoding/parser.c encoding/parser.h \
+encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \
+encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \
+encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \
+encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \
+encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \
+encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \
+encoding/payloads/encodings.c encoding/payloads/encodings.h \
+encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \
+encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+encoding/payloads/ke_payload.c  encoding/payloads/ke_payload.h \
+encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \
+encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \
+encoding/payloads/payload.c encoding/payloads/payload.h \
+encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \
+encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \
+encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
+encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \
+encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \
+encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \
+kernel/kernel_interface.c kernel/kernel_interface.h \
+kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+kernel/kernel_net.h \
+network/packet.c network/packet.h \
+network/receiver.c network/receiver.h \
+network/sender.c network/sender.h \
+network/socket_manager.c network/socket_manager.h network/socket.h \
+processing/jobs/job.h \
+processing/jobs/acquire_job.c processing/jobs/acquire_job.h \
+processing/jobs/callback_job.c processing/jobs/callback_job.h \
+processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \
+processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \
+processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+processing/jobs/process_message_job.c processing/jobs/process_message_job.h \
+processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \
+processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \
+processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \
+processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \
+processing/jobs/roam_job.c processing/jobs/roam_job.h \
+processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \
+processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \
+processing/scheduler.c processing/scheduler.h \
+processing/processor.c processing/processor.h  \
+sa/authenticators/authenticator.c sa/authenticators/authenticator.h \
+sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
+sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
+sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
+sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \
+sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
+sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
+sa/child_sa.c sa/child_sa.h \
+sa/ike_sa.c sa/ike_sa.h \
+sa/ike_sa_id.c sa/ike_sa_id.h \
+sa/ike_sa_manager.c sa/ike_sa_manager.h \
+sa/task_manager.c sa/task_manager.h \
+sa/keymat.c sa/keymat.h \
+sa/trap_manager.c sa/trap_manager.h \
+sa/tasks/child_create.c sa/tasks/child_create.h \
+sa/tasks/child_delete.c sa/tasks/child_delete.h \
+sa/tasks/child_rekey.c sa/tasks/child_rekey.h \
+sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+sa/tasks/ike_config.c sa/tasks/ike_config.h \
+sa/tasks/ike_delete.c sa/tasks/ike_delete.h \
+sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \
+sa/tasks/ike_init.c sa/tasks/ike_init.h \
+sa/tasks/ike_natd.c sa/tasks/ike_natd.h \
+sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \
+sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \
+sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \
+sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \
+sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \
+sa/tasks/task.c sa/tasks/task.h \
+credentials/credential_manager.c credentials/credential_manager.h \
+credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
+credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
+credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/credential_set.h
+
+daemon.lo :		$(top_builddir)/config.status
+
+INCLUDES = \
+	-I${linux_headers} \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = \
+	-DIPSEC_DIR=\"${ipsecdir}\" \
+	-DIPSEC_PIDDIR=\"${piddir}\"
+
+libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB)
+
+EXTRA_DIST = Android.mk
+
+# compile options
+#################
+
+if USE_ME
+  libcharon_la_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
+    processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
+    processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
+    sa/connect_manager.c sa/connect_manager.h \
+    sa/mediation_manager.c sa/mediation_manager.h \
+    sa/tasks/ike_me.c sa/tasks/ike_me.h
+endif
+
+if USE_CAPABILITIES
+  libcharon_la_LIBADD += -lcap
+endif
+
+# build optional plugins
+########################
+
+if MONOLITHIC
+SUBDIRS =
+else
+SUBDIRS = .
+endif
+
+PLUGINS = ${libstrongswan_plugins} ${libhydra_plugins}
+
+if USE_LOAD_TESTER
+  SUBDIRS += plugins/load_tester
+  PLUGINS += load-tester
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/load_tester/libstrongswan-load-tester.la
+endif
+endif
+
+if USE_KERNEL_PFKEY
+  SUBDIRS += plugins/kernel_pfkey
+  PLUGINS += kernel-pfkey
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+endif
+endif
+
+if USE_KERNEL_PFROUTE
+  SUBDIRS += plugins/kernel_pfroute
+  PLUGINS += kernel-pfroute
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+endif
+endif
+
+if USE_KERNEL_KLIPS
+  SUBDIRS += plugins/kernel_klips
+  PLUGINS += kernel-klips
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/kernel_klips/libstrongswan-kernel-klips.la
+endif
+endif
+
+if USE_KERNEL_NETLINK
+  SUBDIRS += plugins/kernel_netlink
+  PLUGINS += kernel-netlink
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/kernel_netlink/libstrongswan-kernel-netlink.la
+endif
+endif
+
+if USE_SOCKET_DEFAULT
+  SUBDIRS += plugins/socket_default
+  PLUGINS += socket-default
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/socket_default/libstrongswan-socket-default.la
+endif
+endif
+
+if USE_SOCKET_RAW
+  SUBDIRS += plugins/socket_raw
+  PLUGINS += socket-raw
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/socket_raw/libstrongswan-socket-raw.la
+endif
+endif
+
+if USE_SOCKET_DYNAMIC
+  SUBDIRS += plugins/socket_dynamic
+  PLUGINS += socket-dynamic
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/socket_dynamic/libstrongswan-socket-dynamic.la
+endif
+endif
+
+if USE_FARP
+  SUBDIRS += plugins/farp
+  PLUGINS += farp
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/farp/libstrongswan-farp.la
+endif
+endif
+
+if USE_STROKE
+  SUBDIRS += plugins/stroke
+  PLUGINS += stroke
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/stroke/libstrongswan-stroke.la
+endif
+endif
+
+if USE_SMP
+  SUBDIRS += plugins/smp
+  PLUGINS += smp
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/smp/libstrongswan-smp.la
+endif
+endif
+
+if USE_SQL
+  SUBDIRS += plugins/sql
+  PLUGINS += sql
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/sql/libstrongswan-sql.la
+endif
+endif
+
+if USE_UPDOWN
+  SUBDIRS += plugins/updown
+  PLUGINS += updown
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/updown/libstrongswan-updown.la
+endif
+endif
+
+if USE_EAP_IDENTITY
+  SUBDIRS += plugins/eap_identity
+  PLUGINS += eap-identity
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_identity/libstrongswan-eap-identity.la
+endif
+endif
+
+if USE_EAP_SIM
+  SUBDIRS += plugins/eap_sim
+  PLUGINS += eap-sim
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_sim/libstrongswan-eap-sim.la
+endif
+endif
+
+if USE_EAP_SIM_FILE
+  SUBDIRS += plugins/eap_sim_file
+  PLUGINS += eap-sim-file
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_sim_file/libstrongswan-eap-sim-file.la
+endif
+endif
+
+if USE_EAP_SIMAKA_PSEUDONYM
+  SUBDIRS += plugins/eap_simaka_pseudonym
+  PLUGINS += eap-simaka-pseudonym
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
+endif
+endif
+
+if USE_EAP_SIMAKA_REAUTH
+  SUBDIRS += plugins/eap_simaka_reauth
+  PLUGINS += eap-simaka-reauth
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
+endif
+endif
+
+if USE_EAP_AKA
+  SUBDIRS += plugins/eap_aka
+  PLUGINS += eap-aka
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_aka/libstrongswan-eap-aka.la
+endif
+endif
+
+if USE_EAP_AKA_3GPP2
+  SUBDIRS += plugins/eap_aka_3gpp2
+  PLUGINS += eap-aka-3gpp2
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
+endif
+endif
+
+if USE_SIMAKA
+if MONOLITHIC
+  # otherwise this library is linked to both the eap_aka and the eap_sim plugin
+  libcharon_la_LIBADD += $(top_builddir)/src/libsimaka/libsimaka.la
+endif
+endif
+
+if USE_EAP_MD5
+  SUBDIRS += plugins/eap_md5
+  PLUGINS += eap-md5
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_md5/libstrongswan-eap-md5.la
+endif
+endif
+
+if USE_EAP_GTC
+  SUBDIRS += plugins/eap_gtc
+  PLUGINS += eap-gtc
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_gtc/libstrongswan-eap-gtc.la
+endif
+endif
+
+if USE_EAP_MSCHAPV2
+  SUBDIRS += plugins/eap_mschapv2
+  PLUGINS += eap-mschapv2
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
+endif
+endif
+
+if USE_EAP_RADIUS
+  SUBDIRS += plugins/eap_radius
+  PLUGINS += eap-radius
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/eap_radius/libstrongswan-eap-radius.la
+endif
+endif
+
+if USE_MEDSRV
+  SUBDIRS += plugins/medsrv
+  PLUGINS += medsrv
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/medsrv/libstrongswan-medsrv.la
+endif
+endif
+
+if USE_MEDCLI
+  SUBDIRS += plugins/medcli
+  PLUGINS += medcli
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/medcli/libstrongswan-medcli.la
+endif
+endif
+
+if USE_NM
+  SUBDIRS += plugins/nm
+  PLUGINS += nm
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/nm/libstrongswan-nm.la
+endif
+endif
+
+if USE_DHCP
+  SUBDIRS += plugins/dhcp
+  PLUGINS += dhcp
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/dhcp/libstrongswan-dhcp.la
+endif
+endif
+
+if USE_RESOLVE
+  SUBDIRS += plugins/resolve
+  PLUGINS += resolve
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/resolve/libstrongswan-resolve.la
+endif
+endif
+
+if USE_ANDROID
+  SUBDIRS += plugins/android
+  PLUGINS += android
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/android/libstrongswan-android.la
+endif
+endif
+
+if USE_HA
+  SUBDIRS += plugins/ha
+  PLUGINS += ha
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/ha/libstrongswan-ha.la
+endif
+endif
+
+if USE_UCI
+  SUBDIRS += plugins/uci
+  PLUGINS += uci
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/uci/libstrongswan-uci.la
+endif
+endif
+
+if USE_UNIT_TESTS
+  SUBDIRS += plugins/unit_tester
+  PLUGINS += unit-tester
+if MONOLITHIC
+  libcharon_la_LIBADD += plugins/unit_tester/libstrongswan-unit-tester.la
+endif
+endif
+
+AM_CFLAGS += -DPLUGINS=\""${PLUGINS}\""
+
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
new file mode 100644
index 000000000..0eb6f36f4
--- /dev/null
+++ b/src/libcharon/Makefile.in
@@ -0,0 +1,1994 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+
+# compile options
+#################
+@USE_ME_TRUE@am__append_1 = encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \
+@USE_ME_TRUE@    processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \
+@USE_ME_TRUE@    processing/jobs/mediation_job.c processing/jobs/mediation_job.h \
+@USE_ME_TRUE@    sa/connect_manager.c sa/connect_manager.h \
+@USE_ME_TRUE@    sa/mediation_manager.c sa/mediation_manager.h \
+@USE_ME_TRUE@    sa/tasks/ike_me.c sa/tasks/ike_me.h
+
+@USE_CAPABILITIES_TRUE@am__append_2 = -lcap
+@USE_LOAD_TESTER_TRUE@am__append_3 = plugins/load_tester
+@USE_LOAD_TESTER_TRUE@am__append_4 = load-tester
+@MONOLITHIC_TRUE@@USE_LOAD_TESTER_TRUE@am__append_5 = plugins/load_tester/libstrongswan-load-tester.la
+@USE_KERNEL_PFKEY_TRUE@am__append_6 = plugins/kernel_pfkey
+@USE_KERNEL_PFKEY_TRUE@am__append_7 = kernel-pfkey
+@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_8 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la
+@USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute
+@USE_KERNEL_PFROUTE_TRUE@am__append_10 = kernel-pfroute
+@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_11 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la
+@USE_KERNEL_KLIPS_TRUE@am__append_12 = plugins/kernel_klips
+@USE_KERNEL_KLIPS_TRUE@am__append_13 = kernel-klips
+@MONOLITHIC_TRUE@@USE_KERNEL_KLIPS_TRUE@am__append_14 = plugins/kernel_klips/libstrongswan-kernel-klips.la
+@USE_KERNEL_NETLINK_TRUE@am__append_15 = plugins/kernel_netlink
+@USE_KERNEL_NETLINK_TRUE@am__append_16 = kernel-netlink
+@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_17 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la
+@USE_SOCKET_DEFAULT_TRUE@am__append_18 = plugins/socket_default
+@USE_SOCKET_DEFAULT_TRUE@am__append_19 = socket-default
+@MONOLITHIC_TRUE@@USE_SOCKET_DEFAULT_TRUE@am__append_20 = plugins/socket_default/libstrongswan-socket-default.la
+@USE_SOCKET_RAW_TRUE@am__append_21 = plugins/socket_raw
+@USE_SOCKET_RAW_TRUE@am__append_22 = socket-raw
+@MONOLITHIC_TRUE@@USE_SOCKET_RAW_TRUE@am__append_23 = plugins/socket_raw/libstrongswan-socket-raw.la
+@USE_SOCKET_DYNAMIC_TRUE@am__append_24 = plugins/socket_dynamic
+@USE_SOCKET_DYNAMIC_TRUE@am__append_25 = socket-dynamic
+@MONOLITHIC_TRUE@@USE_SOCKET_DYNAMIC_TRUE@am__append_26 = plugins/socket_dynamic/libstrongswan-socket-dynamic.la
+@USE_FARP_TRUE@am__append_27 = plugins/farp
+@USE_FARP_TRUE@am__append_28 = farp
+@MONOLITHIC_TRUE@@USE_FARP_TRUE@am__append_29 = plugins/farp/libstrongswan-farp.la
+@USE_STROKE_TRUE@am__append_30 = plugins/stroke
+@USE_STROKE_TRUE@am__append_31 = stroke
+@MONOLITHIC_TRUE@@USE_STROKE_TRUE@am__append_32 = plugins/stroke/libstrongswan-stroke.la
+@USE_SMP_TRUE@am__append_33 = plugins/smp
+@USE_SMP_TRUE@am__append_34 = smp
+@MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_35 = plugins/smp/libstrongswan-smp.la
+@USE_SQL_TRUE@am__append_36 = plugins/sql
+@USE_SQL_TRUE@am__append_37 = sql
+@MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_38 = plugins/sql/libstrongswan-sql.la
+@USE_UPDOWN_TRUE@am__append_39 = plugins/updown
+@USE_UPDOWN_TRUE@am__append_40 = updown
+@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_41 = plugins/updown/libstrongswan-updown.la
+@USE_EAP_IDENTITY_TRUE@am__append_42 = plugins/eap_identity
+@USE_EAP_IDENTITY_TRUE@am__append_43 = eap-identity
+@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_44 = plugins/eap_identity/libstrongswan-eap-identity.la
+@USE_EAP_SIM_TRUE@am__append_45 = plugins/eap_sim
+@USE_EAP_SIM_TRUE@am__append_46 = eap-sim
+@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_47 = plugins/eap_sim/libstrongswan-eap-sim.la
+@USE_EAP_SIM_FILE_TRUE@am__append_48 = plugins/eap_sim_file
+@USE_EAP_SIM_FILE_TRUE@am__append_49 = eap-sim-file
+@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_50 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la
+@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_51 = plugins/eap_simaka_pseudonym
+@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_52 = eap-simaka-pseudonym
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_53 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la
+@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_54 = plugins/eap_simaka_reauth
+@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_55 = eap-simaka-reauth
+@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_56 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la
+@USE_EAP_AKA_TRUE@am__append_57 = plugins/eap_aka
+@USE_EAP_AKA_TRUE@am__append_58 = eap-aka
+@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_59 = plugins/eap_aka/libstrongswan-eap-aka.la
+@USE_EAP_AKA_3GPP2_TRUE@am__append_60 = plugins/eap_aka_3gpp2
+@USE_EAP_AKA_3GPP2_TRUE@am__append_61 = eap-aka-3gpp2
+@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_62 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_63 = $(top_builddir)/src/libsimaka/libsimaka.la
+@USE_EAP_MD5_TRUE@am__append_64 = plugins/eap_md5
+@USE_EAP_MD5_TRUE@am__append_65 = eap-md5
+@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_66 = plugins/eap_md5/libstrongswan-eap-md5.la
+@USE_EAP_GTC_TRUE@am__append_67 = plugins/eap_gtc
+@USE_EAP_GTC_TRUE@am__append_68 = eap-gtc
+@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_69 = plugins/eap_gtc/libstrongswan-eap-gtc.la
+@USE_EAP_MSCHAPV2_TRUE@am__append_70 = plugins/eap_mschapv2
+@USE_EAP_MSCHAPV2_TRUE@am__append_71 = eap-mschapv2
+@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_72 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la
+@USE_EAP_RADIUS_TRUE@am__append_73 = plugins/eap_radius
+@USE_EAP_RADIUS_TRUE@am__append_74 = eap-radius
+@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_75 = plugins/eap_radius/libstrongswan-eap-radius.la
+@USE_MEDSRV_TRUE@am__append_76 = plugins/medsrv
+@USE_MEDSRV_TRUE@am__append_77 = medsrv
+@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_78 = plugins/medsrv/libstrongswan-medsrv.la
+@USE_MEDCLI_TRUE@am__append_79 = plugins/medcli
+@USE_MEDCLI_TRUE@am__append_80 = medcli
+@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_81 = plugins/medcli/libstrongswan-medcli.la
+@USE_NM_TRUE@am__append_82 = plugins/nm
+@USE_NM_TRUE@am__append_83 = nm
+@MONOLITHIC_TRUE@@USE_NM_TRUE@am__append_84 = plugins/nm/libstrongswan-nm.la
+@USE_DHCP_TRUE@am__append_85 = plugins/dhcp
+@USE_DHCP_TRUE@am__append_86 = dhcp
+@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_87 = plugins/dhcp/libstrongswan-dhcp.la
+@USE_RESOLVE_TRUE@am__append_88 = plugins/resolve
+@USE_RESOLVE_TRUE@am__append_89 = resolve
+@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_90 = plugins/resolve/libstrongswan-resolve.la
+@USE_ANDROID_TRUE@am__append_91 = plugins/android
+@USE_ANDROID_TRUE@am__append_92 = android
+@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_93 = plugins/android/libstrongswan-android.la
+@USE_HA_TRUE@am__append_94 = plugins/ha
+@USE_HA_TRUE@am__append_95 = ha
+@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_96 = plugins/ha/libstrongswan-ha.la
+@USE_UCI_TRUE@am__append_97 = plugins/uci
+@USE_UCI_TRUE@am__append_98 = uci
+@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_99 = plugins/uci/libstrongswan-uci.la
+@USE_UNIT_TESTS_TRUE@am__append_100 = plugins/unit_tester
+@USE_UNIT_TESTS_TRUE@am__append_101 = unit-tester
+@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_102 = plugins/unit_tester/libstrongswan-unit-tester.la
+subdir = src/libcharon
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libcharon_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__append_5) $(am__append_8) \
+	$(am__append_11) $(am__append_14) $(am__append_17) \
+	$(am__append_20) $(am__append_23) $(am__append_26) \
+	$(am__append_29) $(am__append_32) $(am__append_35) \
+	$(am__append_38) $(am__append_41) $(am__append_44) \
+	$(am__append_47) $(am__append_50) $(am__append_53) \
+	$(am__append_56) $(am__append_59) $(am__append_62) \
+	$(am__append_63) $(am__append_66) $(am__append_69) \
+	$(am__append_72) $(am__append_75) $(am__append_78) \
+	$(am__append_81) $(am__append_84) $(am__append_87) \
+	$(am__append_90) $(am__append_93) $(am__append_96) \
+	$(am__append_99) $(am__append_102)
+am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \
+	bus/listeners/listener.h bus/listeners/file_logger.c \
+	bus/listeners/file_logger.h bus/listeners/sys_logger.c \
+	bus/listeners/sys_logger.h config/backend_manager.c \
+	config/backend_manager.h config/backend.h config/child_cfg.c \
+	config/child_cfg.h config/ike_cfg.c config/ike_cfg.h \
+	config/peer_cfg.c config/peer_cfg.h config/proposal.c \
+	config/proposal.h config/auth_cfg.c config/auth_cfg.h \
+	control/controller.c control/controller.h daemon.c daemon.h \
+	encoding/generator.c encoding/generator.h encoding/message.c \
+	encoding/message.h encoding/parser.c encoding/parser.h \
+	encoding/payloads/auth_payload.c \
+	encoding/payloads/auth_payload.h \
+	encoding/payloads/cert_payload.c \
+	encoding/payloads/cert_payload.h \
+	encoding/payloads/certreq_payload.c \
+	encoding/payloads/certreq_payload.h \
+	encoding/payloads/configuration_attribute.c \
+	encoding/payloads/configuration_attribute.h \
+	encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+	encoding/payloads/delete_payload.c \
+	encoding/payloads/delete_payload.h \
+	encoding/payloads/eap_payload.c \
+	encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
+	encoding/payloads/encodings.h \
+	encoding/payloads/encryption_payload.c \
+	encoding/payloads/encryption_payload.h \
+	encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+	encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+	encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+	encoding/payloads/nonce_payload.c \
+	encoding/payloads/nonce_payload.h \
+	encoding/payloads/notify_payload.c \
+	encoding/payloads/notify_payload.h encoding/payloads/payload.c \
+	encoding/payloads/payload.h \
+	encoding/payloads/proposal_substructure.c \
+	encoding/payloads/proposal_substructure.h \
+	encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+	encoding/payloads/traffic_selector_substructure.c \
+	encoding/payloads/traffic_selector_substructure.h \
+	encoding/payloads/transform_attribute.c \
+	encoding/payloads/transform_attribute.h \
+	encoding/payloads/transform_substructure.c \
+	encoding/payloads/transform_substructure.h \
+	encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+	encoding/payloads/unknown_payload.c \
+	encoding/payloads/unknown_payload.h \
+	encoding/payloads/vendor_id_payload.c \
+	encoding/payloads/vendor_id_payload.h \
+	kernel/kernel_interface.c kernel/kernel_interface.h \
+	kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+	kernel/kernel_net.h network/packet.c network/packet.h \
+	network/receiver.c network/receiver.h network/sender.c \
+	network/sender.h network/socket_manager.c \
+	network/socket_manager.h network/socket.h \
+	processing/jobs/job.h processing/jobs/acquire_job.c \
+	processing/jobs/acquire_job.h processing/jobs/callback_job.c \
+	processing/jobs/callback_job.h \
+	processing/jobs/delete_child_sa_job.c \
+	processing/jobs/delete_child_sa_job.h \
+	processing/jobs/delete_ike_sa_job.c \
+	processing/jobs/delete_ike_sa_job.h \
+	processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+	processing/jobs/process_message_job.c \
+	processing/jobs/process_message_job.h \
+	processing/jobs/rekey_child_sa_job.c \
+	processing/jobs/rekey_child_sa_job.h \
+	processing/jobs/rekey_ike_sa_job.c \
+	processing/jobs/rekey_ike_sa_job.h \
+	processing/jobs/retransmit_job.c \
+	processing/jobs/retransmit_job.h \
+	processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+	processing/jobs/send_keepalive_job.c \
+	processing/jobs/send_keepalive_job.h \
+	processing/jobs/roam_job.c processing/jobs/roam_job.h \
+	processing/jobs/update_sa_job.c \
+	processing/jobs/update_sa_job.h \
+	processing/jobs/inactivity_job.c \
+	processing/jobs/inactivity_job.h processing/scheduler.c \
+	processing/scheduler.h processing/processor.c \
+	processing/processor.h sa/authenticators/authenticator.c \
+	sa/authenticators/authenticator.h \
+	sa/authenticators/eap_authenticator.c \
+	sa/authenticators/eap_authenticator.h \
+	sa/authenticators/eap/eap_method.c \
+	sa/authenticators/eap/eap_method.h \
+	sa/authenticators/eap/eap_manager.c \
+	sa/authenticators/eap/eap_manager.h \
+	sa/authenticators/eap/sim_manager.c \
+	sa/authenticators/eap/sim_manager.h \
+	sa/authenticators/psk_authenticator.c \
+	sa/authenticators/psk_authenticator.h \
+	sa/authenticators/pubkey_authenticator.c \
+	sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
+	sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
+	sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
+	sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
+	sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
+	sa/tasks/child_create.h sa/tasks/child_delete.c \
+	sa/tasks/child_delete.h sa/tasks/child_rekey.c \
+	sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+	sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+	sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+	sa/tasks/ike_config.c sa/tasks/ike_config.h \
+	sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
+	sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
+	sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
+	sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
+	sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
+	sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
+	sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
+	sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
+	credentials/credential_manager.c \
+	credentials/credential_manager.h \
+	credentials/sets/auth_cfg_wrapper.c \
+	credentials/sets/auth_cfg_wrapper.h \
+	credentials/sets/ocsp_response_wrapper.c \
+	credentials/sets/ocsp_response_wrapper.h \
+	credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+	credentials/credential_set.h \
+	encoding/payloads/endpoint_notify.c \
+	encoding/payloads/endpoint_notify.h \
+	processing/jobs/initiate_mediation_job.c \
+	processing/jobs/initiate_mediation_job.h \
+	processing/jobs/mediation_job.c \
+	processing/jobs/mediation_job.h sa/connect_manager.c \
+	sa/connect_manager.h sa/mediation_manager.c \
+	sa/mediation_manager.h sa/tasks/ike_me.c sa/tasks/ike_me.h
+@USE_ME_TRUE@am__objects_1 = endpoint_notify.lo \
+@USE_ME_TRUE@	initiate_mediation_job.lo mediation_job.lo \
+@USE_ME_TRUE@	connect_manager.lo mediation_manager.lo ike_me.lo
+am_libcharon_la_OBJECTS = bus.lo file_logger.lo sys_logger.lo \
+	backend_manager.lo child_cfg.lo ike_cfg.lo peer_cfg.lo \
+	proposal.lo auth_cfg.lo controller.lo daemon.lo generator.lo \
+	message.lo parser.lo auth_payload.lo cert_payload.lo \
+	certreq_payload.lo configuration_attribute.lo cp_payload.lo \
+	delete_payload.lo eap_payload.lo encodings.lo \
+	encryption_payload.lo id_payload.lo ike_header.lo \
+	ke_payload.lo nonce_payload.lo notify_payload.lo payload.lo \
+	proposal_substructure.lo sa_payload.lo \
+	traffic_selector_substructure.lo transform_attribute.lo \
+	transform_substructure.lo ts_payload.lo unknown_payload.lo \
+	vendor_id_payload.lo kernel_interface.lo kernel_ipsec.lo \
+	packet.lo receiver.lo sender.lo socket_manager.lo \
+	acquire_job.lo callback_job.lo delete_child_sa_job.lo \
+	delete_ike_sa_job.lo migrate_job.lo process_message_job.lo \
+	rekey_child_sa_job.lo rekey_ike_sa_job.lo retransmit_job.lo \
+	send_dpd_job.lo send_keepalive_job.lo roam_job.lo \
+	update_sa_job.lo inactivity_job.lo scheduler.lo processor.lo \
+	authenticator.lo eap_authenticator.lo eap_method.lo \
+	eap_manager.lo sim_manager.lo psk_authenticator.lo \
+	pubkey_authenticator.lo child_sa.lo ike_sa.lo ike_sa_id.lo \
+	ike_sa_manager.lo task_manager.lo keymat.lo trap_manager.lo \
+	child_create.lo child_delete.lo child_rekey.lo ike_auth.lo \
+	ike_cert_pre.lo ike_cert_post.lo ike_config.lo ike_delete.lo \
+	ike_dpd.lo ike_init.lo ike_natd.lo ike_mobike.lo ike_rekey.lo \
+	ike_reauth.lo ike_auth_lifetime.lo ike_vendor.lo task.lo \
+	credential_manager.lo auth_cfg_wrapper.lo \
+	ocsp_response_wrapper.lo cert_cache.lo $(am__objects_1)
+libcharon_la_OBJECTS = $(am_libcharon_la_OBJECTS)
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libcharon_la_SOURCES)
+DIST_SOURCES = $(am__libcharon_la_SOURCES_DIST)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \
+	plugins/kernel_pfroute plugins/kernel_klips \
+	plugins/kernel_netlink plugins/socket_default \
+	plugins/socket_raw plugins/socket_dynamic plugins/farp \
+	plugins/stroke plugins/smp plugins/sql plugins/updown \
+	plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \
+	plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \
+	plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \
+	plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_radius \
+	plugins/medsrv plugins/medcli plugins/nm plugins/dhcp \
+	plugins/resolve plugins/android plugins/ha plugins/uci \
+	plugins/unit_tester
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+lib_LTLIBRARIES = libcharon.la
+libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \
+	bus/listeners/file_logger.c bus/listeners/file_logger.h \
+	bus/listeners/sys_logger.c bus/listeners/sys_logger.h \
+	config/backend_manager.c config/backend_manager.h \
+	config/backend.h config/child_cfg.c config/child_cfg.h \
+	config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \
+	config/peer_cfg.h config/proposal.c config/proposal.h \
+	config/auth_cfg.c config/auth_cfg.h control/controller.c \
+	control/controller.h daemon.c daemon.h encoding/generator.c \
+	encoding/generator.h encoding/message.c encoding/message.h \
+	encoding/parser.c encoding/parser.h \
+	encoding/payloads/auth_payload.c \
+	encoding/payloads/auth_payload.h \
+	encoding/payloads/cert_payload.c \
+	encoding/payloads/cert_payload.h \
+	encoding/payloads/certreq_payload.c \
+	encoding/payloads/certreq_payload.h \
+	encoding/payloads/configuration_attribute.c \
+	encoding/payloads/configuration_attribute.h \
+	encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \
+	encoding/payloads/delete_payload.c \
+	encoding/payloads/delete_payload.h \
+	encoding/payloads/eap_payload.c \
+	encoding/payloads/eap_payload.h encoding/payloads/encodings.c \
+	encoding/payloads/encodings.h \
+	encoding/payloads/encryption_payload.c \
+	encoding/payloads/encryption_payload.h \
+	encoding/payloads/id_payload.c encoding/payloads/id_payload.h \
+	encoding/payloads/ike_header.c encoding/payloads/ike_header.h \
+	encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \
+	encoding/payloads/nonce_payload.c \
+	encoding/payloads/nonce_payload.h \
+	encoding/payloads/notify_payload.c \
+	encoding/payloads/notify_payload.h encoding/payloads/payload.c \
+	encoding/payloads/payload.h \
+	encoding/payloads/proposal_substructure.c \
+	encoding/payloads/proposal_substructure.h \
+	encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \
+	encoding/payloads/traffic_selector_substructure.c \
+	encoding/payloads/traffic_selector_substructure.h \
+	encoding/payloads/transform_attribute.c \
+	encoding/payloads/transform_attribute.h \
+	encoding/payloads/transform_substructure.c \
+	encoding/payloads/transform_substructure.h \
+	encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \
+	encoding/payloads/unknown_payload.c \
+	encoding/payloads/unknown_payload.h \
+	encoding/payloads/vendor_id_payload.c \
+	encoding/payloads/vendor_id_payload.h \
+	kernel/kernel_interface.c kernel/kernel_interface.h \
+	kernel/kernel_ipsec.c kernel/kernel_ipsec.h \
+	kernel/kernel_net.h network/packet.c network/packet.h \
+	network/receiver.c network/receiver.h network/sender.c \
+	network/sender.h network/socket_manager.c \
+	network/socket_manager.h network/socket.h \
+	processing/jobs/job.h processing/jobs/acquire_job.c \
+	processing/jobs/acquire_job.h processing/jobs/callback_job.c \
+	processing/jobs/callback_job.h \
+	processing/jobs/delete_child_sa_job.c \
+	processing/jobs/delete_child_sa_job.h \
+	processing/jobs/delete_ike_sa_job.c \
+	processing/jobs/delete_ike_sa_job.h \
+	processing/jobs/migrate_job.c processing/jobs/migrate_job.h \
+	processing/jobs/process_message_job.c \
+	processing/jobs/process_message_job.h \
+	processing/jobs/rekey_child_sa_job.c \
+	processing/jobs/rekey_child_sa_job.h \
+	processing/jobs/rekey_ike_sa_job.c \
+	processing/jobs/rekey_ike_sa_job.h \
+	processing/jobs/retransmit_job.c \
+	processing/jobs/retransmit_job.h \
+	processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \
+	processing/jobs/send_keepalive_job.c \
+	processing/jobs/send_keepalive_job.h \
+	processing/jobs/roam_job.c processing/jobs/roam_job.h \
+	processing/jobs/update_sa_job.c \
+	processing/jobs/update_sa_job.h \
+	processing/jobs/inactivity_job.c \
+	processing/jobs/inactivity_job.h processing/scheduler.c \
+	processing/scheduler.h processing/processor.c \
+	processing/processor.h sa/authenticators/authenticator.c \
+	sa/authenticators/authenticator.h \
+	sa/authenticators/eap_authenticator.c \
+	sa/authenticators/eap_authenticator.h \
+	sa/authenticators/eap/eap_method.c \
+	sa/authenticators/eap/eap_method.h \
+	sa/authenticators/eap/eap_manager.c \
+	sa/authenticators/eap/eap_manager.h \
+	sa/authenticators/eap/sim_manager.c \
+	sa/authenticators/eap/sim_manager.h \
+	sa/authenticators/psk_authenticator.c \
+	sa/authenticators/psk_authenticator.h \
+	sa/authenticators/pubkey_authenticator.c \
+	sa/authenticators/pubkey_authenticator.h sa/child_sa.c \
+	sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \
+	sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
+	sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \
+	sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \
+	sa/tasks/child_create.h sa/tasks/child_delete.c \
+	sa/tasks/child_delete.h sa/tasks/child_rekey.c \
+	sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \
+	sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \
+	sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \
+	sa/tasks/ike_config.c sa/tasks/ike_config.h \
+	sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \
+	sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \
+	sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \
+	sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \
+	sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \
+	sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \
+	sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \
+	sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \
+	credentials/credential_manager.c \
+	credentials/credential_manager.h \
+	credentials/sets/auth_cfg_wrapper.c \
+	credentials/sets/auth_cfg_wrapper.h \
+	credentials/sets/ocsp_response_wrapper.c \
+	credentials/sets/ocsp_response_wrapper.h \
+	credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+	credentials/credential_set.h $(am__append_1)
+INCLUDES = \
+	-I${linux_headers} \
+	-I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \
+	-DPLUGINS=\""${PLUGINS}\""
+libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) \
+	$(am__append_2) $(am__append_5) $(am__append_8) \
+	$(am__append_11) $(am__append_14) $(am__append_17) \
+	$(am__append_20) $(am__append_23) $(am__append_26) \
+	$(am__append_29) $(am__append_32) $(am__append_35) \
+	$(am__append_38) $(am__append_41) $(am__append_44) \
+	$(am__append_47) $(am__append_50) $(am__append_53) \
+	$(am__append_56) $(am__append_59) $(am__append_62) \
+	$(am__append_63) $(am__append_66) $(am__append_69) \
+	$(am__append_72) $(am__append_75) $(am__append_78) \
+	$(am__append_81) $(am__append_84) $(am__append_87) \
+	$(am__append_90) $(am__append_93) $(am__append_96) \
+	$(am__append_99) $(am__append_102)
+EXTRA_DIST = Android.mk
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3) $(am__append_6) \
+@MONOLITHIC_FALSE@	$(am__append_9) $(am__append_12) \
+@MONOLITHIC_FALSE@	$(am__append_15) $(am__append_18) \
+@MONOLITHIC_FALSE@	$(am__append_21) $(am__append_24) \
+@MONOLITHIC_FALSE@	$(am__append_27) $(am__append_30) \
+@MONOLITHIC_FALSE@	$(am__append_33) $(am__append_36) \
+@MONOLITHIC_FALSE@	$(am__append_39) $(am__append_42) \
+@MONOLITHIC_FALSE@	$(am__append_45) $(am__append_48) \
+@MONOLITHIC_FALSE@	$(am__append_51) $(am__append_54) \
+@MONOLITHIC_FALSE@	$(am__append_57) $(am__append_60) \
+@MONOLITHIC_FALSE@	$(am__append_64) $(am__append_67) \
+@MONOLITHIC_FALSE@	$(am__append_70) $(am__append_73) \
+@MONOLITHIC_FALSE@	$(am__append_76) $(am__append_79) \
+@MONOLITHIC_FALSE@	$(am__append_82) $(am__append_85) \
+@MONOLITHIC_FALSE@	$(am__append_88) $(am__append_91) \
+@MONOLITHIC_FALSE@	$(am__append_94) $(am__append_97) \
+@MONOLITHIC_FALSE@	$(am__append_100)
+
+# build optional plugins
+########################
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_3) $(am__append_6) \
+@MONOLITHIC_TRUE@	$(am__append_9) $(am__append_12) \
+@MONOLITHIC_TRUE@	$(am__append_15) $(am__append_18) \
+@MONOLITHIC_TRUE@	$(am__append_21) $(am__append_24) \
+@MONOLITHIC_TRUE@	$(am__append_27) $(am__append_30) \
+@MONOLITHIC_TRUE@	$(am__append_33) $(am__append_36) \
+@MONOLITHIC_TRUE@	$(am__append_39) $(am__append_42) \
+@MONOLITHIC_TRUE@	$(am__append_45) $(am__append_48) \
+@MONOLITHIC_TRUE@	$(am__append_51) $(am__append_54) \
+@MONOLITHIC_TRUE@	$(am__append_57) $(am__append_60) \
+@MONOLITHIC_TRUE@	$(am__append_64) $(am__append_67) \
+@MONOLITHIC_TRUE@	$(am__append_70) $(am__append_73) \
+@MONOLITHIC_TRUE@	$(am__append_76) $(am__append_79) \
+@MONOLITHIC_TRUE@	$(am__append_82) $(am__append_85) \
+@MONOLITHIC_TRUE@	$(am__append_88) $(am__append_91) \
+@MONOLITHIC_TRUE@	$(am__append_94) $(am__append_97) \
+@MONOLITHIC_TRUE@	$(am__append_100)
+PLUGINS = ${libstrongswan_plugins} ${libhydra_plugins} $(am__append_4) \
+	$(am__append_7) $(am__append_10) $(am__append_13) \
+	$(am__append_16) $(am__append_19) $(am__append_22) \
+	$(am__append_25) $(am__append_28) $(am__append_31) \
+	$(am__append_34) $(am__append_37) $(am__append_40) \
+	$(am__append_43) $(am__append_46) $(am__append_49) \
+	$(am__append_52) $(am__append_55) $(am__append_58) \
+	$(am__append_61) $(am__append_65) $(am__append_68) \
+	$(am__append_71) $(am__append_74) $(am__append_77) \
+	$(am__append_80) $(am__append_83) $(am__append_86) \
+	$(am__append_89) $(am__append_92) $(am__append_95) \
+	$(am__append_98) $(am__append_101)
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+	}
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+	done
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libcharon.la: $(libcharon_la_OBJECTS) $(libcharon_la_DEPENDENCIES) 
+	$(LINK) -rpath $(libdir) $(libcharon_la_OBJECTS) $(libcharon_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backend_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bus.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_cache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreq_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_create.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_delete.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_rekey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_sa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration_attribute.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connect_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/controller.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cp_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/credential_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_child_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_ike_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_method.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encodings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encryption_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/endpoint_notify.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file_logger.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth_lifetime.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_post.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_pre.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_config.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_delete.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_dpd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_header.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_init.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_me.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_mobike.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_natd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_reauth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_rekey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_ipsec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keymat.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/migrate_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonce_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/peer_cfg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_message_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_substructure.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk_authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_authenticator.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/receiver.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_child_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_ike_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/retransmit_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/roam_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_dpd_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_keepalive_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trap_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unknown_payload.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/update_sa_job.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor_id_payload.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+bus.lo: bus/bus.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.lo -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.lo `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/bus.c' object='bus.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.lo `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c
+
+file_logger.lo: bus/listeners/file_logger.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.lo -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.lo `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/listeners/file_logger.c' object='file_logger.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.lo `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c
+
+sys_logger.lo: bus/listeners/sys_logger.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.lo -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.lo `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='bus/listeners/sys_logger.c' object='sys_logger.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.lo `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c
+
+backend_manager.lo: config/backend_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.lo -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.lo `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/backend_manager.c' object='backend_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.lo `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c
+
+child_cfg.lo: config/child_cfg.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.lo -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.lo `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/child_cfg.c' object='child_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.lo `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c
+
+ike_cfg.lo: config/ike_cfg.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.lo -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.lo `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/ike_cfg.c' object='ike_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.lo `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c
+
+peer_cfg.lo: config/peer_cfg.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.lo -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.lo `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/peer_cfg.c' object='peer_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.lo `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c
+
+proposal.lo: config/proposal.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.lo -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.lo `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/proposal.c' object='proposal.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.lo `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c
+
+auth_cfg.lo: config/auth_cfg.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.lo -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.lo `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='config/auth_cfg.c' object='auth_cfg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.lo `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c
+
+controller.lo: control/controller.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.lo -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.lo `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='control/controller.c' object='controller.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.lo `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c
+
+generator.lo: encoding/generator.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.lo -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.lo `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/generator.c' object='generator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.lo `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c
+
+message.lo: encoding/message.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.lo -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.lo `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/message.c' object='message.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.lo `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c
+
+parser.lo: encoding/parser.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.lo -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.lo `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/parser.c' object='parser.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.lo `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c
+
+auth_payload.lo: encoding/payloads/auth_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.lo -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.lo `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/auth_payload.c' object='auth_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.lo `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c
+
+cert_payload.lo: encoding/payloads/cert_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.lo -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.lo `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/cert_payload.c' object='cert_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.lo `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c
+
+certreq_payload.lo: encoding/payloads/certreq_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.lo -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.lo `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/certreq_payload.c' object='certreq_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.lo `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c
+
+configuration_attribute.lo: encoding/payloads/configuration_attribute.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.lo -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.lo `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.lo `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c
+
+cp_payload.lo: encoding/payloads/cp_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.lo -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.lo `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/cp_payload.c' object='cp_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.lo `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c
+
+delete_payload.lo: encoding/payloads/delete_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.lo -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.lo `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/delete_payload.c' object='delete_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.lo `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c
+
+eap_payload.lo: encoding/payloads/eap_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.lo -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.lo `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/eap_payload.c' object='eap_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.lo `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c
+
+encodings.lo: encoding/payloads/encodings.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.lo -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.lo `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/encodings.c' object='encodings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.lo `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c
+
+encryption_payload.lo: encoding/payloads/encryption_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.lo -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.lo `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/encryption_payload.c' object='encryption_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.lo `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c
+
+id_payload.lo: encoding/payloads/id_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.lo -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.lo `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/id_payload.c' object='id_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.lo `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c
+
+ike_header.lo: encoding/payloads/ike_header.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.lo -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.lo `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ike_header.c' object='ike_header.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.lo `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c
+
+ke_payload.lo: encoding/payloads/ke_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.lo -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.lo `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ke_payload.c' object='ke_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.lo `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c
+
+nonce_payload.lo: encoding/payloads/nonce_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.lo -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.lo `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/nonce_payload.c' object='nonce_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.lo `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c
+
+notify_payload.lo: encoding/payloads/notify_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.lo -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.lo `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/notify_payload.c' object='notify_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.lo `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c
+
+payload.lo: encoding/payloads/payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.lo -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.lo `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/payload.c' object='payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.lo `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c
+
+proposal_substructure.lo: encoding/payloads/proposal_substructure.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.lo -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.lo `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.lo `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c
+
+sa_payload.lo: encoding/payloads/sa_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.lo -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.lo `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/sa_payload.c' object='sa_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.lo `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c
+
+traffic_selector_substructure.lo: encoding/payloads/traffic_selector_substructure.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.lo -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.lo `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.lo `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c
+
+transform_attribute.lo: encoding/payloads/transform_attribute.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.lo -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.lo `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/transform_attribute.c' object='transform_attribute.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.lo `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c
+
+transform_substructure.lo: encoding/payloads/transform_substructure.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.lo -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.lo `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/transform_substructure.c' object='transform_substructure.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.lo `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c
+
+ts_payload.lo: encoding/payloads/ts_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.lo -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.lo `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/ts_payload.c' object='ts_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.lo `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c
+
+unknown_payload.lo: encoding/payloads/unknown_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.lo -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.lo `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/unknown_payload.c' object='unknown_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.lo `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c
+
+vendor_id_payload.lo: encoding/payloads/vendor_id_payload.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.lo -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.lo `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.lo `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c
+
+kernel_interface.lo: kernel/kernel_interface.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.lo -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.lo `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='kernel/kernel_interface.c' object='kernel_interface.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.lo `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c
+
+kernel_ipsec.lo: kernel/kernel_ipsec.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.lo -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.lo `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='kernel/kernel_ipsec.c' object='kernel_ipsec.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.lo `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c
+
+packet.lo: network/packet.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.lo -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.lo `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/packet.c' object='packet.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.lo `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c
+
+receiver.lo: network/receiver.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.lo -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.lo `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/receiver.c' object='receiver.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.lo `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c
+
+sender.lo: network/sender.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.lo -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.lo `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/sender.c' object='sender.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.lo `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c
+
+socket_manager.lo: network/socket_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket_manager.lo -MD -MP -MF $(DEPDIR)/socket_manager.Tpo -c -o socket_manager.lo `test -f 'network/socket_manager.c' || echo '$(srcdir)/'`network/socket_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/socket_manager.Tpo $(DEPDIR)/socket_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='network/socket_manager.c' object='socket_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket_manager.lo `test -f 'network/socket_manager.c' || echo '$(srcdir)/'`network/socket_manager.c
+
+acquire_job.lo: processing/jobs/acquire_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.lo -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.lo `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/acquire_job.c' object='acquire_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.lo `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c
+
+callback_job.lo: processing/jobs/callback_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.lo -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/callback_job.c' object='callback_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
+
+delete_child_sa_job.lo: processing/jobs/delete_child_sa_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.lo -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.lo `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.lo `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c
+
+delete_ike_sa_job.lo: processing/jobs/delete_ike_sa_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.lo -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.lo `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.lo `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c
+
+migrate_job.lo: processing/jobs/migrate_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.lo -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.lo `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/migrate_job.c' object='migrate_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.lo `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c
+
+process_message_job.lo: processing/jobs/process_message_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.lo -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.lo `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/process_message_job.c' object='process_message_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.lo `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c
+
+rekey_child_sa_job.lo: processing/jobs/rekey_child_sa_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.lo -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.lo `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.lo `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c
+
+rekey_ike_sa_job.lo: processing/jobs/rekey_ike_sa_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.lo -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.lo `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.lo `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c
+
+retransmit_job.lo: processing/jobs/retransmit_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.lo -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.lo `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/retransmit_job.c' object='retransmit_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.lo `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c
+
+send_dpd_job.lo: processing/jobs/send_dpd_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.lo -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.lo `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/send_dpd_job.c' object='send_dpd_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.lo `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c
+
+send_keepalive_job.lo: processing/jobs/send_keepalive_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.lo -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c
+
+roam_job.lo: processing/jobs/roam_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.lo -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/roam_job.c' object='roam_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c
+
+update_sa_job.lo: processing/jobs/update_sa_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.lo -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.lo `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/update_sa_job.c' object='update_sa_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.lo `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c
+
+inactivity_job.lo: processing/jobs/inactivity_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.lo -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.lo `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/inactivity_job.c' object='inactivity_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.lo `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c
+
+scheduler.lo: processing/scheduler.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.lo -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/scheduler.c' object='scheduler.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
+
+processor.lo: processing/processor.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.lo -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/processor.c' object='processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
+
+authenticator.lo: sa/authenticators/authenticator.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.lo -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.lo `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/authenticator.c' object='authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.lo `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c
+
+eap_authenticator.lo: sa/authenticators/eap_authenticator.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.lo -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.lo `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.lo `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c
+
+eap_method.lo: sa/authenticators/eap/eap_method.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.lo -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.lo `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/eap_method.c' object='eap_method.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.lo `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c
+
+eap_manager.lo: sa/authenticators/eap/eap_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.lo -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.lo `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/eap_manager.c' object='eap_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.lo `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c
+
+sim_manager.lo: sa/authenticators/eap/sim_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.lo -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.lo `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/eap/sim_manager.c' object='sim_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.lo `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c
+
+psk_authenticator.lo: sa/authenticators/psk_authenticator.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.lo -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.lo `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.lo `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c
+
+pubkey_authenticator.lo: sa/authenticators/pubkey_authenticator.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.lo -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.lo `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.lo `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c
+
+child_sa.lo: sa/child_sa.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.lo -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.lo `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/child_sa.c' object='child_sa.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.lo `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c
+
+ike_sa.lo: sa/ike_sa.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.lo -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.lo `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa.c' object='ike_sa.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.lo `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c
+
+ike_sa_id.lo: sa/ike_sa_id.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.lo -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.lo `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa_id.c' object='ike_sa_id.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.lo `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c
+
+ike_sa_manager.lo: sa/ike_sa_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.lo -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.lo `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/ike_sa_manager.c' object='ike_sa_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.lo `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c
+
+task_manager.lo: sa/task_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.lo -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.lo `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/task_manager.c' object='task_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.lo `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c
+
+keymat.lo: sa/keymat.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.lo -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.lo `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/keymat.c' object='keymat.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.lo `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c
+
+trap_manager.lo: sa/trap_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.lo -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.lo `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/trap_manager.c' object='trap_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.lo `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c
+
+child_create.lo: sa/tasks/child_create.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.lo -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.lo `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_create.c' object='child_create.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.lo `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c
+
+child_delete.lo: sa/tasks/child_delete.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.lo -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.lo `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_delete.c' object='child_delete.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.lo `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c
+
+child_rekey.lo: sa/tasks/child_rekey.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.lo -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.lo `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/child_rekey.c' object='child_rekey.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.lo `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c
+
+ike_auth.lo: sa/tasks/ike_auth.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.lo -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.lo `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_auth.c' object='ike_auth.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.lo `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c
+
+ike_cert_pre.lo: sa/tasks/ike_cert_pre.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.lo -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.lo `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.lo `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c
+
+ike_cert_post.lo: sa/tasks/ike_cert_post.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.lo -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.lo `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_cert_post.c' object='ike_cert_post.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.lo `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c
+
+ike_config.lo: sa/tasks/ike_config.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.lo -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.lo `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_config.c' object='ike_config.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.lo `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c
+
+ike_delete.lo: sa/tasks/ike_delete.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.lo -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.lo `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_delete.c' object='ike_delete.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.lo `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c
+
+ike_dpd.lo: sa/tasks/ike_dpd.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.lo -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.lo `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_dpd.c' object='ike_dpd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.lo `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c
+
+ike_init.lo: sa/tasks/ike_init.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.lo -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.lo `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_init.c' object='ike_init.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.lo `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c
+
+ike_natd.lo: sa/tasks/ike_natd.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.lo -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.lo `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_natd.c' object='ike_natd.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.lo `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c
+
+ike_mobike.lo: sa/tasks/ike_mobike.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.lo -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.lo `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_mobike.c' object='ike_mobike.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.lo `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c
+
+ike_rekey.lo: sa/tasks/ike_rekey.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.lo -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.lo `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_rekey.c' object='ike_rekey.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.lo `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c
+
+ike_reauth.lo: sa/tasks/ike_reauth.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.lo -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.lo `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_reauth.c' object='ike_reauth.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.lo `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c
+
+ike_auth_lifetime.lo: sa/tasks/ike_auth_lifetime.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.lo -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.lo `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.lo `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c
+
+ike_vendor.lo: sa/tasks/ike_vendor.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.lo -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.lo `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_vendor.c' object='ike_vendor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.lo `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c
+
+task.lo: sa/tasks/task.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.lo -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/task.c' object='task.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c
+
+credential_manager.lo: credentials/credential_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.lo -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.lo `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/credential_manager.c' object='credential_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.lo `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c
+
+auth_cfg_wrapper.lo: credentials/sets/auth_cfg_wrapper.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.lo -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.lo `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.lo `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c
+
+ocsp_response_wrapper.lo: credentials/sets/ocsp_response_wrapper.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.lo -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.lo `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.lo `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c
+
+cert_cache.lo: credentials/sets/cert_cache.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.lo -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.lo `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='credentials/sets/cert_cache.c' object='cert_cache.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.lo `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
+
+endpoint_notify.lo: encoding/payloads/endpoint_notify.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.lo -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c
+
+initiate_mediation_job.lo: processing/jobs/initiate_mediation_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.lo -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.lo `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.lo `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c
+
+mediation_job.lo: processing/jobs/mediation_job.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.lo -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.lo `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='processing/jobs/mediation_job.c' object='mediation_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.lo `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c
+
+connect_manager.lo: sa/connect_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.lo -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.lo `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/connect_manager.c' object='connect_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.lo `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c
+
+mediation_manager.lo: sa/mediation_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.lo -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.lo `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/mediation_manager.c' object='mediation_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.lo `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c
+
+ike_me.lo: sa/tasks/ike_me.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.lo -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.lo `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='sa/tasks/ike_me.c' object='ike_me.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.lo `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES)
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(libdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+	install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am check check-am clean clean-generic \
+	clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-libLTLIBRARIES install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs installdirs-am \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
+	uninstall-libLTLIBRARIES
+
+
+daemon.lo :		$(top_builddir)/config.status
+
+@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@  # otherwise this library is linked to both the eap_aka and the eap_sim plugin
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/charon/bus/bus.c b/src/libcharon/bus/bus.c
index 524a77682..764744a41 100644
--- a/src/charon/bus/bus.c
+++ b/src/libcharon/bus/bus.c
@@ -23,32 +23,6 @@
 #include <threading/condvar.h>
 #include <threading/mutex.h>
 
-ENUM(debug_names, DBG_DMN, DBG_LIB,
-	"DMN",
-	"MGR",
-	"IKE",
-	"CHD",
-	"JOB",
-	"CFG",
-	"KNL",
-	"NET",
-	"ENC",
-	"LIB",
-);
-
-ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
-	"dmn",
-	"mgr",
-	"ike",
-	"chd",
-	"job",
-	"cfg",
-	"knl",
-	"net",
-	"enc",
-	"lib",
-);
-
 typedef struct private_bus_t private_bus_t;
 
 /**
diff --git a/src/charon/bus/bus.h b/src/libcharon/bus/bus.h
index af59a14a1..8cf392eae 100644
--- a/src/charon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -15,81 +15,29 @@
 
 /**
  * @defgroup bus bus
- * @{ @ingroup charon
+ * @{ @ingroup libcharon
  */
 
 #ifndef BUS_H_
 #define BUS_H_
 
-typedef enum debug_t debug_t;
-typedef enum level_t level_t;
 typedef enum alert_t alert_t;
 typedef struct bus_t bus_t;
 
 #include <stdarg.h>
 
+#include <debug.h>
 #include <sa/ike_sa.h>
 #include <sa/child_sa.h>
 #include <processing/jobs/job.h>
 #include <bus/listeners/listener.h>
 
-/**
- * Debug message group.
- */
-enum debug_t {
-	/** daemon main loop */
-	DBG_DMN,
-	/** IKE_SA_MANAGER */
-	DBG_MGR,
-	/** IKE_SA */
-	DBG_IKE,
-	/** CHILD_SA */
-	DBG_CHD,
-	/** job processing */
-	DBG_JOB,
-	/** configuration backends */
-	DBG_CFG,
-	/** kernel interface */
-	DBG_KNL,
-	/** networking/sockets */
-	DBG_NET,
-	/** message encoding/decoding */
-	DBG_ENC,
-	/** libstrongswan via logging hook */
-	DBG_LIB,
-	/** number of groups */
-	DBG_MAX,
-	/** pseudo group with all groups */
-	DBG_ANY = DBG_MAX,
-};
-
-/**
- * short names of debug message group.
- */
-extern enum_name_t *debug_names;
-
-/**
- * short names of debug message group, lower case.
- */
-extern enum_name_t *debug_lower_names;
-
-/**
- * Debug levels used to control output verbosity.
- */
-enum level_t {
-	/** absolutely silent */
-	LEVEL_SILENT = 	-1,
-	/** most important auditing logs */
-	LEVEL_AUDIT = 	 0,
-	/** control flow */
-	LEVEL_CTRL = 	 1,
-	/** diagnose problems */
-	LEVEL_DIAG = 	 2,
-	/** raw binary blobs */
-	LEVEL_RAW = 	 3,
-	/** including sensitive data (private keys) */
-	LEVEL_PRIVATE =  4,
-};
+/* undefine the definitions from libstrongswan */
+#undef DBG0
+#undef DBG1
+#undef DBG2
+#undef DBG3
+#undef DBG4
 
 #ifndef DEBUG_LEVEL
 # define DEBUG_LEVEL 4
diff --git a/src/charon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c
index 12587deaf..12587deaf 100644
--- a/src/charon/bus/listeners/file_logger.c
+++ b/src/libcharon/bus/listeners/file_logger.c
diff --git a/src/charon/bus/listeners/file_logger.h b/src/libcharon/bus/listeners/file_logger.h
index bd443fdb8..bd443fdb8 100644
--- a/src/charon/bus/listeners/file_logger.h
+++ b/src/libcharon/bus/listeners/file_logger.h
diff --git a/src/charon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index 67e36beeb..9a51a2ef4 100644
--- a/src/charon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -44,7 +44,7 @@ struct listener_t {
 	 * @param ike_sa	IKE_SA associated to the event
 	 * @param format	printf() style format string
 	 * @param args		vprintf() style va_list argument list
-	 " @return			TRUE to stay registered, FALSE to unregister
+	 * @return			TRUE to stay registered, FALSE to unregister
 	 */
 	bool (*log)(listener_t *this, debug_t group, level_t level, int thread,
 				ike_sa_t *ike_sa, char* format, va_list args);
@@ -55,7 +55,7 @@ struct listener_t {
 	 * @param ike_sa	IKE_SA associated to the alert, if any
 	 * @param alert		kind of alert
 	 * @param ...		alert specific argument list
-	 " @return			TRUE to stay registered, FALSE to unregister
+	 * @return			TRUE to stay registered, FALSE to unregister
 	 */
 	bool (*alert)(listener_t *this, ike_sa_t *ike_sa,
 				  alert_t alert, va_list args);
diff --git a/src/charon/bus/listeners/sys_logger.c b/src/libcharon/bus/listeners/sys_logger.c
index 11421ad05..11421ad05 100644
--- a/src/charon/bus/listeners/sys_logger.c
+++ b/src/libcharon/bus/listeners/sys_logger.c
diff --git a/src/charon/bus/listeners/sys_logger.h b/src/libcharon/bus/listeners/sys_logger.h
index 730890d68..730890d68 100644
--- a/src/charon/bus/listeners/sys_logger.h
+++ b/src/libcharon/bus/listeners/sys_logger.h
diff --git a/src/charon/config/auth_cfg.c b/src/libcharon/config/auth_cfg.c
index 94362c756..94362c756 100644
--- a/src/charon/config/auth_cfg.c
+++ b/src/libcharon/config/auth_cfg.c
diff --git a/src/charon/config/auth_cfg.h b/src/libcharon/config/auth_cfg.h
index 5e6215a4a..5e6215a4a 100644
--- a/src/charon/config/auth_cfg.h
+++ b/src/libcharon/config/auth_cfg.h
diff --git a/src/charon/config/backend.h b/src/libcharon/config/backend.h
index 458abc37f..458abc37f 100644
--- a/src/charon/config/backend.h
+++ b/src/libcharon/config/backend.h
diff --git a/src/charon/config/backend_manager.c b/src/libcharon/config/backend_manager.c
index 90ef58563..90ef58563 100644
--- a/src/charon/config/backend_manager.c
+++ b/src/libcharon/config/backend_manager.c
diff --git a/src/charon/config/backend_manager.h b/src/libcharon/config/backend_manager.h
index 5b394f791..5b394f791 100644
--- a/src/charon/config/backend_manager.h
+++ b/src/libcharon/config/backend_manager.h
diff --git a/src/charon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index 8410b3fe5..8410b3fe5 100644
--- a/src/charon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
diff --git a/src/charon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index c6186ea36..c6186ea36 100644
--- a/src/charon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
diff --git a/src/charon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index 2e748f511..89dcd8022 100644
--- a/src/charon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -49,6 +49,16 @@ struct private_ike_cfg_t {
 	char *other;
 
 	/**
+	 * our source port
+	 */
+	u_int16_t my_port;
+
+	/**
+	 * destination port
+	 */
+	u_int16_t other_port;
+
+	/**
 	 * should we send a certificate request?
 	 */
 	bool certreq;
@@ -64,71 +74,69 @@ struct private_ike_cfg_t {
 	linked_list_t *proposals;
 };
 
-/**
- * Implementation of ike_cfg_t.certreq.
- */
-static bool send_certreq(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, send_certreq, bool,
+	private_ike_cfg_t *this)
 {
 	return this->certreq;
 }
 
-/**
- * Implementation of ike_cfg_t.force_encap.
- */
-static bool force_encap_meth(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, force_encap_, bool,
+	private_ike_cfg_t *this)
 {
 	return this->force_encap;
 }
 
-/**
- * Implementation of ike_cfg_t.get_my_addr.
- */
-static char *get_my_addr(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_my_addr, char*,
+	private_ike_cfg_t *this)
 {
 	return this->me;
 }
 
-/**
- * Implementation of ike_cfg_t.get_other_addr.
- */
-static char *get_other_addr(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_other_addr, char*,
+	private_ike_cfg_t *this)
 {
 	return this->other;
 }
 
-/**
- * Implementation of ike_cfg_t.add_proposal.
- */
-static void add_proposal(private_ike_cfg_t *this, proposal_t *proposal)
+METHOD(ike_cfg_t, get_my_port, u_int16_t,
+	private_ike_cfg_t *this)
+{
+	return this->my_port;
+}
+
+METHOD(ike_cfg_t, get_other_port, u_int16_t,
+	private_ike_cfg_t *this)
+{
+	return this->other_port;
+}
+
+METHOD(ike_cfg_t, add_proposal, void,
+	private_ike_cfg_t *this, proposal_t *proposal)
 {
 	this->proposals->insert_last(this->proposals, proposal);
 }
 
-/**
- * Implementation of ike_cfg_t.get_proposals.
- */
-static linked_list_t* get_proposals(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_proposals, linked_list_t*,
+	private_ike_cfg_t *this)
 {
-	iterator_t *iterator;
+	enumerator_t *enumerator;
 	proposal_t *current;
-	linked_list_t *proposals = linked_list_create();
+	linked_list_t *proposals;
 
-	iterator = this->proposals->create_iterator(this->proposals, TRUE);
-	while (iterator->iterate(iterator, (void**)&current))
+	proposals = linked_list_create();
+	enumerator = this->proposals->create_enumerator(this->proposals);
+	while (enumerator->enumerate(enumerator, &current))
 	{
 		current = current->clone(current);
-		proposals->insert_last(proposals, (void*)current);
+		proposals->insert_last(proposals, current);
 	}
-	iterator->destroy(iterator);
+	enumerator->destroy(enumerator);
 
 	return proposals;
 }
 
-/**
- * Implementation of ike_cfg_t.select_proposal.
- */
-static proposal_t *select_proposal(private_ike_cfg_t *this,
-								   linked_list_t *proposals, bool private)
+METHOD(ike_cfg_t, select_proposal, proposal_t*,
+	private_ike_cfg_t *this, linked_list_t *proposals, bool private)
 {
 	iterator_t *stored_iter, *supplied_iter;
 	proposal_t *stored, *supplied, *selected;
@@ -166,10 +174,8 @@ static proposal_t *select_proposal(private_ike_cfg_t *this,
 	return NULL;
 }
 
-/**
- * Implementation of ike_cfg_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,
+	private_ike_cfg_t *this)
 {
 	enumerator_t *enumerator;
 	proposal_t *proposal;
@@ -187,11 +193,10 @@ static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this)
 	return dh_group;
 }
 
-/**
- * Implementation of ike_cfg_t.equals.
- */
-static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other)
+METHOD(ike_cfg_t, equals, bool,
+	private_ike_cfg_t *this, ike_cfg_t *other_public)
 {
+	private_ike_cfg_t *other = (private_ike_cfg_t*)other_public;
 	enumerator_t *e1, *e2;
 	proposal_t *p1, *p2;
 	bool eq = TRUE;
@@ -226,22 +231,20 @@ static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other)
 		this->certreq == other->certreq &&
 		this->force_encap == other->force_encap &&
 		streq(this->me, other->me) &&
-		streq(this->other, other->other));
+		streq(this->other, other->other) &&
+		this->my_port == other->my_port &&
+		this->other_port == other->other_port);
 }
 
-/**
- * Implementation of ike_cfg_t.get_ref.
- */
-static ike_cfg_t* get_ref(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, get_ref, ike_cfg_t*,
+	private_ike_cfg_t *this)
 {
 	ref_get(&this->refcount);
 	return &this->public;
 }
 
-/**
- * Implementation of ike_cfg_t.destroy.
- */
-static void destroy(private_ike_cfg_t *this)
+METHOD(ike_cfg_t, destroy, void,
+	private_ike_cfg_t *this)
 {
 	if (ref_put(&this->refcount))
 	{
@@ -257,30 +260,35 @@ static void destroy(private_ike_cfg_t *this)
  * Described in header.
  */
 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-						  char *me, char *other)
+				char *me, u_int16_t my_port, char *other, u_int16_t other_port)
 {
-	private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t);
-
-	/* public functions */
-	this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq;
-	this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth;
-	this->public.get_my_addr = (char*(*)(ike_cfg_t*))get_my_addr;
-	this->public.get_other_addr = (char*(*)(ike_cfg_t*))get_other_addr;
-	this->public.add_proposal = (void(*)(ike_cfg_t*, proposal_t*)) add_proposal;
-	this->public.get_proposals = (linked_list_t*(*)(ike_cfg_t*))get_proposals;
-	this->public.select_proposal = (proposal_t*(*)(ike_cfg_t*,linked_list_t*,bool))select_proposal;
-	this->public.get_dh_group = (diffie_hellman_group_t(*)(ike_cfg_t*)) get_dh_group;
-	this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals;
-	this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref;
-	this->public.destroy = (void(*)(ike_cfg_t*))destroy;
-
-	/* private variables */
-	this->refcount = 1;
-	this->certreq = certreq;
-	this->force_encap = force_encap;
-	this->me = strdup(me);
-	this->other = strdup(other);
-	this->proposals = linked_list_create();
+	private_ike_cfg_t *this;
+
+	INIT(this,
+		.public = {
+			.send_certreq = _send_certreq,
+			.force_encap = _force_encap_,
+			.get_my_addr = _get_my_addr,
+			.get_other_addr = _get_other_addr,
+			.get_my_port = _get_my_port,
+			.get_other_port = _get_other_port,
+			.add_proposal = _add_proposal,
+			.get_proposals = _get_proposals,
+			.select_proposal = _select_proposal,
+			.get_dh_group = _get_dh_group,
+			.equals = _equals,
+			.get_ref = _get_ref,
+			.destroy = _destroy,
+		},
+		.refcount = 1,
+		.certreq = certreq,
+		.force_encap = force_encap,
+		.me = strdup(me),
+		.other = strdup(other),
+		.my_port = my_port,
+		.other_port = other_port,
+		.proposals = linked_list_create(),
+	);
 
 	return &this->public;
 }
diff --git a/src/charon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index eaac321b9..f1edde255 100644
--- a/src/charon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -53,6 +53,20 @@ struct ike_cfg_t {
 	char* (*get_other_addr) (ike_cfg_t *this);
 
 	/**
+	 * Get the port to use as our source port.
+	 *
+	 * @return		source address port, host order
+	 */
+	u_int16_t (*get_my_port)(ike_cfg_t *this);
+
+	/**
+	 * Get the port to use as destination port.
+	 *
+	 * @return		destination address, host order
+	 */
+	u_int16_t (*get_other_port)(ike_cfg_t *this);
+
+	/**
 	 * Adds a proposal to the list.
 	 *
 	 * The first added proposal has the highest priority, the last
@@ -136,10 +150,12 @@ struct ike_cfg_t {
  * @param certreq		TRUE to send a certificate request
  * @param force_encap	enforce UDP encapsulation by faking NATD notify
  * @param me			address/DNS name of local peer
+ * @param my_port		IKE port to use as source, 500 uses IKEv2 port floating
  * @param other			address/DNS name of remote peer
+ * @param other_port	IKE port to use as dest, 500 uses IKEv2 port floating
  * @return 				ike_cfg_t object.
  */
 ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
-						  char *me, char *other);
+				char *me, u_int16_t my_port, char *other, u_int16_t other_port);
 
 #endif /** IKE_CFG_H_ @}*/
diff --git a/src/charon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index 9df14c9ae..9df14c9ae 100644
--- a/src/charon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
diff --git a/src/charon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h
index 6855276f8..6855276f8 100644
--- a/src/charon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
diff --git a/src/charon/config/proposal.c b/src/libcharon/config/proposal.c
index 6b3500b6e..e86393028 100644
--- a/src/charon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -269,6 +269,7 @@ static bool is_authenticated_encryption(u_int16_t alg)
 		case ENCR_CAMELLIA_CCM_ICV8:
 		case ENCR_CAMELLIA_CCM_ICV12:
 		case ENCR_CAMELLIA_CCM_ICV16:
+		case ENCR_NULL_AUTH_AES_GMAC:
 			return TRUE;
 	}
 	return FALSE;
@@ -857,6 +858,9 @@ static void proposal_add_supported_ike(private_proposal_t *this)
 			case ECP_256_BIT:
 			case ECP_384_BIT:
 			case ECP_521_BIT:
+			case MODP_1024_160:
+			case MODP_2048_224:
+			case MODP_2048_256:
 			case ECP_192_BIT:
 			case ECP_224_BIT:
 				add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0);
diff --git a/src/charon/config/proposal.h b/src/libcharon/config/proposal.h
index 30f63b80d..30f63b80d 100644
--- a/src/charon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
diff --git a/src/charon/control/controller.c b/src/libcharon/control/controller.c
index 94c64028c..94c64028c 100644
--- a/src/charon/control/controller.c
+++ b/src/libcharon/control/controller.c
diff --git a/src/charon/control/controller.h b/src/libcharon/control/controller.h
index 31b69c78c..31b69c78c 100644
--- a/src/charon/control/controller.h
+++ b/src/libcharon/control/controller.h
diff --git a/src/charon/credentials/credential_manager.c b/src/libcharon/credentials/credential_manager.c
index adea0b4be..adea0b4be 100644
--- a/src/charon/credentials/credential_manager.c
+++ b/src/libcharon/credentials/credential_manager.c
diff --git a/src/charon/credentials/credential_manager.h b/src/libcharon/credentials/credential_manager.h
index 0448da992..0448da992 100644
--- a/src/charon/credentials/credential_manager.h
+++ b/src/libcharon/credentials/credential_manager.h
diff --git a/src/charon/credentials/credential_set.h b/src/libcharon/credentials/credential_set.h
index 274eb3feb..274eb3feb 100644
--- a/src/charon/credentials/credential_set.h
+++ b/src/libcharon/credentials/credential_set.h
diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.c b/src/libcharon/credentials/sets/auth_cfg_wrapper.c
index 82e33d283..82e33d283 100644
--- a/src/charon/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libcharon/credentials/sets/auth_cfg_wrapper.c
diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.h b/src/libcharon/credentials/sets/auth_cfg_wrapper.h
index 7653fcdbf..7653fcdbf 100644
--- a/src/charon/credentials/sets/auth_cfg_wrapper.h
+++ b/src/libcharon/credentials/sets/auth_cfg_wrapper.h
diff --git a/src/charon/credentials/sets/cert_cache.c b/src/libcharon/credentials/sets/cert_cache.c
index 176accce2..176accce2 100644
--- a/src/charon/credentials/sets/cert_cache.c
+++ b/src/libcharon/credentials/sets/cert_cache.c
diff --git a/src/charon/credentials/sets/cert_cache.h b/src/libcharon/credentials/sets/cert_cache.h
index d2721866e..d2721866e 100644
--- a/src/charon/credentials/sets/cert_cache.h
+++ b/src/libcharon/credentials/sets/cert_cache.h
diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.c b/src/libcharon/credentials/sets/ocsp_response_wrapper.c
index 82079209a..82079209a 100644
--- a/src/charon/credentials/sets/ocsp_response_wrapper.c
+++ b/src/libcharon/credentials/sets/ocsp_response_wrapper.c
diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/libcharon/credentials/sets/ocsp_response_wrapper.h
index dc4b451df..dc4b451df 100644
--- a/src/charon/credentials/sets/ocsp_response_wrapper.h
+++ b/src/libcharon/credentials/sets/ocsp_response_wrapper.h
diff --git a/src/charon/daemon.c b/src/libcharon/daemon.c
index e71225fd1..11c94beb9 100644
--- a/src/charon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2009 Tobias Brunner
+ * Copyright (C) 2006-2010 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
@@ -17,22 +17,10 @@
  */
 
 #include <stdio.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
-#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
-#include <signal.h>
-#undef _POSIX_PTHREAD_SEMANTICS
-#include <pthread.h>
-#include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <time.h>
-#include <string.h>
-#include <getopt.h>
 #include <errno.h>
-#include <pwd.h>
-#include <grp.h>
 #ifdef CAPABILITIES
 #include <sys/capability.h>
 #endif /* CAPABILITIES */
@@ -40,8 +28,6 @@
 #include "daemon.h"
 
 #include <library.h>
-#include <utils/backtrace.h>
-#include <threading/thread.h>
 #include <selectors/traffic_selector.h>
 #include <config/proposal.h>
 
@@ -60,16 +46,6 @@ struct private_daemon_t {
 	 */
 	daemon_t public;
 
-	/**
-	 * Signal set used for signal handling.
-	 */
-	sigset_t signal_set;
-
-	/**
-	 * Reference to main thread.
-	 */
-	thread_t *main_thread;
-
 #ifdef CAPABILITIES
 	/**
 	 * capabilities to keep
@@ -86,88 +62,23 @@ daemon_t *charon;
 /**
  * hook in library for debugging messages
  */
-extern void (*dbg) (int level, char *fmt, ...);
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
 
 /**
- * Logging hook for library logs, spreads debug message over bus
+ * we store the previous debug function so we can reset it
  */
-static void dbg_bus(int level, char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args);
-	va_end(args);
-}
+static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...);
 
 /**
- * Logging hook for library logs, using stderr output
+ * Logging hook for library logs, spreads debug message over bus
  */
-static void dbg_stderr(int level, char *fmt, ...)
+static void dbg_bus(debug_t group, level_t level, char *fmt, ...)
 {
 	va_list args;
 
-	if (level <= 1)
-	{
-		va_start(args, fmt);
-		fprintf(stderr, "00[LIB] ");
-		vfprintf(stderr, fmt, args);
-		fprintf(stderr, "\n");
-		va_end(args);
-	}
-}
-
-/**
- * Run the daemon and handle unix signals
- */
-static void run(private_daemon_t *this)
-{
-	sigset_t set;
-
-	/* handle SIGINT, SIGHUP ans SIGTERM in this handler */
-	sigemptyset(&set);
-	sigaddset(&set, SIGINT);
-	sigaddset(&set, SIGHUP);
-	sigaddset(&set, SIGTERM);
-	sigprocmask(SIG_BLOCK, &set, NULL);
-
-	while (TRUE)
-	{
-		int sig;
-		int error;
-
-		error = sigwait(&set, &sig);
-		if (error)
-		{
-			DBG1(DBG_DMN, "error %d while waiting for a signal", error);
-			return;
-		}
-		switch (sig)
-		{
-			case SIGHUP:
-			{
-				DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored");
-				break;
-			}
-			case SIGINT:
-			{
-				DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down");
-				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-				return;
-			}
-			case SIGTERM:
-			{
-				DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down");
-				charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig);
-				return;
-			}
-			default:
-			{
-				DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig);
-				break;
-			}
-		}
-	}
+	va_start(args, fmt);
+	charon->bus->vlog(charon->bus, group, level, fmt, args);
+	va_end(args);
 }
 
 /**
@@ -185,6 +96,7 @@ static void destroy(private_daemon_t *this)
 	{
 		this->public.ike_sa_manager->flush(this->public.ike_sa_manager);
 	}
+	DESTROY_IF(this->public.receiver);
 	/* unload plugins to release threads */
 	lib->plugins->unload(lib->plugins);
 #ifdef CAPABILITIES
@@ -204,13 +116,12 @@ static void destroy(private_daemon_t *this)
 	DESTROY_IF(this->public.backends);
 	DESTROY_IF(this->public.credentials);
 	DESTROY_IF(this->public.sender);
-	DESTROY_IF(this->public.receiver);
 	DESTROY_IF(this->public.socket);
 	/* wait until all threads are gone */
 	DESTROY_IF(this->public.processor);
 
 	/* rehook library logging, shutdown logging */
-	dbg = dbg_stderr;
+	dbg = dbg_old;
 	DESTROY_IF(this->public.bus);
 	this->public.file_loggers->destroy_offset(this->public.file_loggers,
 											offsetof(file_logger_t, destroy));
@@ -219,65 +130,8 @@ static void destroy(private_daemon_t *this)
 	free(this);
 }
 
-/**
- * Enforce daemon shutdown, with a given reason to do so.
- */
-static void kill_daemon(private_daemon_t *this, char *reason)
-{
-	/* we send SIGTERM, so the daemon can cleanly shut down */
-	if (this->public.bus)
-	{
-		DBG1(DBG_DMN, "killing daemon: %s", reason);
-	}
-	else
-	{
-		fprintf(stderr, "killing daemon: %s\n", reason);
-	}
-	if (this->main_thread == thread_current())
-	{
-		/* initialization failed, terminate daemon */
-		unlink(PID_FILE);
-		exit(-1);
-	}
-	else
-	{
-		DBG1(DBG_DMN, "sending SIGTERM to ourself");
-		this->main_thread->kill(this->main_thread, SIGTERM);
-		/* thread must die, since he produced a ciritcal failure and can't continue */
-		thread_exit(NULL);
-	}
-}
-
-/**
- * drop daemon capabilities
- */
-static void drop_capabilities(private_daemon_t *this)
-{
-#ifdef HAVE_PRCTL
-	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
-
-	if (setgid(charon->gid) != 0)
-	{
-		kill_daemon(this, "change to unprivileged group failed");
-	}
-	if (setuid(charon->uid) != 0)
-	{
-		kill_daemon(this, "change to unprivileged user failed");
-	}
-
-#ifdef CAPABILITIES
-	if (cap_set_proc(this->caps) != 0)
-	{
-		kill_daemon(this, "unable to drop daemon capabilities");
-	}
-#endif /* CAPABILITIES */
-}
-
-/**
- * Implementation of daemon_t.keep_cap
- */
-static void keep_cap(private_daemon_t *this, u_int cap)
+METHOD(daemon_t, keep_cap, void,
+	   private_daemon_t *this, u_int cap)
 {
 #ifdef CAPABILITIES
 	cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
@@ -286,37 +140,25 @@ static void keep_cap(private_daemon_t *this, u_int cap)
 #endif /* CAPABILITIES */
 }
 
-/**
- * lookup UID and GID
- */
-static void lookup_uid_gid(private_daemon_t *this)
+METHOD(daemon_t, drop_capabilities, bool,
+	   private_daemon_t *this)
 {
-#ifdef IPSEC_USER
+#ifdef CAPABILITIES
+	if (cap_set_proc(this->caps) != 0)
 	{
-		char buf[1024];
-		struct passwd passwd, *pwp;
-
-		if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
-			pwp == NULL)
-		{
-			kill_daemon(this, "resolving user '"IPSEC_USER"' failed");
-		}
-		charon->uid = pwp->pw_uid;
+		return FALSE;
 	}
-#endif
-#ifdef IPSEC_GROUP
-	{
-		char buf[1024];
-		struct group group, *grp;
+#endif /* CAPABILITIES */
+	return TRUE;
+}
 
-		if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
-			grp == NULL)
-		{
-			kill_daemon(this, "resolving group '"IPSEC_GROUP"' failed");
-		}
-		charon->gid = grp->gr_gid;
-	}
-#endif
+METHOD(daemon_t, start, void,
+	   private_daemon_t *this)
+{
+	/* start the engine, go multithreaded */
+	charon->processor->set_threads(charon->processor,
+						lib->settings->get_int(lib->settings, "charon.threads",
+											   DEFAULT_THREADS));
 }
 
 /**
@@ -461,10 +303,8 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr,
 	}
 }
 
-/**
- * Initialize the daemon
- */
-static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
+METHOD(daemon_t, initialize, bool,
+	   private_daemon_t *this, bool syslog, level_t levels[])
 {
 	/* for uncritical pseudo random numbers */
 	srandom(time(NULL) + getpid());
@@ -472,6 +312,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 	/* setup bus and it's listeners first to enable log output */
 	this->public.bus = bus_create();
 	/* set up hook to log dbg message in library via charons message bus */
+	dbg_old = dbg;
 	dbg = dbg_bus;
 
 	initialize_loggers(this, !syslog, levels);
@@ -482,6 +323,8 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 	{
 		DBG1(DBG_DMN, "integrity tests enabled:");
 		DBG1(DBG_DMN, "lib    'libstrongswan': passed file and segment integrity tests");
+		DBG1(DBG_DMN, "lib    'libhydra': passed file and segment integrity tests");
+		DBG1(DBG_DMN, "lib    'libcharon': passed file and segment integrity tests");
 		DBG1(DBG_DMN, "daemon 'charon': passed file integrity test");
 	}
 
@@ -494,7 +337,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 	this->public.sim = sim_manager_create();
 	this->public.backends = backend_manager_create();
 	this->public.kernel_interface = kernel_interface_create();
-	this->public.socket = socket_create();
+	this->public.socket = socket_manager_create();
 	this->public.traps = trap_manager_create();
 
 	/* load plugins, further infrastructure may need it */
@@ -531,58 +374,23 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[])
 }
 
 /**
- * Handle SIGSEGV/SIGILL signals raised by threads
- */
-static void segv_handler(int signal)
-{
-	backtrace_t *backtrace;
-
-	DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal);
-	backtrace = backtrace_create(2);
-	backtrace->log(backtrace, stderr);
-	backtrace->destroy(backtrace);
-
-	DBG1(DBG_DMN, "killing ourself, received critical signal");
-	abort();
-}
-
-/**
  * Create the daemon.
  */
-private_daemon_t *daemon_create(void)
+private_daemon_t *daemon_create()
 {
-	struct sigaction action;
-	private_daemon_t *this = malloc_thing(private_daemon_t);
-
-	/* assign methods */
-	this->public.kill = (void (*) (daemon_t*,char*))kill_daemon;
-	this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap;
-
-	/* NULL members for clean destruction */
-	this->public.socket = NULL;
-	this->public.ike_sa_manager = NULL;
-	this->public.traps = NULL;
-	this->public.credentials = NULL;
-	this->public.backends = NULL;
-	this->public.sender= NULL;
-	this->public.receiver = NULL;
-	this->public.scheduler = NULL;
-	this->public.kernel_interface = NULL;
-	this->public.processor = NULL;
-	this->public.controller = NULL;
-	this->public.eap = NULL;
-	this->public.sim = NULL;
-	this->public.bus = NULL;
-	this->public.file_loggers = linked_list_create();
-	this->public.sys_loggers = linked_list_create();
-#ifdef ME
-	this->public.connect_manager = NULL;
-	this->public.mediation_manager = NULL;
-#endif /* ME */
-	this->public.uid = 0;
-	this->public.gid = 0;
+	private_daemon_t *this;
+
+	INIT(this,
+		.public = {
+			.keep_cap = _keep_cap,
+			.drop_capabilities = _drop_capabilities,
+			.initialize = _initialize,
+			.start = _start,
+			.file_loggers = linked_list_create(),
+			.sys_loggers = linked_list_create(),
+		},
+	);
 
-	this->main_thread = thread_current();
 #ifdef CAPABILITIES
 	this->caps = cap_init();
 	keep_cap(this, CAP_NET_ADMIN);
@@ -592,116 +400,28 @@ private_daemon_t *daemon_create(void)
 	}
 #endif /* CAPABILITIES */
 
-	/* add handler for SEGV and ILL,
-	 * INT, TERM and HUP are handled by sigwait() in run() */
-	action.sa_handler = segv_handler;
-	action.sa_flags = 0;
-	sigemptyset(&action.sa_mask);
-	sigaddset(&action.sa_mask, SIGINT);
-	sigaddset(&action.sa_mask, SIGTERM);
-	sigaddset(&action.sa_mask, SIGHUP);
-	sigaction(SIGSEGV, &action, NULL);
-	sigaction(SIGILL, &action, NULL);
-	sigaction(SIGBUS, &action, NULL);
-	action.sa_handler = SIG_IGN;
-	sigaction(SIGPIPE, &action, NULL);
-
-	pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL);
-
 	return this;
 }
 
 /**
- * Check/create PID file, return TRUE if already running
+ * Described in header.
  */
-static bool check_pidfile()
+void libcharon_deinit()
 {
-	struct stat stb;
-	FILE *file;
-
-	if (stat(PID_FILE, &stb) == 0)
-	{
-		file = fopen(PID_FILE, "r");
-		if (file)
-		{
-			char buf[64];
-			pid_t pid = 0;
-
-			memset(buf, 0, sizeof(buf));
-			if (fread(buf, 1, sizeof(buf), file))
-			{
-				pid = atoi(buf);
-			}
-			fclose(file);
-			if (pid && kill(pid, 0) == 0)
-			{	/* such a process is running */
-				return TRUE;
-			}
-		}
-		DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running");
-		unlink(PID_FILE);
-	}
 
-	/* create new pidfile */
-	file = fopen(PID_FILE, "w");
-	if (file)
-	{
-		fprintf(file, "%d\n", getpid());
-		ignore_result(fchown(fileno(file), charon->uid, charon->gid));
-		fclose(file);
-	}
-	return FALSE;
+	destroy((private_daemon_t*)charon);
+	charon = NULL;
 }
 
 /**
- * print command line usage and exit
+ * Described in header.
  */
-static void usage(const char *msg)
+bool libcharon_init()
 {
-	if (msg != NULL && *msg != '\0')
-	{
-		fprintf(stderr, "%s\n", msg);
-	}
-	fprintf(stderr, "Usage: charon\n"
-					"         [--help]\n"
-					"         [--version]\n"
-					"         [--use-syslog]\n"
-					"         [--debug-<type> <level>]\n"
-					"           <type>:  log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n"
-					"           <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n"
-					"                                    2 = controlmore, 3 = raw, 4 = private)\n"
-					"\n"
-		   );
-	exit(msg == NULL? 0 : 1);
-}
-
-/**
- * Main function, manages the daemon.
- */
-int main(int argc, char *argv[])
-{
-	bool use_syslog = FALSE;
-	private_daemon_t *private_charon;
-	level_t levels[DBG_MAX];
-	int group;
-
-	/* logging for library during initialization, as we have no bus yet */
-	dbg = dbg_stderr;
-
-	/* initialize library */
-	if (!library_init(NULL))
-	{
-		library_deinit();
-		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
-	}
+	private_daemon_t *this;
 
-	if (lib->integrity &&
-		!lib->integrity->check_file(lib->integrity, "charon", argv[0]))
-	{
-		dbg_stderr(1, "integrity check of charon failed");
-		library_deinit();
-		exit(SS_RC_DAEMON_INTEGRITY);
-	}
+	this = daemon_create();
+	charon = &this->public;
 
 	lib->printf_hook->add_handler(lib->printf_hook, 'R',
 								  traffic_selector_printf_hook,
@@ -711,97 +431,13 @@ int main(int argc, char *argv[])
 								  proposal_printf_hook,
 								  PRINTF_HOOK_ARGTYPE_POINTER,
 								  PRINTF_HOOK_ARGTYPE_END);
-	private_charon = daemon_create();
-	charon = (daemon_t*)private_charon;
-
-	lookup_uid_gid(private_charon);
-
-	/* use CTRL loglevel for default */
-	for (group = 0; group < DBG_MAX; group++)
-	{
-		levels[group] = LEVEL_CTRL;
-	}
-
-	/* handle arguments */
-	for (;;)
-	{
-		struct option long_opts[] = {
-			{ "help", no_argument, NULL, 'h' },
-			{ "version", no_argument, NULL, 'v' },
-			{ "use-syslog", no_argument, NULL, 'l' },
-			/* TODO: handle "debug-all" */
-			{ "debug-dmn", required_argument, &group, DBG_DMN },
-			{ "debug-mgr", required_argument, &group, DBG_MGR },
-			{ "debug-ike", required_argument, &group, DBG_IKE },
-			{ "debug-chd", required_argument, &group, DBG_CHD },
-			{ "debug-job", required_argument, &group, DBG_JOB },
-			{ "debug-cfg", required_argument, &group, DBG_CFG },
-			{ "debug-knl", required_argument, &group, DBG_KNL },
-			{ "debug-net", required_argument, &group, DBG_NET },
-			{ "debug-enc", required_argument, &group, DBG_ENC },
-			{ "debug-lib", required_argument, &group, DBG_LIB },
-			{ 0,0,0,0 }
-		};
-
-		int c = getopt_long(argc, argv, "", long_opts, NULL);
-		switch (c)
-		{
-			case EOF:
-				break;
-			case 'h':
-				usage(NULL);
-				break;
-			case 'v':
-				printf("Linux strongSwan %s\n", VERSION);
-				exit(0);
-			case 'l':
-				use_syslog = TRUE;
-				continue;
-			case 0:
-				/* option is in group */
-				levels[group] = atoi(optarg);
-				continue;
-			default:
-				usage("");
-				break;
-		}
-		break;
-	}
-
-	/* initialize daemon */
-	if (!initialize(private_charon, use_syslog, levels))
-	{
-		DBG1(DBG_DMN, "initialization failed - aborting charon");
-		destroy(private_charon);
-		library_deinit();
-		exit(SS_RC_INITIALIZATION_FAILED);
-	}
 
-	if (check_pidfile())
+	if (lib->integrity &&
+		!lib->integrity->check(lib->integrity, "libcharon", libcharon_init))
 	{
-		DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)");
-		destroy(private_charon);
-		library_deinit();
-		exit(-1);
+		dbg(DBG_DMN, 1, "integrity check of libcharon failed");
+		return FALSE;
 	}
 
-	/* drop the capabilities we won't need */
-	drop_capabilities(private_charon);
-
-	/* start the engine, go multithreaded */
-	charon->processor->set_threads(charon->processor,
-						lib->settings->get_int(lib->settings, "charon.threads",
-											   DEFAULT_THREADS));
-
-	/* run daemon */
-	run(private_charon);
-
-	/* normal termination, cleanup and exit */
-	destroy(private_charon);
-	unlink(PID_FILE);
-
-	library_deinit();
-
-	return 0;
+	return TRUE;
 }
-
diff --git a/src/charon/daemon.h b/src/libcharon/daemon.h
index cb5946d5d..9b6d97060 100644
--- a/src/charon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2010 Tobias Brunner
  * Copyright (C) 2005-2009 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
@@ -17,52 +17,49 @@
  */
 
 /**
- * @defgroup charon charon
+ * @defgroup libcharon libcharon
  *
  * @defgroup bus bus
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup listeners listeners
  * @ingroup bus
  *
  * @defgroup config config
- * @ingroup charon
- *
- * @defgroup attributes attributes
- * @ingroup config
+ * @ingroup libcharon
  *
  * @defgroup control control
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup ccredentials credentials
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup sets sets
  * @ingroup ccredentials
  *
  * @defgroup encoding encoding
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup payloads payloads
  * @ingroup encoding
  *
  * @defgroup kernel kernel
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup network network
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup cplugins plugins
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup processing processing
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup jobs jobs
  * @ingroup processing
  *
  * @defgroup sa sa
- * @ingroup charon
+ * @ingroup libcharon
  *
  * @defgroup authenticators authenticators
  * @ingroup sa
@@ -73,7 +70,7 @@
  * @defgroup tasks tasks
  * @ingroup sa
  *
- * @addtogroup charon
+ * @addtogroup libcharon
  * @{
  *
  * IKEv2 keying daemon.
@@ -148,7 +145,7 @@ typedef struct daemon_t daemon_t;
 
 #include <network/sender.h>
 #include <network/receiver.h>
-#include <network/socket.h>
+#include <network/socket_manager.h>
 #include <processing/scheduler.h>
 #include <processing/processor.h>
 #include <kernel/kernel_interface.h>
@@ -169,11 +166,6 @@ typedef struct daemon_t daemon_t;
 #endif /* ME */
 
 /**
- * Name of the daemon.
- */
-#define DAEMON_NAME "charon"
-
-/**
  * Number of threads in the thread pool, if not specified in config.
  */
 #define DEFAULT_THREADS 16
@@ -189,20 +181,14 @@ typedef struct daemon_t daemon_t;
 #define IKEV2_NATT_PORT 4500
 
 /**
- * PID file, in which charon stores its process id
- */
-#define PID_FILE IPSEC_PIDDIR "/charon.pid"
-
-
-/**
  * Main class of daemon, contains some globals.
  */
 struct daemon_t {
 
 	/**
-	 * A socket_t instance.
+	 * Socket manager instance
 	 */
-	socket_t *socket;
+	socket_manager_t *socket;
 
 	/**
 	 * A ike_sa_manager_t instance.
@@ -311,16 +297,45 @@ struct daemon_t {
 	void (*keep_cap)(daemon_t *this, u_int cap);
 
 	/**
-	 * Shut down the daemon.
+	 * Drop all capabilities of the current process.
+	 *
+	 * Drops all capabalities, excect those exlcuded using keep_cap().
+	 * This should be called after the initialization of the daemon because
+	 * some plugins require the process to keep additional capabilities.
 	 *
-	 * @param reason		describtion why it will be killed
+	 * @return		TRUE if successful, FALSE otherwise
+	 */
+	bool (*drop_capabilities)(daemon_t *this);
+
+	/**
+	 * Initialize the daemon.
 	 */
-	void (*kill) (daemon_t *this, char *reason);
+	bool (*initialize)(daemon_t *this, bool syslog, level_t levels[]);
+
+	/**
+	 * Starts the daemon, i.e. spawns the threads of the thread pool.
+	 */
+	void (*start)(daemon_t *this);
+
 };
 
 /**
  * The one and only instance of the daemon.
+ *
+ * Set between libcharon_init() and libcharon_deinit() calls.
  */
 extern daemon_t *charon;
 
+/**
+ * Initialize libcharon and create the "charon" instance of daemon_t.
+ *
+ * @return		FALSE if integrity check failed
+ */
+bool libcharon_init();
+
+/**
+ * Deinitialize libcharon and destroy the "charon" instance of daemon_t.
+ */
+void libcharon_deinit();
+
 #endif /** DAEMON_H_ @}*/
diff --git a/src/charon/encoding/generator.c b/src/libcharon/encoding/generator.c
index 6485da492..6485da492 100644
--- a/src/charon/encoding/generator.c
+++ b/src/libcharon/encoding/generator.c
diff --git a/src/charon/encoding/generator.h b/src/libcharon/encoding/generator.h
index 2221c84af..2221c84af 100644
--- a/src/charon/encoding/generator.h
+++ b/src/libcharon/encoding/generator.h
diff --git a/src/charon/encoding/message.c b/src/libcharon/encoding/message.c
index 397a3c609..acfc0fd44 100644
--- a/src/charon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1539,22 +1539,19 @@ static status_t verify(private_message_t *this)
 				}
 			}
 		}
+		enumerator->destroy(enumerator);
 
 		if (found_payloads < rule->min_occurence)
 		{
 			DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
 				 payload_type_names, rule->payload_type, rule->min_occurence,
 				 found_payloads);
-			enumerator->destroy(enumerator);
 			return VERIFY_ERROR;
 		}
-		if (rule->sufficient &&
-			this->payloads->get_count(this->payloads) == total_found_payloads)
+		if (rule->sufficient)
 		{
-			enumerator->destroy(enumerator);
 			return SUCCESS;
 		}
-		enumerator->destroy(enumerator);
 	}
 	return SUCCESS;
 }
diff --git a/src/charon/encoding/message.h b/src/libcharon/encoding/message.h
index 2c7718f49..2c7718f49 100644
--- a/src/charon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
diff --git a/src/charon/encoding/parser.c b/src/libcharon/encoding/parser.c
index 9aa34b1bc..9aa34b1bc 100644
--- a/src/charon/encoding/parser.c
+++ b/src/libcharon/encoding/parser.c
diff --git a/src/charon/encoding/parser.h b/src/libcharon/encoding/parser.h
index 27c5f03fe..27c5f03fe 100644
--- a/src/charon/encoding/parser.h
+++ b/src/libcharon/encoding/parser.h
diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c
index d31208abb..d31208abb 100644
--- a/src/charon/encoding/payloads/auth_payload.c
+++ b/src/libcharon/encoding/payloads/auth_payload.c
diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/libcharon/encoding/payloads/auth_payload.h
index 37ee149db..37ee149db 100644
--- a/src/charon/encoding/payloads/auth_payload.h
+++ b/src/libcharon/encoding/payloads/auth_payload.h
diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index 6dd3141f0..6dd3141f0 100644
--- a/src/charon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h
index aa1c7bf5a..aa1c7bf5a 100644
--- a/src/charon/encoding/payloads/cert_payload.h
+++ b/src/libcharon/encoding/payloads/cert_payload.h
diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c
index 9ff0bdde0..9ff0bdde0 100644
--- a/src/charon/encoding/payloads/certreq_payload.c
+++ b/src/libcharon/encoding/payloads/certreq_payload.c
diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h
index 914063628..914063628 100644
--- a/src/charon/encoding/payloads/certreq_payload.h
+++ b/src/libcharon/encoding/payloads/certreq_payload.h
diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c
index 9094fd44d..9094fd44d 100644
--- a/src/charon/encoding/payloads/configuration_attribute.c
+++ b/src/libcharon/encoding/payloads/configuration_attribute.c
diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h
index 6e4b018bb..6e4b018bb 100644
--- a/src/charon/encoding/payloads/configuration_attribute.h
+++ b/src/libcharon/encoding/payloads/configuration_attribute.h
diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c
index f0a26eee2..f0a26eee2 100644
--- a/src/charon/encoding/payloads/cp_payload.c
+++ b/src/libcharon/encoding/payloads/cp_payload.c
diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h
index c0760885a..7dcf58f7e 100644
--- a/src/charon/encoding/payloads/cp_payload.h
+++ b/src/libcharon/encoding/payloads/cp_payload.h
@@ -100,8 +100,8 @@ cp_payload_t *cp_payload_create();
 /**
  * Creates an cp_payload_t with type and value
  *
- * @param type	type of configuration payload to create
- * @return		created configuration payload
+ * @param config_type	type of configuration payload to create
+ * @return				created configuration payload
  */
 cp_payload_t *cp_payload_create_type(config_type_t config_type);
 
diff --git a/src/charon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c
index 97b4743b2..97b4743b2 100644
--- a/src/charon/encoding/payloads/delete_payload.c
+++ b/src/libcharon/encoding/payloads/delete_payload.c
diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h
index 3b62c1af1..3b62c1af1 100644
--- a/src/charon/encoding/payloads/delete_payload.h
+++ b/src/libcharon/encoding/payloads/delete_payload.h
diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c
index 21f34a642..21f34a642 100644
--- a/src/charon/encoding/payloads/eap_payload.c
+++ b/src/libcharon/encoding/payloads/eap_payload.c
diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h
index 0bde4b15e..0bde4b15e 100644
--- a/src/charon/encoding/payloads/eap_payload.h
+++ b/src/libcharon/encoding/payloads/eap_payload.h
diff --git a/src/charon/encoding/payloads/encodings.c b/src/libcharon/encoding/payloads/encodings.c
index 85caeda82..85caeda82 100644
--- a/src/charon/encoding/payloads/encodings.c
+++ b/src/libcharon/encoding/payloads/encodings.c
diff --git a/src/charon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h
index 52af4a984..52af4a984 100644
--- a/src/charon/encoding/payloads/encodings.h
+++ b/src/libcharon/encoding/payloads/encodings.h
diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 389ab09d7..2adbb88b9 100644
--- a/src/charon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -95,19 +95,19 @@ struct private_encryption_payload_t {
  */
 encoding_rule_t encryption_payload_encodings[] = {
 	/* 1 Byte next payload type, stored in the field next_payload */
-	{ U_INT_8,			offsetof(private_encryption_payload_t, next_payload) 	},
+	{ U_INT_8,			offsetof(private_encryption_payload_t, next_payload)	},
 	/* the critical bit */
-	{ FLAG,				offsetof(private_encryption_payload_t, critical) 		},
+	{ FLAG,				offsetof(private_encryption_payload_t, critical)		},
 	/* 7 Bit reserved bits, nowhere stored */
-	{ RESERVED_BIT,		0 														},
-	{ RESERVED_BIT,		0 														},
-	{ RESERVED_BIT,		0 														},
-	{ RESERVED_BIT,		0 														},
-	{ RESERVED_BIT,		0 														},
-	{ RESERVED_BIT,		0 														},
-	{ RESERVED_BIT,		0 														},
+	{ RESERVED_BIT,		0														},
+	{ RESERVED_BIT,		0														},
+	{ RESERVED_BIT,		0														},
+	{ RESERVED_BIT,		0														},
+	{ RESERVED_BIT,		0														},
+	{ RESERVED_BIT,		0														},
+	{ RESERVED_BIT,		0														},
 	/* Length of the whole encryption payload*/
-	{ PAYLOAD_LENGTH,	offsetof(private_encryption_payload_t, payload_length) 	},
+	{ PAYLOAD_LENGTH,	offsetof(private_encryption_payload_t, payload_length)	},
 	/* encrypted data, stored in a chunk. contains iv, data, padding */
 	{ ENCRYPTED_DATA,	offsetof(private_encryption_payload_t, encrypted)			},
 };
@@ -480,15 +480,15 @@ static status_t decrypt(private_encryption_payload_t *this)
 	/* add one byte to the padding length, since the padding_length field is
 	 * not included */
 	padding_length++;
-	this->decrypted.len -= padding_length;
 
 	/* check size again */
-	if (padding_length > concatenated.len || this->decrypted.len < 0)
+	if (padding_length > concatenated.len || padding_length > this->decrypted.len)
 	{
 		DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?");
 		/* decryption failed :-/ */
 		return FAILED;
 	}
+	this->decrypted.len -= padding_length;
 
 	/* free padding */
 	this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len);
diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encryption_payload.h
index ac5326b87..ac5326b87 100644
--- a/src/charon/encoding/payloads/encryption_payload.h
+++ b/src/libcharon/encoding/payloads/encryption_payload.h
diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c
index faec1ea71..faec1ea71 100644
--- a/src/charon/encoding/payloads/endpoint_notify.c
+++ b/src/libcharon/encoding/payloads/endpoint_notify.c
diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h
index 120eef49a..120eef49a 100644
--- a/src/charon/encoding/payloads/endpoint_notify.h
+++ b/src/libcharon/encoding/payloads/endpoint_notify.h
diff --git a/src/charon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
index 4158c3e07..4158c3e07 100644
--- a/src/charon/encoding/payloads/id_payload.c
+++ b/src/libcharon/encoding/payloads/id_payload.c
diff --git a/src/charon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h
index 5502dc961..5502dc961 100644
--- a/src/charon/encoding/payloads/id_payload.h
+++ b/src/libcharon/encoding/payloads/id_payload.h
diff --git a/src/charon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 735f01304..735f01304 100644
--- a/src/charon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
diff --git a/src/charon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h
index e63e8bf06..e63e8bf06 100644
--- a/src/charon/encoding/payloads/ike_header.h
+++ b/src/libcharon/encoding/payloads/ike_header.h
diff --git a/src/charon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c
index 1bc79f084..1bc79f084 100644
--- a/src/charon/encoding/payloads/ke_payload.c
+++ b/src/libcharon/encoding/payloads/ke_payload.c
diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h
index 3ca05009e..3ca05009e 100644
--- a/src/charon/encoding/payloads/ke_payload.h
+++ b/src/libcharon/encoding/payloads/ke_payload.h
diff --git a/src/charon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c
index 4ad5ce9dd..4ad5ce9dd 100644
--- a/src/charon/encoding/payloads/nonce_payload.c
+++ b/src/libcharon/encoding/payloads/nonce_payload.c
diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/libcharon/encoding/payloads/nonce_payload.h
index e9212202e..e9212202e 100644
--- a/src/charon/encoding/payloads/nonce_payload.h
+++ b/src/libcharon/encoding/payloads/nonce_payload.h
diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index 469698ef5..469698ef5 100644
--- a/src/charon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 0e1bc23b8..0e1bc23b8 100644
--- a/src/charon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
diff --git a/src/charon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c
index 1cee6d2aa..1cee6d2aa 100644
--- a/src/charon/encoding/payloads/payload.c
+++ b/src/libcharon/encoding/payloads/payload.c
diff --git a/src/charon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h
index 2e783cb30..2e783cb30 100644
--- a/src/charon/encoding/payloads/payload.h
+++ b/src/libcharon/encoding/payloads/payload.h
diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index c93f73a68..c93f73a68 100644
--- a/src/charon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h
index 4934802af..4934802af 100644
--- a/src/charon/encoding/payloads/proposal_substructure.h
+++ b/src/libcharon/encoding/payloads/proposal_substructure.h
diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c
index 187a8fee0..187a8fee0 100644
--- a/src/charon/encoding/payloads/sa_payload.c
+++ b/src/libcharon/encoding/payloads/sa_payload.c
diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h
index 25f5a2407..25f5a2407 100644
--- a/src/charon/encoding/payloads/sa_payload.h
+++ b/src/libcharon/encoding/payloads/sa_payload.h
diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
index f24857591..f24857591 100644
--- a/src/charon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
index 0109fd7f5..0109fd7f5 100644
--- a/src/charon/encoding/payloads/traffic_selector_substructure.h
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h
diff --git a/src/charon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c
index 8bf2ddef4..8bf2ddef4 100644
--- a/src/charon/encoding/payloads/transform_attribute.c
+++ b/src/libcharon/encoding/payloads/transform_attribute.c
diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h
index a5fe0154b..a5fe0154b 100644
--- a/src/charon/encoding/payloads/transform_attribute.h
+++ b/src/libcharon/encoding/payloads/transform_attribute.h
diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c
index c94f6c1a2..c94f6c1a2 100644
--- a/src/charon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index 5d31f8c0a..5d31f8c0a 100644
--- a/src/charon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c
index 6bf3e4293..6bf3e4293 100644
--- a/src/charon/encoding/payloads/ts_payload.c
+++ b/src/libcharon/encoding/payloads/ts_payload.c
diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h
index d322ff1a8..d322ff1a8 100644
--- a/src/charon/encoding/payloads/ts_payload.h
+++ b/src/libcharon/encoding/payloads/ts_payload.h
diff --git a/src/charon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c
index dd5547dc3..dd5547dc3 100644
--- a/src/charon/encoding/payloads/unknown_payload.c
+++ b/src/libcharon/encoding/payloads/unknown_payload.c
diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/libcharon/encoding/payloads/unknown_payload.h
index c761ed2b6..c761ed2b6 100644
--- a/src/charon/encoding/payloads/unknown_payload.h
+++ b/src/libcharon/encoding/payloads/unknown_payload.h
diff --git a/src/charon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c
index bf33d2418..bf33d2418 100644
--- a/src/charon/encoding/payloads/vendor_id_payload.c
+++ b/src/libcharon/encoding/payloads/vendor_id_payload.c
diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h
index 241535cac..241535cac 100644
--- a/src/charon/encoding/payloads/vendor_id_payload.h
+++ b/src/libcharon/encoding/payloads/vendor_id_payload.h
diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c
new file mode 100644
index 000000000..64a43a7fc
--- /dev/null
+++ b/src/libcharon/kernel/kernel_interface.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright (C) 2008-2009 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "kernel_interface.h"
+
+#include <daemon.h>
+
+typedef struct private_kernel_interface_t private_kernel_interface_t;
+
+/**
+ * Private data of a kernel_interface_t object.
+ */
+struct private_kernel_interface_t {
+
+	/**
+	 * Public part of kernel_interface_t object.
+	 */
+	kernel_interface_t public;
+
+	/**
+	 * ipsec interface
+	 */
+	kernel_ipsec_t *ipsec;
+
+	/**
+	 * network interface
+	 */
+	kernel_net_t *net;
+};
+
+METHOD(kernel_interface_t, get_spi, status_t,
+	private_kernel_interface_t *this, host_t *src, host_t *dst,
+	protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi);
+}
+
+METHOD(kernel_interface_t, get_cpi, status_t,
+	private_kernel_interface_t *this, host_t *src, host_t *dst,
+	u_int32_t reqid, u_int16_t *cpi)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi);
+}
+
+METHOD(kernel_interface_t, add_sa, status_t,
+	private_kernel_interface_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
+	lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
+	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
+	u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid,
+			lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi,
+			encap, inbound, src_ts, dst_ts);
+}
+
+METHOD(kernel_interface_t, update_sa, status_t,
+	private_kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol,
+	u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+	bool encap, bool new_encap)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst,
+								  new_src, new_dst, encap, new_encap);
+}
+
+METHOD(kernel_interface_t, query_sa, status_t,
+	private_kernel_interface_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes);
+}
+
+METHOD(kernel_interface_t, del_sa, status_t,
+	private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi,
+	protocol_id_t protocol, u_int16_t cpi)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi);
+}
+
+METHOD(kernel_interface_t, add_policy, status_t,
+	private_kernel_interface_t *this, host_t *src, host_t *dst,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+	policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+	u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+	bool routed)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts,
+			direction, spi, protocol, reqid, mode, ipcomp, cpi, routed);
+}
+
+METHOD(kernel_interface_t, query_policy, status_t,
+	private_kernel_interface_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts,
+									 direction, use_time);
+}
+
+METHOD(kernel_interface_t, del_policy, status_t,
+	private_kernel_interface_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
+{
+	if (!this->ipsec)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts,
+								   direction, unrouted);
+}
+
+METHOD(kernel_interface_t, get_source_addr, host_t*,
+	private_kernel_interface_t *this, host_t *dest, host_t *src)
+{
+	if (!this->net)
+	{
+		return NULL;
+	}
+	return this->net->get_source_addr(this->net, dest, src);
+}
+
+METHOD(kernel_interface_t, get_nexthop, host_t*,
+	private_kernel_interface_t *this, host_t *dest)
+{
+	if (!this->net)
+	{
+		return NULL;
+	}
+	return this->net->get_nexthop(this->net, dest);
+}
+
+METHOD(kernel_interface_t, get_interface, char*,
+	private_kernel_interface_t *this, host_t *host)
+{
+	if (!this->net)
+	{
+		return NULL;
+	}
+	return this->net->get_interface(this->net, host);
+}
+
+METHOD(kernel_interface_t, create_address_enumerator, enumerator_t*,
+	private_kernel_interface_t *this, bool include_down_ifaces,
+	bool include_virtual_ips)
+{
+	if (!this->net)
+	{
+		return enumerator_create_empty();
+	}
+	return this->net->create_address_enumerator(this->net, include_down_ifaces,
+												include_virtual_ips);
+}
+
+METHOD(kernel_interface_t, add_ip, status_t,
+	private_kernel_interface_t *this, host_t *virtual_ip, host_t *iface_ip)
+{
+	if (!this->net)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->net->add_ip(this->net, virtual_ip, iface_ip);
+}
+
+METHOD(kernel_interface_t, del_ip, status_t,
+	private_kernel_interface_t *this, host_t *virtual_ip)
+{
+	if (!this->net)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->net->del_ip(this->net, virtual_ip);
+}
+
+METHOD(kernel_interface_t, add_route, status_t,
+	private_kernel_interface_t *this, chunk_t dst_net,
+	u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+{
+	if (!this->net)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->net->add_route(this->net, dst_net, prefixlen, gateway,
+								src_ip, if_name);
+}
+
+METHOD(kernel_interface_t, del_route, status_t,
+	private_kernel_interface_t *this, chunk_t dst_net,
+	u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name)
+{
+	if (!this->net)
+	{
+		return NOT_SUPPORTED;
+	}
+	return this->net->del_route(this->net, dst_net, prefixlen, gateway,
+								src_ip, if_name);
+}
+
+METHOD(kernel_interface_t, bypass_socket, bool,
+	private_kernel_interface_t *this, int fd, int family)
+{
+	if (!this->ipsec)
+	{
+		return FALSE;
+	}
+	return this->ipsec->bypass_socket(this->ipsec, fd, family);
+}
+
+METHOD(kernel_interface_t, get_address_by_ts, status_t,
+	private_kernel_interface_t *this, traffic_selector_t *ts, host_t **ip)
+{
+	enumerator_t *addrs;
+	host_t *host;
+	int family;
+	bool found = FALSE;
+
+	DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts);
+
+	/* if we have a family which includes localhost, we do not
+	 * search for an IP, we use the default */
+	family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
+
+	if (family == AF_INET)
+	{
+		host = host_create_from_string("127.0.0.1", 0);
+	}
+	else
+	{
+		host = host_create_from_string("::1", 0);
+	}
+
+	if (ts->includes(ts, host))
+	{
+		*ip = host_create_any(family);
+		host->destroy(host);
+		DBG2(DBG_KNL, "using host %H", *ip);
+		return SUCCESS;
+	}
+	host->destroy(host);
+
+	addrs = create_address_enumerator(this, TRUE, TRUE);
+	while (addrs->enumerate(addrs, (void**)&host))
+	{
+		if (ts->includes(ts, host))
+		{
+			found = TRUE;
+			*ip = host->clone(host);
+			break;
+		}
+	}
+	addrs->destroy(addrs);
+
+	if (!found)
+	{
+		DBG1(DBG_KNL, "no local address found in traffic selector %R", ts);
+		return FAILED;
+	}
+
+	DBG2(DBG_KNL, "using host %H", *ip);
+	return SUCCESS;
+}
+
+
+METHOD(kernel_interface_t, add_ipsec_interface, void,
+	private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
+{
+	if (!this->ipsec)
+	{
+		this->ipsec = constructor();
+	}
+}
+
+METHOD(kernel_interface_t, remove_ipsec_interface, void,
+	private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor)
+{
+	/* TODO: replace if interface currently in use */
+}
+
+METHOD(kernel_interface_t, add_net_interface, void,
+	private_kernel_interface_t *this, kernel_net_constructor_t constructor)
+{
+	if (!this->net)
+	{
+		this->net = constructor();
+	}
+}
+
+METHOD(kernel_interface_t, remove_net_interface, void,
+	private_kernel_interface_t *this, kernel_net_constructor_t constructor)
+{
+	/* TODO: replace if interface currently in use */
+}
+
+METHOD(kernel_interface_t, destroy, void,
+	private_kernel_interface_t *this)
+{
+	DESTROY_IF(this->ipsec);
+	DESTROY_IF(this->net);
+	free(this);
+}
+
+/*
+ * Described in header-file
+ */
+kernel_interface_t *kernel_interface_create()
+{
+	private_kernel_interface_t *this;
+
+	INIT(this,
+		.public = {
+			.get_spi = _get_spi,
+			.get_cpi = _get_cpi,
+			.add_sa = _add_sa,
+			.update_sa = _update_sa,
+			.query_sa = _query_sa,
+			.del_sa = _del_sa,
+			.add_policy = _add_policy,
+			.query_policy = _query_policy,
+			.del_policy = _del_policy,
+			.get_source_addr = _get_source_addr,
+			.get_nexthop = _get_nexthop,
+			.get_interface = _get_interface,
+			.create_address_enumerator = _create_address_enumerator,
+			.add_ip = _add_ip,
+			.del_ip = _del_ip,
+			.add_route = _add_route,
+			.del_route = _del_route,
+			.bypass_socket = _bypass_socket,
+
+			.get_address_by_ts = _get_address_by_ts,
+			.add_ipsec_interface = _add_ipsec_interface,
+			.remove_ipsec_interface = _remove_ipsec_interface,
+			.add_net_interface = _add_net_interface,
+			.remove_net_interface = _remove_net_interface,
+			.destroy = _destroy,
+		},
+	);
+
+	return &this->public;
+}
+
diff --git a/src/charon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h
index c39246e72..4a62e76b8 100644
--- a/src/charon/kernel/kernel_interface.h
+++ b/src/libcharon/kernel/kernel_interface.h
@@ -333,6 +333,15 @@ struct kernel_interface_t {
 								host_t *gateway, host_t *src_ip, char *if_name);
 
 	/**
+	 * Set up a bypass policy for a given socket.
+	 *
+	 * @param fd			socket file descriptor to setup policy for
+	 * @param family		protocol family of the socket
+	 * @return				TRUE of policy set up successfully
+	 */
+	bool (*bypass_socket)(kernel_interface_t *this, int fd, int family);
+
+	/**
 	 * manager methods
 	 */
 
diff --git a/src/charon/kernel/kernel_ipsec.c b/src/libcharon/kernel/kernel_ipsec.c
index 5b0335b16..5b0335b16 100644
--- a/src/charon/kernel/kernel_ipsec.c
+++ b/src/libcharon/kernel/kernel_ipsec.c
diff --git a/src/charon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 73ad29b0e..300464cf6 100644
--- a/src/charon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -265,6 +265,15 @@ struct kernel_ipsec_t {
 							bool unrouted);
 
 	/**
+	 * Install a bypass policy for the given socket.
+	 *
+	 * @param fd			socket file descriptor to setup policy for
+	 * @param family		protocol family of the socket
+	 * @return				TRUE of policy set up successfully
+	 */
+	bool (*bypass_socket)(kernel_ipsec_t *this, int fd, int family);
+
+	/**
 	 * Destroy the implementation.
 	 */
 	void (*destroy) (kernel_ipsec_t *this);
diff --git a/src/charon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h
index efb221f88..efb221f88 100644
--- a/src/charon/kernel/kernel_net.h
+++ b/src/libcharon/kernel/kernel_net.h
diff --git a/src/libcharon/network/packet.c b/src/libcharon/network/packet.c
new file mode 100644
index 000000000..19db362f7
--- /dev/null
+++ b/src/libcharon/network/packet.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "packet.h"
+
+typedef struct private_packet_t private_packet_t;
+
+/**
+ * Private data of an packet_t object.
+ */
+struct private_packet_t {
+
+	/**
+	 * Public part of a packet_t object.
+	 */
+	packet_t public;
+
+	/**
+	 * source address
+	 */
+	host_t *source;
+
+	/**
+	 * destination address
+	 */
+	host_t *destination;
+
+	 /**
+	  * message data
+	  */
+	chunk_t data;
+};
+
+METHOD(packet_t, set_source, void,
+	private_packet_t *this, host_t *source)
+{
+	DESTROY_IF(this->source);
+	this->source = source;
+}
+
+METHOD(packet_t, set_destination, void,
+	private_packet_t *this, host_t *destination)
+{
+	DESTROY_IF(this->destination);
+	this->destination = destination;
+}
+
+METHOD(packet_t, get_source, host_t*,
+	private_packet_t *this)
+{
+	return this->source;
+}
+
+METHOD(packet_t, get_destination, host_t*,
+	private_packet_t *this)
+{
+	return this->destination;
+}
+
+METHOD(packet_t, get_data, chunk_t,
+	private_packet_t *this)
+{
+	return this->data;
+}
+
+METHOD(packet_t, set_data, void,
+	private_packet_t *this, chunk_t data)
+{
+	free(this->data.ptr);
+	this->data = data;
+}
+
+METHOD(packet_t, destroy, void,
+	private_packet_t *this)
+{
+	DESTROY_IF(this->source);
+	DESTROY_IF(this->destination);
+	free(this->data.ptr);
+	free(this);
+}
+
+METHOD(packet_t, clone_, packet_t*,
+	private_packet_t *this)
+{
+	packet_t *other;
+
+	other = packet_create();
+	if (this->destination != NULL)
+	{
+		other->set_destination(other, this->destination->clone(this->destination));
+	}
+	if (this->source != NULL)
+	{
+		other->set_source(other, this->source->clone(this->source));
+	}
+	if (this->data.ptr != NULL)
+	{
+		other->set_data(other, chunk_clone(this->data));
+	}
+	return other;
+}
+
+/*
+ * Documented in header
+ */
+packet_t *packet_create(void)
+{
+	private_packet_t *this;
+
+	INIT(this,
+		.public = {
+			.set_data = _set_data,
+			.get_data = _get_data,
+			.set_source = _set_source,
+			.get_source = _get_source,
+			.set_destination = _set_destination,
+			.get_destination = _get_destination,
+			.clone = _clone_,
+			.destroy = _destroy,
+		},
+	);
+
+	return &this->public;
+}
+
diff --git a/src/charon/network/packet.h b/src/libcharon/network/packet.h
index 18d82c6fc..18d82c6fc 100644
--- a/src/charon/network/packet.h
+++ b/src/libcharon/network/packet.h
diff --git a/src/charon/network/receiver.c b/src/libcharon/network/receiver.c
index 6cd99439b..df897021a 100644
--- a/src/charon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -99,6 +99,11 @@ struct private_receiver_t {
 	 * how many half open IKE_SAs per peer before blocking
 	 */
 	u_int32_t block_threshold;
+
+	/**
+	 * Delay for receiving incoming packets, to simulate larger RTT
+	 */
+	u_int receive_delay;
 };
 
 /**
@@ -248,7 +253,7 @@ static bool peer_to_aggressive(private_receiver_t *this, message_t *message)
 }
 
 /**
- * Implementation of receiver_t.receive_packets.
+ * Job callback to receive packets
  */
 static job_requeue_t receive_packets(private_receiver_t *this)
 {
@@ -325,14 +330,20 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 		}
 	}
 	job = (job_t*)process_message_job_create(message);
-	charon->processor->queue_job(charon->processor, job);
+	if (this->receive_delay)
+	{
+		charon->scheduler->schedule_job_ms(charon->scheduler,
+										   job, this->receive_delay);
+	}
+	else
+	{
+		charon->processor->queue_job(charon->processor, job);
+	}
 	return JOB_REQUEUE_DIRECT;
 }
 
-/**
- * Implementation of receiver_t.destroy.
- */
-static void destroy(private_receiver_t *this)
+METHOD(receiver_t, destroy, void,
+	private_receiver_t *this)
 {
 	this->job->cancel(this->job);
 	this->rng->destroy(this->rng);
@@ -345,10 +356,24 @@ static void destroy(private_receiver_t *this)
  */
 receiver_t *receiver_create()
 {
-	private_receiver_t *this = malloc_thing(private_receiver_t);
+	private_receiver_t *this;
 	u_int32_t now = time_monotonic(NULL);
 
-	this->public.destroy = (void(*)(receiver_t*)) destroy;
+	INIT(this,
+		.public.destroy = _destroy,
+		.secret_switch = now,
+		.secret_offset = random() % now,
+	);
+
+	if (lib->settings->get_bool(lib->settings, "charon.dos_protection", TRUE))
+	{
+		this->cookie_threshold = lib->settings->get_int(lib->settings,
+						"charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT);
+		this->block_threshold = lib->settings->get_int(lib->settings,
+						"charon.block_threshold", BLOCK_THRESHOLD_DEFAULT);
+	}
+	this->receive_delay = lib->settings->get_int(lib->settings,
+						"charon.receive_delay", 0);
 
 	this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED);
 	if (this->hasher == NULL)
@@ -365,20 +390,8 @@ receiver_t *receiver_create()
 		free(this);
 		return NULL;
 	}
-	this->secret_switch = now;
-	this->secret_offset = random() % now;
-	this->secret_used = 0;
 	this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret);
 	memcpy(this->secret_old, this->secret, SECRET_LENGTH);
-	this->cookie_threshold = lib->settings->get_int(lib->settings,
-									"charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT);
-	this->block_threshold = lib->settings->get_int(lib->settings,
-									"charon.block_threshold", BLOCK_THRESHOLD_DEFAULT);
-	if (!lib->settings->get_bool(lib->settings, "charon.dos_protection", TRUE))
-	{
-		this->cookie_threshold = 0;
-		this->block_threshold = 0;
-	}
 
 	this->job = callback_job_create((callback_job_cb_t)receive_packets,
 									this, NULL, NULL);
diff --git a/src/charon/network/receiver.h b/src/libcharon/network/receiver.h
index 690d8dbab..690d8dbab 100644
--- a/src/charon/network/receiver.h
+++ b/src/libcharon/network/receiver.h
diff --git a/src/charon/network/sender.c b/src/libcharon/network/sender.c
index 3be5861dd..c18f1138e 100644
--- a/src/charon/network/sender.c
+++ b/src/libcharon/network/sender.c
@@ -14,6 +14,7 @@
  * for more details.
  */
 
+#include <unistd.h>
 #include <stdlib.h>
 
 #include "sender.h"
@@ -61,12 +62,15 @@ struct private_sender_t {
 	 * condvar to signal for packets sent
 	 */
 	condvar_t *sent;
+
+	/**
+	 * Delay for sending outgoing packets, to simulate larger RTT
+	 */
+	int send_delay;
 };
 
-/**
- * implements sender_t.send
- */
-static void send_(private_sender_t *this, packet_t *packet)
+METHOD(sender_t, send_, void,
+	private_sender_t *this, packet_t *packet)
 {
 	host_t *src, *dst;
 
@@ -74,6 +78,11 @@ static void send_(private_sender_t *this, packet_t *packet)
 	dst = packet->get_destination(packet);
 	DBG1(DBG_NET, "sending packet: from %#H to %#H", src, dst);
 
+	if (this->send_delay)
+	{
+		usleep(this->send_delay * 1000);
+	}
+
 	this->mutex->lock(this->mutex);
 	this->list->insert_last(this->list, packet);
 	this->got->signal(this->got);
@@ -81,7 +90,7 @@ static void send_(private_sender_t *this, packet_t *packet)
 }
 
 /**
- * Implementation of private_sender_t.send_packets.
+ * Job callback function to send packets
  */
 static job_requeue_t send_packets(private_sender_t * this)
 {
@@ -109,10 +118,8 @@ static job_requeue_t send_packets(private_sender_t * this)
 	return JOB_REQUEUE_DIRECT;
 }
 
-/**
- * Implementation of sender_t.destroy.
- */
-static void destroy(private_sender_t *this)
+METHOD(sender_t, destroy, void,
+	private_sender_t *this)
 {
 	/* send all packets in the queue */
 	this->mutex->lock(this->mutex);
@@ -134,18 +141,23 @@ static void destroy(private_sender_t *this)
  */
 sender_t * sender_create()
 {
-	private_sender_t *this = malloc_thing(private_sender_t);
-
-	this->public.send = (void(*)(sender_t*,packet_t*))send_;
-	this->public.destroy = (void(*)(sender_t*)) destroy;
-
-	this->list = linked_list_create();
-	this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
-	this->got = condvar_create(CONDVAR_TYPE_DEFAULT);
-	this->sent = condvar_create(CONDVAR_TYPE_DEFAULT);
+	private_sender_t *this;
+
+	INIT(this,
+		.public = {
+			.send = _send_,
+			.destroy = _destroy,
+		},
+		.list = linked_list_create(),
+		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+		.got = condvar_create(CONDVAR_TYPE_DEFAULT),
+		.sent = condvar_create(CONDVAR_TYPE_DEFAULT),
+		.job = callback_job_create((callback_job_cb_t)send_packets,
+									this, NULL, NULL),
+		.send_delay = lib->settings->get_int(lib->settings,
+											 "charon.send_delay", 0),
+	);
 
-	this->job = callback_job_create((callback_job_cb_t)send_packets,
-									this, NULL, NULL);
 	charon->processor->queue_job(charon->processor, (job_t*)this->job);
 
 	return &this->public;
diff --git a/src/charon/network/sender.h b/src/libcharon/network/sender.h
index f77fadab2..f77fadab2 100644
--- a/src/charon/network/sender.h
+++ b/src/libcharon/network/sender.h
diff --git a/src/charon/network/socket.h b/src/libcharon/network/socket.h
index 83bb9d4c9..5c5a4edfb 100644
--- a/src/charon/network/socket.h
+++ b/src/libcharon/network/socket.h
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -27,29 +27,10 @@ typedef struct socket_t socket_t;
 
 #include <library.h>
 #include <network/packet.h>
-#include <utils/host.h>
 #include <utils/enumerator.h>
 
 /**
- * Maximum size of a packet.
- *
- * 3000 Bytes should be sufficient, see IKEv2 RFC. However, to run our
- * multi-CA test with 2 intermediate CAs, we increase that to 5000 bytes.
- */
-#define MAX_PACKET 5000
-
-/**
- * Abstraction of all sockets (IPv4/IPv6 send/receive).
- *
- * All available sockets are bound and the receive function
- * reads from them. There are actually two implementations:
- * The first uses raw sockets to allow binding of other daemons (pluto) to
- * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2
- * traffic and handles just IKEv2 messages. An other daemon (pluto) must
- * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon
- * handles that.
- * The other implementation uses normal sockets and is built if
- * --disable-pluto is given to the configure script.
+ * Socket interface definition.
  */
 struct socket_t {
 
@@ -78,25 +59,6 @@ struct socket_t {
 	 * 						- FAILED when unable to send
 	 */
 	status_t (*send) (socket_t *this, packet_t *packet);
-
-	/**
-	 * Enumerate all underlying socket file descriptors.
-	 *
-	 * @return				enumerator over (int fd, int family, int port)
-	 */
-	enumerator_t *(*create_enumerator) (socket_t *this);
-
-	/**
-	 * Destroy socket.
-	 */
-	void (*destroy) (socket_t *this);
 };
 
-/**
- * Create a socket_t, which binds multiple sockets.
- *
- * @return  				socket_t object
- */
-socket_t *socket_create();
-
 #endif /** SOCKET_H_ @}*/
diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c
new file mode 100644
index 000000000..0dbce4b1b
--- /dev/null
+++ b/src/libcharon/network/socket_manager.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_manager.h"
+
+#include <daemon.h>
+#include <threading/thread.h>
+#include <threading/rwlock.h>
+#include <utils/linked_list.h>
+
+typedef struct private_socket_manager_t private_socket_manager_t;
+
+/**
+ * Private data of an socket_manager_t object.
+ */
+struct private_socket_manager_t {
+
+	/**
+	 * Public socket_manager_t interface.
+	 */
+	socket_manager_t public;
+
+	/**
+	 * List of registered socket
+	 */
+	linked_list_t *sockets;
+
+	/**
+	 * Lock for sockets list
+	 */
+	rwlock_t *lock;
+};
+
+METHOD(socket_manager_t, receiver, status_t,
+	private_socket_manager_t *this, packet_t **packet)
+{
+	socket_t *socket;
+	status_t status;
+
+	this->lock->read_lock(this->lock);
+	if (this->sockets->get_first(this->sockets, (void**)&socket) != SUCCESS)
+	{
+		DBG1(DBG_NET, "no socket implementation registered, receiving failed");
+		this->lock->unlock(this->lock);
+		return NOT_SUPPORTED;
+	}
+	/* receive is blocking and the thread can be cancelled */
+	thread_cleanup_push((thread_cleanup_t)this->lock->unlock, this->lock);
+	status = socket->receive(socket, packet);
+	thread_cleanup_pop(TRUE);
+	return status;
+}
+
+METHOD(socket_manager_t, sender, status_t,
+	private_socket_manager_t *this, packet_t *packet)
+{
+	socket_t *socket;
+	status_t status;
+
+	this->lock->read_lock(this->lock);
+	if (this->sockets->get_first(this->sockets, (void**)&socket) != SUCCESS)
+	{
+		DBG1(DBG_NET, "no socket implementation registered, sending failed");
+		this->lock->unlock(this->lock);
+		return NOT_SUPPORTED;
+	}
+	status = socket->send(socket, packet);
+	this->lock->unlock(this->lock);
+	return status;
+}
+
+METHOD(socket_manager_t, add_socket, void,
+	private_socket_manager_t *this, socket_t *socket)
+{
+	this->lock->write_lock(this->lock);
+	this->sockets->insert_last(this->sockets, socket);
+	this->lock->unlock(this->lock);
+}
+
+METHOD(socket_manager_t, remove_socket, void,
+	private_socket_manager_t *this, socket_t *socket)
+{
+	this->lock->write_lock(this->lock);
+	this->sockets->remove(this->sockets, socket, NULL);
+	this->lock->unlock(this->lock);
+}
+
+METHOD(socket_manager_t, destroy, void,
+	private_socket_manager_t *this)
+{
+	this->sockets->destroy(this->sockets);
+	this->lock->destroy(this->lock);
+	free(this);
+}
+
+/**
+ * See header
+ */
+socket_manager_t *socket_manager_create()
+{
+	private_socket_manager_t *this;
+
+	INIT(this,
+		.public = {
+			.send = _sender,
+			.receive = _receiver,
+			.add_socket = _add_socket,
+			.remove_socket = _remove_socket,
+			.destroy = _destroy,
+		},
+		.sockets = linked_list_create(),
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h
new file mode 100644
index 000000000..b33d5c71c
--- /dev/null
+++ b/src/libcharon/network/socket_manager.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_manager socket_manager
+ * @{ @ingroup network
+ */
+
+#ifndef SOCKET_MANAGER_H_
+#define SOCKET_MANAGER_H_
+
+#include <network/socket.h>
+
+typedef struct socket_manager_t socket_manager_t;
+
+/**
+ * Handle pluggable socket implementations and send/receive packets through it.
+ */
+struct socket_manager_t {
+
+	/**
+	 * Receive a packet using the registered socket.
+	 *
+	 * @param packet		allocated packet that has been received
+	 * @return
+	 *						- SUCCESS when packet successfully received
+	 *						- FAILED when unable to receive
+	 */
+	status_t (*receive) (socket_manager_t *this, packet_t **packet);
+
+	/**
+	 * Send a packet using the registered socket.
+	 *
+	 * @param packet		packet to send out
+	 * @return
+	 *						- SUCCESS when packet successfully sent
+	 *						- FAILED when unable to send
+	 */
+	status_t (*send) (socket_manager_t *this, packet_t *packet);
+
+	/**
+	 * Register a socket implementation.
+	 */
+	void (*add_socket)(socket_manager_t *this, socket_t *socket);
+
+	/**
+	 * Unregister a registered socket implementation.
+	 */
+	void (*remove_socket)(socket_manager_t *this, socket_t *socket);
+
+	/**
+	 * Destroy a socket_manager_t.
+	 */
+	void (*destroy)(socket_manager_t *this);
+};
+
+/**
+ * Create a socket_manager instance.
+ */
+socket_manager_t *socket_manager_create();
+
+#endif /** SOCKET_MANAGER_H_ @}*/
diff --git a/src/libcharon/plugins/android/Makefile.am b/src/libcharon/plugins/android/Makefile.am
new file mode 100644
index 000000000..e8423589c
--- /dev/null
+++ b/src/libcharon/plugins/android/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-android.la
+else
+plugin_LTLIBRARIES = libstrongswan-android.la
+endif
+
+libstrongswan_android_la_SOURCES = \
+	android_plugin.c android_plugin.h \
+	android_handler.c android_handler.h
+
+libstrongswan_android_la_LDFLAGS = -module -avoid-version
+libstrongswan_android_la_LIBADD  = -lcutils
diff --git a/src/libcharon/plugins/android/Makefile.in b/src/libcharon/plugins/android/Makefile.in
new file mode 100644
index 000000000..9f12a9c75
--- /dev/null
+++ b/src/libcharon/plugins/android/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/android
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_android_la_DEPENDENCIES =
+am_libstrongswan_android_la_OBJECTS = android_plugin.lo \
+	android_handler.lo
+libstrongswan_android_la_OBJECTS =  \
+	$(am_libstrongswan_android_la_OBJECTS)
+libstrongswan_android_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(libstrongswan_android_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_android_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_android_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_android_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_android_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-android.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-android.la
+libstrongswan_android_la_SOURCES = \
+	android_plugin.c android_plugin.h \
+	android_handler.c android_handler.h
+
+libstrongswan_android_la_LDFLAGS = -module -avoid-version
+libstrongswan_android_la_LIBADD = -lcutils
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+	}
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libstrongswan-android.la: $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_DEPENDENCIES) 
+	$(libstrongswan_android_la_LINK) $(am_libstrongswan_android_la_rpath) $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_handler.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/android/android_handler.c b/src/libcharon/plugins/android/android_handler.c
new file mode 100644
index 000000000..a475eeaab
--- /dev/null
+++ b/src/libcharon/plugins/android/android_handler.c
@@ -0,0 +1,225 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "android_handler.h"
+
+#include <utils/linked_list.h>
+
+#include <cutils/properties.h>
+
+typedef struct private_android_handler_t private_android_handler_t;
+
+/**
+ * Private data of an android_handler_t object.
+ */
+struct private_android_handler_t {
+
+	/**
+	 * Public android_handler_t interface.
+	 */
+	android_handler_t public;
+
+	/**
+	 * List of registered DNS servers
+	 */
+	linked_list_t *dns;
+};
+
+/**
+ * Struct to store a pair of old and installed DNS servers
+ */
+typedef struct {
+	/** installed dns server */
+	host_t *dns;
+	/** old dns server */
+	host_t *old;
+} dns_pair_t;
+
+/**
+ * Destroy a pair of old and installed DNS servers
+ */
+void destroy_dns_pair(dns_pair_t *this)
+{
+	DESTROY_IF(this->dns);
+	DESTROY_IF(this->old);
+	free(this);
+}
+
+/**
+ * Filter pairs of DNS servers
+ */
+bool filter_dns_pair(void *data, dns_pair_t **in, host_t **out)
+{
+	*out = (*in)->dns;
+	return TRUE;
+}
+
+/**
+ * Read DNS server property with a given index
+ */
+host_t *get_dns_server(int index)
+{
+	host_t *dns = NULL;
+	char key[10], value[PROPERTY_VALUE_MAX];
+
+	if (snprintf(key, sizeof(key), "net.dns%d", index) >= sizeof(key))
+	{
+		return NULL;
+	}
+
+	if (property_get(key, value, NULL) > 0)
+	{
+		dns = host_create_from_string(value, 0);
+	}
+	return dns;
+}
+
+/**
+ * Set DNS server property with a given index
+ */
+bool set_dns_server(int index, host_t *dns)
+{
+	char key[10], value[PROPERTY_VALUE_MAX];
+
+	if (snprintf(key, sizeof(key), "net.dns%d", index) >= sizeof(key))
+	{
+		return FALSE;
+	}
+
+	if (dns)
+	{
+		if (snprintf(value, sizeof(value), "%H", dns) >= sizeof(value))
+		{
+			return FALSE;
+		}
+	}
+	else
+	{
+		value[0] = '\0';
+	}
+
+	if (property_set(key, value) != 0)
+	{
+		return FALSE;
+	}
+	return TRUE;
+}
+
+METHOD(attribute_handler_t, handle, bool,
+	private_android_handler_t *this, identification_t *id,
+	configuration_attribute_type_t type, chunk_t data)
+{
+	switch (type)
+	{
+		case INTERNAL_IP4_DNS:
+		{
+			host_t *dns;
+			dns_pair_t *pair;
+			int index;
+
+			dns = host_create_from_chunk(AF_INET, data, 0);
+			if (dns)
+			{
+				pair = malloc_thing(dns_pair_t);
+				pair->dns = dns;
+				index = this->dns->get_count(this->dns) + 1;
+				pair->old = get_dns_server(index);
+				set_dns_server(index, dns);
+				this->dns->insert_last(this->dns, pair);
+				return TRUE;
+			}
+			return FALSE;
+		}
+		default:
+			return FALSE;
+	}
+}
+
+METHOD(attribute_handler_t, release, void,
+	private_android_handler_t *this, identification_t *server,
+	configuration_attribute_type_t type, chunk_t data)
+{
+	if (type == INTERNAL_IP4_DNS)
+	{
+		enumerator_t *enumerator;
+		dns_pair_t *pair;
+		int index;
+
+		enumerator = this->dns->create_enumerator(this->dns);
+		for (index = 1; enumerator->enumerate(enumerator, &pair); index++)
+		{
+			if (chunk_equals(pair->dns->get_address(pair->dns), data))
+			{
+				this->dns->remove_at(this->dns, enumerator);
+				set_dns_server(index, pair->old);
+				destroy_dns_pair(pair);
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+}
+
+METHOD(enumerator_t, enumerate_dns, bool,
+	enumerator_t *this, configuration_attribute_type_t *type, chunk_t *data)
+{
+	*type = INTERNAL_IP4_DNS;
+	*data = chunk_empty;
+	/* stop enumeration */
+	this->enumerate = (void*)return_false;
+	return TRUE;
+}
+
+METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *,
+	android_handler_t *this, identification_t *id, host_t *vip)
+{
+	enumerator_t *enumerator;
+
+	INIT(enumerator,
+		.enumerate = (void*)_enumerate_dns,
+		.destroy = (void*)free,
+	);
+	return enumerator;
+}
+
+METHOD(android_handler_t, destroy, void,
+	private_android_handler_t *this)
+{
+	this->dns->destroy_function(this->dns, (void*)destroy_dns_pair);
+	free(this);
+}
+
+/**
+ * See header
+ */
+android_handler_t *android_handler_create()
+{
+	private_android_handler_t *this;
+
+	INIT(this,
+		.public = {
+			.handler = {
+				.handle = _handle,
+				.release = _release,
+				.create_attribute_enumerator = _create_attribute_enumerator,
+			},
+			.destroy = _destroy,
+		},
+		.dns = linked_list_create(),
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/android/android_handler.h b/src/libcharon/plugins/android/android_handler.h
new file mode 100644
index 000000000..af620505b
--- /dev/null
+++ b/src/libcharon/plugins/android/android_handler.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup android_handler android_handler
+ * @{ @ingroup android
+ */
+
+#ifndef ANDROID_HANDLER_H_
+#define ANDROID_HANDLER_H_
+
+#include <attributes/attribute_handler.h>
+
+typedef struct android_handler_t android_handler_t;
+
+/**
+ * Android specific DNS attribute handler.
+ */
+struct android_handler_t {
+
+	/**
+	 * Implements attribute_handler_t.
+	 */
+	attribute_handler_t handler;
+
+	/**
+	 * Destroy a android_handler_t.
+	 */
+	void (*destroy)(android_handler_t *this);
+};
+
+/**
+ * Create a android_handler instance.
+ */
+android_handler_t *android_handler_create();
+
+#endif /** ANDROID_HANDLER_H_ @}*/
diff --git a/src/libcharon/plugins/android/android_plugin.c b/src/libcharon/plugins/android/android_plugin.c
new file mode 100644
index 000000000..9a558f53b
--- /dev/null
+++ b/src/libcharon/plugins/android/android_plugin.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "android_plugin.h"
+#include "android_handler.h"
+
+#include <hydra.h>
+#include <daemon.h>
+
+typedef struct private_android_plugin_t private_android_plugin_t;
+
+/**
+ * Private data of an android_plugin_t object.
+ */
+struct private_android_plugin_t {
+
+	/**
+	 * Public android_plugin_t interface.
+	 */
+	android_plugin_t public;
+
+	/**
+	 * Android specific DNS handler
+	 */
+	android_handler_t *handler;
+};
+
+METHOD(plugin_t, destroy, void,
+	private_android_plugin_t *this)
+{
+	hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
+	this->handler->destroy(this->handler);
+	free(this);
+}
+
+/**
+ * See header
+ */
+plugin_t *android_plugin_create()
+{
+	private_android_plugin_t *this;
+
+	INIT(this,
+		.public.plugin = {
+			.destroy = _destroy,
+		},
+		.handler = android_handler_create(),
+	);
+
+	hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/android/android_plugin.h b/src/libcharon/plugins/android/android_plugin.h
new file mode 100644
index 000000000..987f2aa37
--- /dev/null
+++ b/src/libcharon/plugins/android/android_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup android android
+ * @ingroup cplugins
+ *
+ * @defgroup android_plugin android_plugin
+ * @{ @ingroup android
+ */
+
+#ifndef ANDROID_PLUGIN_H_
+#define ANDROID_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct android_plugin_t android_plugin_t;
+
+/**
+ * Plugin providing functionality specific to the Android platform.
+ */
+struct android_plugin_t {
+
+	/**
+	 * Implements plugin interface.
+	 */
+	plugin_t plugin;
+};
+
+#endif /** ANDROID_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/Makefile.am b/src/libcharon/plugins/dhcp/Makefile.am
new file mode 100644
index 000000000..45d7536be
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-dhcp.la
+else
+plugin_LTLIBRARIES = libstrongswan-dhcp.la
+endif
+
+libstrongswan_dhcp_la_SOURCES = dhcp_plugin.h dhcp_plugin.c \
+	dhcp_provider.h dhcp_provider.c \
+	dhcp_socket.h dhcp_socket.c \
+	dhcp_transaction.h dhcp_transaction.c
+
+libstrongswan_dhcp_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
new file mode 100644
index 000000000..7606b963c
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/dhcp
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_dhcp_la_LIBADD =
+am_libstrongswan_dhcp_la_OBJECTS = dhcp_plugin.lo dhcp_provider.lo \
+	dhcp_socket.lo dhcp_transaction.lo
+libstrongswan_dhcp_la_OBJECTS = $(am_libstrongswan_dhcp_la_OBJECTS)
+libstrongswan_dhcp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(libstrongswan_dhcp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_dhcp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_dhcp_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_dhcp_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_dhcp_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-dhcp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-dhcp.la
+libstrongswan_dhcp_la_SOURCES = dhcp_plugin.h dhcp_plugin.c \
+	dhcp_provider.h dhcp_provider.c \
+	dhcp_socket.h dhcp_socket.c \
+	dhcp_transaction.h dhcp_transaction.c
+
+libstrongswan_dhcp_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+	}
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libstrongswan-dhcp.la: $(libstrongswan_dhcp_la_OBJECTS) $(libstrongswan_dhcp_la_DEPENDENCIES) 
+	$(libstrongswan_dhcp_la_LINK) $(am_libstrongswan_dhcp_la_rpath) $(libstrongswan_dhcp_la_OBJECTS) $(libstrongswan_dhcp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_provider.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_socket.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_transaction.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.c b/src/libcharon/plugins/dhcp/dhcp_plugin.c
new file mode 100644
index 000000000..829fd6356
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_plugin.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_plugin.h"
+
+#include <hydra.h>
+#include <daemon.h>
+
+#include "dhcp_socket.h"
+#include "dhcp_provider.h"
+
+typedef struct private_dhcp_plugin_t private_dhcp_plugin_t;
+
+/**
+ * private data of dhcp plugin
+ */
+struct private_dhcp_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	dhcp_plugin_t public;
+
+	/**
+	 * DHCP communication socket
+	 */
+	dhcp_socket_t *socket;
+
+	/**
+	 * Attribute provider
+	 */
+	dhcp_provider_t *provider;
+};
+
+METHOD(plugin_t, destroy, void,
+	private_dhcp_plugin_t *this)
+{
+	hydra->attributes->remove_provider(hydra->attributes,
+									   &this->provider->provider);
+	this->provider->destroy(this->provider);
+	this->socket->destroy(this->socket);
+	free(this);
+}
+
+/**
+ * Plugin constructor.
+ */
+plugin_t *dhcp_plugin_create()
+{
+	private_dhcp_plugin_t *this;
+
+	INIT(this,
+		.public.plugin.destroy = _destroy,
+		.socket = dhcp_socket_create(),
+	);
+
+	if (!this->socket)
+	{
+		free(this);
+		return NULL;
+	}
+
+	this->provider = dhcp_provider_create(this->socket);
+	hydra->attributes->add_provider(hydra->attributes,
+									&this->provider->provider);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.h b/src/libcharon/plugins/dhcp/dhcp_plugin.h
new file mode 100644
index 000000000..b21b44d28
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp dhcp
+ * @ingroup cplugins
+ *
+ * @defgroup dhcp_plugin dhcp_plugin
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_PLUGIN_H_
+#define DHCP_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct dhcp_plugin_t dhcp_plugin_t;
+
+/**
+ * DHCP based attribute provider plugin.
+ */
+struct dhcp_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** DHCP_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.c b/src/libcharon/plugins/dhcp/dhcp_provider.c
new file mode 100644
index 000000000..dbcceb6ce
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_provider.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_provider.h"
+
+#include <utils/hashtable.h>
+#include <threading/mutex.h>
+
+typedef struct private_dhcp_provider_t private_dhcp_provider_t;
+
+/**
+ * Private data of an dhcp_provider_t object.
+ */
+struct private_dhcp_provider_t {
+
+	/**
+	 * Public dhcp_provider_t interface.
+	 */
+	dhcp_provider_t public;
+
+	/**
+	 * Completed DHCP transactions
+	 */
+	hashtable_t *transactions;
+
+	/**
+	 * Lock for transactions
+	 */
+	mutex_t *mutex;
+
+	/**
+	 * DHCP communication socket
+	 */
+	dhcp_socket_t *socket;
+};
+
+/**
+ * Hashtable hash function
+ */
+static u_int hash(void *key)
+{
+	return (uintptr_t)key;
+}
+
+/**
+ * Hashtable equals function
+ */
+static bool equals(void *a, void *b)
+{
+	return a == b;
+}
+
+/**
+ * Hash ID and host to a key
+ */
+static uintptr_t hash_id_host(identification_t *id, host_t *host)
+{
+	return chunk_hash_inc(id->get_encoding(id),
+						  chunk_hash(host->get_address(host)));
+}
+
+/**
+ * Hash a DHCP transaction to a key, using address and id
+ */
+static uintptr_t hash_transaction(dhcp_transaction_t *transaction)
+{
+	return hash_id_host(transaction->get_identity(transaction),
+						transaction->get_address(transaction));
+}
+
+METHOD(attribute_provider_t, acquire_address, host_t*,
+	private_dhcp_provider_t *this, char *pool,
+	identification_t *id, host_t *requested)
+{
+	if (streq(pool, "dhcp"))
+	{
+		dhcp_transaction_t *transaction, *old;
+		host_t *vip;
+
+		transaction = this->socket->enroll(this->socket, id);
+		if (!transaction)
+		{
+			return NULL;
+		}
+		vip = transaction->get_address(transaction);
+		vip = vip->clone(vip);
+		this->mutex->lock(this->mutex);
+		old = this->transactions->put(this->transactions,
+							(void*)hash_transaction(transaction), transaction);
+		this->mutex->unlock(this->mutex);
+		DESTROY_IF(old);
+		return vip;
+	}
+	return NULL;
+}
+
+METHOD(attribute_provider_t, release_address, bool,
+	private_dhcp_provider_t *this, char *pool,
+	host_t *address, identification_t *id)
+{
+	if (streq(pool, "dhcp"))
+	{
+		dhcp_transaction_t *transaction;
+
+		this->mutex->lock(this->mutex);
+		transaction = this->transactions->remove(this->transactions,
+										(void*)hash_id_host(id, address));
+		this->mutex->unlock(this->mutex);
+		if (transaction)
+		{
+			this->socket->release(this->socket, transaction);
+			transaction->destroy(transaction);
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
+	private_dhcp_provider_t *this, identification_t *id, host_t *vip)
+{
+	dhcp_transaction_t *transaction;
+
+	if (!vip)
+	{
+		return NULL;
+	}
+	this->mutex->lock(this->mutex);
+	transaction = this->transactions->get(this->transactions,
+										  (void*)hash_id_host(id, vip));
+	if (!transaction)
+	{
+		this->mutex->unlock(this->mutex);
+		return NULL;
+	}
+	return enumerator_create_cleaner(
+						transaction->create_attribute_enumerator(transaction),
+						(void*)this->mutex->unlock, this->mutex);
+}
+
+METHOD(dhcp_provider_t, destroy, void,
+	private_dhcp_provider_t *this)
+{
+	enumerator_t *enumerator;
+	dhcp_transaction_t *value;
+	void *key;
+
+	enumerator = this->transactions->create_enumerator(this->transactions);
+	while (enumerator->enumerate(enumerator, &key, &value))
+	{
+		value->destroy(value);
+	}
+	enumerator->destroy(enumerator);
+	this->transactions->destroy(this->transactions);
+	this->mutex->destroy(this->mutex);
+	free(this);
+}
+
+/**
+ * See header
+ */
+dhcp_provider_t *dhcp_provider_create(dhcp_socket_t *socket)
+{
+	private_dhcp_provider_t *this;
+
+	INIT(this,
+		.public = {
+			.provider = {
+				.acquire_address = _acquire_address,
+				.release_address = _release_address,
+				.create_attribute_enumerator = _create_attribute_enumerator,
+			},
+			.destroy = _destroy,
+		},
+		.socket = socket,
+		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+		.transactions = hashtable_create(hash, equals, 8),
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.h b/src/libcharon/plugins/dhcp/dhcp_provider.h
new file mode 100644
index 000000000..e720e876c
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_provider.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp_provider dhcp_provider
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_PROVIDER_H_
+#define DHCP_PROVIDER_H_
+
+typedef struct dhcp_provider_t dhcp_provider_t;
+
+#include "dhcp_socket.h"
+
+#include <attributes/attribute_provider.h>
+
+/**
+ * DHCP based attribute provider.
+ */
+struct dhcp_provider_t {
+
+	/**
+	 * Implements attribute_provier_t interface.
+	 */
+	attribute_provider_t provider;
+
+	/**
+	 * Destroy a dhcp_provider_t.
+	 */
+	void (*destroy)(dhcp_provider_t *this);
+};
+
+/**
+ * Create a dhcp_provider instance.
+ *
+ * @param socket		socket to use for DHCP communication
+ * @return				provider instance
+ */
+dhcp_provider_t *dhcp_provider_create(dhcp_socket_t *socket);
+
+#endif /** DHCP_PROVIDER_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
new file mode 100644
index 000000000..f61b3a60e
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -0,0 +1,758 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_socket.h"
+
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <linux/if_arp.h>
+#include <linux/if_ether.h>
+#include <linux/filter.h>
+
+#include <utils/linked_list.h>
+#include <utils/identification.h>
+#include <threading/mutex.h>
+#include <threading/condvar.h>
+#include <threading/thread.h>
+
+#include <daemon.h>
+#include <processing/jobs/callback_job.h>
+
+#define DHCP_SERVER_PORT 67
+#define DHCP_CLIENT_PORT 68
+#define DHCP_TRIES 5
+
+typedef struct private_dhcp_socket_t private_dhcp_socket_t;
+
+/**
+ * Private data of an dhcp_socket_t object.
+ */
+struct private_dhcp_socket_t {
+
+	/**
+	 * Public dhcp_socket_t interface.
+	 */
+	dhcp_socket_t public;
+
+	/**
+	 * Random number generator
+	 */
+	rng_t *rng;
+
+	/**
+	 * List of transactions in DISCOVER
+	 */
+	linked_list_t *discover;
+
+	/**
+	 * List of transactions in REQUEST
+	 */
+	linked_list_t *request;
+
+	/**
+	 * List of successfully completed transactions
+	 */
+	linked_list_t *completed;
+
+	/**
+	 * Lock for transactions
+	 */
+	mutex_t *mutex;
+
+	/**
+	 * Condvar to wait for transaction completion
+	 */
+	condvar_t *condvar;
+
+	/**
+	 * Threads waiting in condvar
+	 */
+	int waiting;
+
+	/**
+	 * DHCP send socket
+	 */
+	int send;
+
+	/**
+	 * DHCP receive socket
+	 */
+	int receive;
+
+	/**
+	 * Do we use per-identity or random leases (and MAC addresses)
+	 */
+	bool identity_lease;
+
+	/**
+	 * DHCP server address, or broadcast
+	 */
+	host_t *dst;
+
+	/**
+	 * Callback job receiving DHCP responses
+	 */
+	callback_job_t *job;
+};
+
+/**
+ * DHCP opcode (or BOOTP actually)
+ */
+typedef enum {
+	BOOTREQUEST = 1,
+	BOOTREPLY = 2,
+} dhcp_opcode_t;
+
+/**
+ * Some DHCP options used
+ */
+typedef enum {
+	DHCP_DNS_SERVER = 6,
+	DHCP_HOST_NAME = 12,
+	DHCP_NBNS_SERVER = 44,
+	DHCP_REQUESTED_IP = 50,
+	DHCP_MESSAGE_TYPE = 53,
+	DHCP_SERVER_ID = 54,
+	DHCP_PARAM_REQ_LIST = 55,
+	DHCP_CLIENT_ID = 61,
+	DHCP_OPTEND = 255,
+} dhcp_option_type_t;
+
+/**
+ * DHCP messages types in the DHCP_MESSAGE_TYPE option
+ */
+typedef enum {
+	DHCP_DISCOVER = 1,
+	DHCP_OFFER = 2,
+	DHCP_REQUEST = 3,
+	DHCP_DECLINE = 4,
+	DHCP_ACK = 5,
+	DHCP_NAK = 6,
+	DHCP_RELEASE = 7,
+	DHCP_INFORM = 8,
+} dhcp_message_type_t;
+/**
+ * DHCP option encoding, a TLV
+ */
+typedef struct __attribute__((packed)) {
+	u_int8_t type;
+	u_int8_t len;
+	char data[];
+} dhcp_option_t;
+
+/**
+ * DHCP message format, with a maximum size options buffer
+ */
+typedef struct __attribute__((packed)) {
+	u_int8_t opcode;
+	u_int8_t hw_type;
+	u_int8_t hw_addr_len;
+	u_int8_t hop_count;
+	u_int32_t transaction_id;
+	u_int16_t number_of_seconds;
+	u_int16_t flags;
+	u_int32_t client_address;
+	u_int32_t your_address;
+	u_int32_t server_address;
+	u_int32_t gateway_address;
+	char client_hw_addr[6];
+	char client_hw_padding[10];
+	char server_hostname[64];
+	char boot_filename[128];
+	u_int32_t magic_cookie;
+	char options[252];
+} dhcp_t;
+
+/**
+ * Prepare a DHCP message for a given transaction
+ */
+static int prepare_dhcp(private_dhcp_socket_t *this,
+						dhcp_transaction_t *transaction,
+						dhcp_message_type_t type, dhcp_t *dhcp)
+{
+	chunk_t chunk, broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF);
+	identification_t *identity;
+	dhcp_option_t *option;
+	int optlen = 0;
+	host_t *src;
+	u_int32_t id;
+
+	memset(dhcp, 0, sizeof(*dhcp));
+	dhcp->opcode = BOOTREQUEST;
+	dhcp->hw_type = ARPHRD_ETHER;
+	dhcp->hw_addr_len = 6;
+	dhcp->transaction_id = transaction->get_id(transaction);
+	if (chunk_equals(broadcast, this->dst->get_address(this->dst)))
+	{
+		/* TODO: send with 0.0.0.0 source address */
+	}
+	else
+	{
+		/* act as relay agent */
+		src = charon->kernel_interface->get_source_addr(
+									charon->kernel_interface, this->dst, NULL);
+		if (src)
+		{
+			memcpy(&dhcp->gateway_address, src->get_address(src).ptr,
+				   sizeof(dhcp->gateway_address));
+			src->destroy(src);
+		}
+	}
+
+	identity = transaction->get_identity(transaction);
+	chunk = identity->get_encoding(identity);
+	/* magic bytes, a locally administered unicast MAC */
+	dhcp->client_hw_addr[0] = 0x7A;
+	dhcp->client_hw_addr[1] = 0xA7;
+	/* with ID specific postfix */
+	if (this->identity_lease)
+	{
+		id = htonl(chunk_hash(chunk));
+	}
+	else
+	{
+		id = transaction->get_id(transaction);
+	}
+	memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id));
+
+	dhcp->magic_cookie = htonl(0x63825363);
+
+	option = (dhcp_option_t*)&dhcp->options[optlen];
+	option->type = DHCP_MESSAGE_TYPE;
+	option->len = 1;
+	option->data[0] = type;
+	optlen += sizeof(dhcp_option_t) + option->len;
+
+	if (identity->get_type(identity) == ID_FQDN)
+	{
+		option = (dhcp_option_t*)&dhcp->options[optlen];
+		option->type = DHCP_HOST_NAME;
+		option->len = min(chunk.len, 64);
+		memcpy(option->data, chunk.ptr, option->len);
+		optlen += sizeof(dhcp_option_t) + option->len;
+	}
+
+	option = (dhcp_option_t*)&dhcp->options[optlen];
+	option->type = DHCP_CLIENT_ID;
+	option->len = min(chunk.len, 64);
+	memcpy(option->data, chunk.ptr, option->len);
+	optlen += sizeof(dhcp_option_t) + option->len;
+
+	return optlen;
+}
+
+/**
+ * Send a DHCP message with given options length
+ */
+static bool send_dhcp(private_dhcp_socket_t *this,
+					  dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen)
+{
+	host_t *dst;
+	ssize_t len;
+
+	dst = transaction->get_server(transaction);
+	if (!dst)
+	{
+		dst = this->dst;
+	}
+	len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64);
+	return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst),
+				  *dst->get_sockaddr_len(dst)) == len;
+}
+
+/**
+ * Send DHCP discover using a given transaction
+ */
+static bool discover(private_dhcp_socket_t *this,
+					 dhcp_transaction_t *transaction)
+{
+	dhcp_option_t *option;
+	dhcp_t dhcp;
+	int optlen;
+
+	optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp);
+
+	DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst);
+
+	option = (dhcp_option_t*)&dhcp.options[optlen];
+	option->type = DHCP_PARAM_REQ_LIST;
+	option->len = 2;
+	option->data[0] = DHCP_DNS_SERVER;
+	option->data[1] = DHCP_NBNS_SERVER;
+	optlen += sizeof(dhcp_option_t) + option->len;
+
+	dhcp.options[optlen++] = DHCP_OPTEND;
+
+	if (!send_dhcp(this, transaction, &dhcp, optlen))
+	{
+		DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno));
+		return FALSE;
+	}
+	return TRUE;
+}
+
+/**
+ * Send DHCP request using a given transaction
+ */
+static bool request(private_dhcp_socket_t *this,
+					dhcp_transaction_t *transaction)
+{
+	dhcp_option_t *option;
+	dhcp_t dhcp;
+	host_t *offer, *server;
+	chunk_t chunk;
+	int optlen;
+
+	optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp);
+
+	offer = transaction->get_address(transaction);
+	server = transaction->get_server(transaction);
+	if (!offer || !server)
+	{
+		return FALSE;
+	}
+	DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server);
+
+	option = (dhcp_option_t*)&dhcp.options[optlen];
+	option->type = DHCP_REQUESTED_IP;
+	option->len = 4;
+	chunk = offer->get_address(offer);
+	memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
+	optlen += sizeof(dhcp_option_t) + option->len;
+
+	option = (dhcp_option_t*)&dhcp.options[optlen];
+	option->type = DHCP_SERVER_ID;
+	option->len = 4;
+	chunk = server->get_address(server);
+	memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
+	optlen += sizeof(dhcp_option_t) + option->len;
+
+	option = (dhcp_option_t*)&dhcp.options[optlen];
+	option->type = DHCP_PARAM_REQ_LIST;
+	option->len = 2;
+	option->data[0] = DHCP_DNS_SERVER;
+	option->data[1] = DHCP_NBNS_SERVER;
+	optlen += sizeof(dhcp_option_t) + option->len;
+
+	dhcp.options[optlen++] = DHCP_OPTEND;
+
+	if (!send_dhcp(this, transaction, &dhcp, optlen))
+	{
+		DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno));
+		return FALSE;
+	}
+	return TRUE;
+}
+
+METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*,
+	private_dhcp_socket_t *this, identification_t *identity)
+{
+	dhcp_transaction_t *transaction;
+	u_int32_t id;
+	int try;
+
+	this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id);
+	transaction = dhcp_transaction_create(id, identity);
+
+	this->mutex->lock(this->mutex);
+	this->discover->insert_last(this->discover, transaction);
+	try = 1;
+	while (try <= DHCP_TRIES && discover(this, transaction))
+	{
+		if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
+			this->request->find_first(this->request, NULL,
+									  (void**)&transaction) == SUCCESS)
+		{
+			break;
+		}
+		try++;
+	}
+	if (this->discover->remove(this->discover, transaction, NULL))
+	{	/* no OFFER received */
+		this->mutex->unlock(this->mutex);
+		transaction->destroy(transaction);
+		DBG1(DBG_CFG, "DHCP DISCOVER timed out");
+		return NULL;
+	}
+
+	try = 1;
+	while (try <= DHCP_TRIES && request(this, transaction))
+	{
+		if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) &&
+			this->completed->remove(this->completed, transaction, NULL))
+		{
+			break;
+		}
+		try++;
+	}
+	if (this->request->remove(this->request, transaction, NULL))
+	{	/* no ACK received */
+		this->mutex->unlock(this->mutex);
+		transaction->destroy(transaction);
+		DBG1(DBG_CFG, "DHCP REQUEST timed out");
+		return NULL;
+	}
+	this->mutex->unlock(this->mutex);
+
+	return transaction;
+}
+
+METHOD(dhcp_socket_t, release, void,
+	private_dhcp_socket_t *this, dhcp_transaction_t *transaction)
+{
+	dhcp_option_t *option;
+	dhcp_t dhcp;
+	host_t *release, *server;
+	chunk_t chunk;
+	int optlen;
+
+	optlen = prepare_dhcp(this, transaction, DHCP_RELEASE, &dhcp);
+
+	release = transaction->get_address(transaction);
+	server = transaction->get_server(transaction);
+	if (!release || !server)
+	{
+		return;
+	}
+	DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server);
+
+	chunk = release->get_address(release);
+	memcpy(&dhcp.client_address, chunk.ptr,
+		   min(chunk.len, sizeof(dhcp.client_address)));
+
+	option = (dhcp_option_t*)&dhcp.options[optlen];
+	option->type = DHCP_SERVER_ID;
+	option->len = 4;
+	chunk = server->get_address(server);
+	memcpy(option->data, chunk.ptr, min(chunk.len, option->len));
+	optlen += sizeof(dhcp_option_t) + option->len;
+
+	dhcp.options[optlen++] = DHCP_OPTEND;
+
+	if (!send_dhcp(this, transaction, &dhcp, optlen))
+	{
+		DBG1(DBG_CFG, "sending DHCP RELEASE failed: %s", strerror(errno));
+	}
+}
+
+/**
+ * Handle a DHCP OFFER
+ */
+static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
+{
+	dhcp_transaction_t *transaction = NULL;
+	enumerator_t *enumerator;
+	host_t *offer, *server;
+
+	offer = host_create_from_chunk(AF_INET,
+					chunk_from_thing(dhcp->your_address), 0);
+	server = host_create_from_chunk(AF_INET,
+					chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT);
+
+	this->mutex->lock(this->mutex);
+	enumerator = this->discover->create_enumerator(this->discover);
+	while (enumerator->enumerate(enumerator, &transaction))
+	{
+		if (transaction->get_id(transaction) == dhcp->transaction_id)
+		{
+			DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server);
+			this->discover->remove_at(this->discover, enumerator);
+			this->request->insert_last(this->request, transaction);
+			transaction->set_address(transaction, offer->clone(offer));
+			transaction->set_server(transaction, server->clone(server));
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (transaction)
+	{
+		int optsize, optpos = 0, pos;
+		dhcp_option_t *option;
+
+		while (optlen > sizeof(dhcp_option_t))
+		{
+			option = (dhcp_option_t*)&dhcp->options[optpos];
+			optsize = sizeof(dhcp_option_t) + option->len;
+			if (option->type == DHCP_OPTEND || optlen < optsize)
+			{
+				break;
+			}
+			if (option->type == DHCP_DNS_SERVER ||
+				option->type == DHCP_NBNS_SERVER)
+			{
+				for (pos = 0; pos + 4 <= option->len; pos += 4)
+				{
+					transaction->add_attribute(transaction, option->type ==
+						DHCP_DNS_SERVER ? INTERNAL_IP4_DNS : INTERNAL_IP4_NBNS,
+						chunk_create((char*)&option->data[pos], 4));
+				}
+			}
+			optlen -= optsize;
+			optpos += optsize;
+		}
+	}
+	this->mutex->unlock(this->mutex);
+	this->condvar->broadcast(this->condvar);
+	offer->destroy(offer);
+	server->destroy(server);
+}
+
+/**
+ * Handle a DHCP ACK
+ */
+static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen)
+{
+	dhcp_transaction_t *transaction;
+	enumerator_t *enumerator;
+	host_t *offer;
+
+	offer = host_create_from_chunk(AF_INET,
+						chunk_from_thing(dhcp->your_address), 0);
+
+	this->mutex->lock(this->mutex);
+	enumerator = this->request->create_enumerator(this->request);
+	while (enumerator->enumerate(enumerator, &transaction))
+	{
+		if (transaction->get_id(transaction) == dhcp->transaction_id)
+		{
+			DBG1(DBG_CFG, "received DHCP ACK for %H", offer);
+			this->request->remove_at(this->request, enumerator);
+			this->completed->insert_last(this->completed, transaction);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->mutex->unlock(this->mutex);
+	this->condvar->broadcast(this->condvar);
+	offer->destroy(offer);
+}
+
+/**
+ * Receive DHCP responses
+ */
+static job_requeue_t receive_dhcp(private_dhcp_socket_t *this)
+{
+	struct sockaddr_ll addr;
+	socklen_t addr_len = sizeof(addr);
+	struct __attribute__((packed)) {
+		struct iphdr ip;
+		struct udphdr udp;
+		dhcp_t dhcp;
+	} packet;
+	int oldstate, optlen, origoptlen, optsize, optpos = 0;
+	ssize_t len;
+	dhcp_option_t *option;
+
+	oldstate = thread_cancelability(TRUE);
+	len = recvfrom(this->receive, &packet, sizeof(packet), 0,
+					(struct sockaddr*)&addr, &addr_len);
+	thread_cancelability(oldstate);
+
+	if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) +
+		offsetof(dhcp_t, options))
+	{
+		origoptlen = optlen = len - sizeof(struct iphdr) +
+					 sizeof(struct udphdr) + offsetof(dhcp_t, options);
+		while (optlen > sizeof(dhcp_option_t))
+		{
+			option = (dhcp_option_t*)&packet.dhcp.options[optpos];
+			optsize = sizeof(dhcp_option_t) + option->len;
+			if (option->type == DHCP_OPTEND || optlen < optsize)
+			{
+				break;
+			}
+			if (option->type == DHCP_MESSAGE_TYPE && option->len == 1)
+			{
+				switch (option->data[0])
+				{
+					case DHCP_OFFER:
+						handle_offer(this, &packet.dhcp, origoptlen);
+						break;
+					case DHCP_ACK:
+						handle_ack(this, &packet.dhcp, origoptlen);
+					default:
+						break;
+				}
+				break;
+			}
+			optlen -= optsize;
+			optpos += optsize;
+		}
+	}
+	return JOB_REQUEUE_DIRECT;
+}
+
+METHOD(dhcp_socket_t, destroy, void,
+	private_dhcp_socket_t *this)
+{
+	if (this->job)
+	{
+		this->job->cancel(this->job);
+	}
+	while (this->waiting)
+	{
+		this->condvar->signal(this->condvar);
+	}
+	if (this->send > 0)
+	{
+		close(this->send);
+	}
+	if (this->receive > 0)
+	{
+		close(this->receive);
+	}
+	this->mutex->destroy(this->mutex);
+	this->condvar->destroy(this->condvar);
+	this->discover->destroy_offset(this->discover,
+								offsetof(dhcp_transaction_t, destroy));
+	this->request->destroy_offset(this->request,
+								offsetof(dhcp_transaction_t, destroy));
+	this->completed->destroy_offset(this->completed,
+								offsetof(dhcp_transaction_t, destroy));
+	DESTROY_IF(this->rng);
+	DESTROY_IF(this->dst);
+	free(this);
+}
+
+/**
+ * See header
+ */
+dhcp_socket_t *dhcp_socket_create()
+{
+	private_dhcp_socket_t *this;
+	struct sockaddr_in src;
+	int on = 1;
+	struct sock_filter dhcp_filter_code[] = {
+		BPF_STMT(BPF_LD+BPF_B+BPF_ABS,
+				 offsetof(struct iphdr, protocol)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 16),
+		BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
+				 offsetof(struct udphdr, source)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14),
+		BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) +
+				 offsetof(struct udphdr, dest)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 0, 2),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 1),
+		BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 10),
+		BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
+				 sizeof(struct udphdr) + offsetof(dhcp_t, opcode)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8),
+		BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
+				 sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6),
+		BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) +
+				 sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4),
+		BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) +
+				 sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2),
+		BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
+		BPF_STMT(BPF_RET+BPF_A, 0),
+		BPF_STMT(BPF_RET+BPF_K, 0),
+	};
+	struct sock_fprog dhcp_filter = {
+		sizeof(dhcp_filter_code) / sizeof(struct sock_filter),
+		dhcp_filter_code,
+	};
+
+	INIT(this,
+		.public = {
+			.enroll = _enroll,
+			.release = _release,
+			.destroy = _destroy,
+		},
+		.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
+		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+		.condvar = condvar_create(CONDVAR_TYPE_DEFAULT),
+		.discover = linked_list_create(),
+		.request = linked_list_create(),
+		.completed = linked_list_create(),
+	);
+
+	if (!this->rng)
+	{
+		DBG1(DBG_CFG, "unable to create RNG");
+		destroy(this);
+		return NULL;
+	}
+	this->identity_lease = lib->settings->get_bool(lib->settings,
+							"charon.plugins.dhcp.identity_lease", FALSE);
+	this->dst = host_create_from_string(lib->settings->get_str(lib->settings,
+							"charon.plugins.dhcp.server", "255.255.255.255"),
+							DHCP_SERVER_PORT);
+	if (!this->dst)
+	{
+		DBG1(DBG_CFG, "configured DHCP server address invalid");
+		destroy(this);
+		return NULL;
+	}
+
+	this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+	if (this->send == -1)
+	{
+		DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno));
+		destroy(this);
+		return NULL;
+	}
+	if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
+	{
+		DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno));
+		destroy(this);
+		return NULL;
+	}
+	if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1)
+	{
+		DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno));
+		destroy(this);
+		return NULL;
+	}
+	src.sin_family = AF_INET;
+	src.sin_port = htons(DHCP_CLIENT_PORT);
+	src.sin_addr.s_addr = INADDR_ANY;
+	if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
+	{
+		DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno));
+		destroy(this);
+		return NULL;
+	}
+
+	this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
+	if (this->receive == -1)
+	{
+		DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno));
+		destroy(this);
+		return NULL;
+	}
+	if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER,
+				   &dhcp_filter, sizeof(dhcp_filter)) < 0)
+	{
+		DBG1(DBG_CFG, "installing DHCP socket filter failed: %s",
+			 strerror(errno));
+		destroy(this);
+		return NULL;
+	}
+
+	this->job = callback_job_create((callback_job_cb_t)receive_dhcp,
+									this, NULL, NULL);
+	charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.h b/src/libcharon/plugins/dhcp/dhcp_socket.h
new file mode 100644
index 000000000..0a8398aba
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp_socket dhcp_socket
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_SOCKET_H_
+#define DHCP_SOCKET_H_
+
+typedef struct dhcp_socket_t dhcp_socket_t;
+
+#include "dhcp_transaction.h"
+
+/**
+ * DHCP socket implementation
+ */
+struct dhcp_socket_t {
+
+	/**
+	 * Enroll a client address using DHCP.
+	 *
+	 * @param identity		peer identity to enroll an address for
+	 * @return				completed DHCP transaction, NULL on failure
+	 */
+	dhcp_transaction_t* (*enroll)(dhcp_socket_t *this,
+								  identification_t *identity);
+
+	/**
+	 * Release an enrolled DHCP address.
+	 *
+	 * @param transaction	transaction returned by enroll
+	 */
+	void (*release)(dhcp_socket_t *this, dhcp_transaction_t *transaction);
+
+	/**
+	 * Destroy a dhcp_socket_t.
+	 */
+	void (*destroy)(dhcp_socket_t *this);
+};
+
+/**
+ * Create a dhcp_socket instance.
+ */
+dhcp_socket_t *dhcp_socket_create();
+
+#endif /** DHCP_SOCKET_H_ @}*/
diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.c b/src/libcharon/plugins/dhcp/dhcp_transaction.c
new file mode 100644
index 000000000..83f822dd8
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "dhcp_transaction.h"
+
+#include <utils/linked_list.h>
+
+typedef struct private_dhcp_transaction_t private_dhcp_transaction_t;
+
+/**
+ * Private data of an dhcp_transaction_t object.
+ */
+struct private_dhcp_transaction_t {
+
+	/**
+	 * Public dhcp_transaction_t interface.
+	 */
+	dhcp_transaction_t public;
+
+	/**
+	 * DHCP transaction ID
+	 */
+	u_int32_t id;
+
+	/**
+	 * Peer identity
+	 */
+	identification_t *identity;
+
+	/**
+	 * received DHCP address
+	 */
+	host_t *address;
+
+	/**
+	 * discovered DHCP server address
+	 */
+	host_t *server;
+
+	/**
+	 * List of added attributes, as attribute_entry_t
+	 */
+	linked_list_t *attributes;
+};
+
+/**
+ * Entry for an added attribute
+ */
+typedef struct {
+	configuration_attribute_type_t type;
+	chunk_t data;
+} attribute_entry_t;
+
+METHOD(dhcp_transaction_t, get_id, u_int32_t,
+	private_dhcp_transaction_t *this)
+{
+	return this->id;
+}
+
+METHOD(dhcp_transaction_t, get_identity, identification_t*,
+	private_dhcp_transaction_t *this)
+{
+	return this->identity;
+}
+
+METHOD(dhcp_transaction_t, set_address, void,
+	private_dhcp_transaction_t *this, host_t *address)
+{
+	DESTROY_IF(this->address);
+	this->address = address;
+}
+
+METHOD(dhcp_transaction_t, get_address, host_t*,
+	private_dhcp_transaction_t *this)
+{
+	return this->address;
+}
+
+METHOD(dhcp_transaction_t, set_server, void,
+	private_dhcp_transaction_t *this, host_t *server)
+{
+	DESTROY_IF(this->server);
+	this->server = server;
+}
+
+METHOD(dhcp_transaction_t, get_server, host_t*,
+	private_dhcp_transaction_t *this)
+{
+	return this->server;
+}
+
+METHOD(dhcp_transaction_t, add_attribute, void,
+	private_dhcp_transaction_t *this, configuration_attribute_type_t type,
+	chunk_t data)
+{
+	attribute_entry_t *entry;
+
+	INIT(entry,
+		.type = type,
+		.data = chunk_clone(data),
+	);
+	this->attributes->insert_last(this->attributes, entry);
+}
+
+/**
+ * Filter function to map entries to type/data
+ */
+static bool attribute_filter(void *null, attribute_entry_t **entry,
+							 configuration_attribute_type_t *type,
+							 void **dummy, chunk_t *data)
+{
+	*type = (*entry)->type;
+	*data = (*entry)->data;
+	return TRUE;
+}
+
+METHOD(dhcp_transaction_t, create_attribute_enumerator, enumerator_t*,
+	private_dhcp_transaction_t *this)
+{
+	return enumerator_create_filter(
+						this->attributes->create_enumerator(this->attributes),
+						(void*)attribute_filter, NULL, NULL);
+}
+
+/**
+ * Clean up an attribute entry
+ */
+static void attribute_entry_destroy(attribute_entry_t *entry)
+{
+	free(entry->data.ptr);
+	free(entry);
+}
+
+METHOD(dhcp_transaction_t, destroy, void,
+	private_dhcp_transaction_t *this)
+{
+	this->identity->destroy(this->identity);
+	DESTROY_IF(this->address);
+	DESTROY_IF(this->server);
+	this->attributes->destroy_function(this->attributes,
+									   (void*)attribute_entry_destroy);
+	free(this);
+}
+
+/**
+ * See header
+ */
+dhcp_transaction_t *dhcp_transaction_create(u_int32_t id,
+											identification_t *identity)
+{
+	private_dhcp_transaction_t *this;
+
+	INIT(this,
+		.public = {
+			.get_id = _get_id,
+			.get_identity = _get_identity,
+			.set_address = _set_address,
+			.get_address = _get_address,
+			.set_server = _set_server,
+			.get_server = _get_server,
+			.add_attribute = _add_attribute,
+			.create_attribute_enumerator = _create_attribute_enumerator,
+			.destroy = _destroy,
+		},
+		.id = id,
+		.identity = identity->clone(identity),
+		.attributes = linked_list_create(),
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h
new file mode 100644
index 000000000..19c163f88
--- /dev/null
+++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dhcp_transaction dhcp_transaction
+ * @{ @ingroup dhcp
+ */
+
+#ifndef DHCP_TRANSACTION_H_
+#define DHCP_TRANSACTION_H_
+
+#include <utils/host.h>
+#include <utils/identification.h>
+#include <attributes/attributes.h>
+
+typedef struct dhcp_transaction_t dhcp_transaction_t;
+
+/**
+ * DHCP transaction class.
+ */
+struct dhcp_transaction_t {
+
+	/**
+	 * Get the DCHP transaction ID.
+	 *
+	 * @return			DHCP transaction identifier
+	 */
+	u_int32_t (*get_id)(dhcp_transaction_t *this);
+
+	/**
+	 * Get the peer identity this transaction is used for.
+	 *
+	 * @return			peer Identity
+	 */
+	identification_t* (*get_identity)(dhcp_transaction_t *this);
+
+	/**
+	 * Set the DHCP address received using this transaction.
+	 *
+	 * @param host		received DHCP address
+	 */
+	void (*set_address)(dhcp_transaction_t *this, host_t *address);
+
+	/**
+	 * Get the DHCP address received using this transaction.
+	 *
+	 * @return			received DHCP address
+	 */
+	host_t* (*get_address)(dhcp_transaction_t *this);
+
+	/**
+	 * Set the DCHP server address discovered.
+	 *
+	 * @param server	DHCP server address
+	 */
+	void (*set_server)(dhcp_transaction_t *this, host_t *server);
+
+	/**
+	 * Get the DHCP server address.
+	 *
+	 * @return			DHCP server address
+	 */
+	host_t* (*get_server)(dhcp_transaction_t *this);
+
+	/**
+	 * An an additional attribute to serve to peer.
+	 *
+	 * @param type		type of attribute
+	 * @param data		attribute data
+	 */
+	void (*add_attribute)(dhcp_transaction_t *this,
+						  configuration_attribute_type_t type, chunk_t data);
+
+	/**
+	 * Create an enumerator over added attributes.
+	 *
+	 * @return			enumerator over (configuration_attribute_t, chunk_t)
+	 */
+	enumerator_t* (*create_attribute_enumerator)(dhcp_transaction_t *this);
+
+	/**
+	 * Destroy a dhcp_transaction_t.
+	 */
+	void (*destroy)(dhcp_transaction_t *this);
+};
+
+/**
+ * Create a dhcp_transaction instance.
+ *
+ * @param id		DHCP transaction identifier
+ * @param identity	peer identity this transaction is used for
+ * @return			transaction instance
+ */
+dhcp_transaction_t *dhcp_transaction_create(u_int32_t id,
+											identification_t *identity);
+
+#endif /** DHCP_TRANSACTION_H_ @}*/
diff --git a/src/libcharon/plugins/eap_aka/Makefile.am b/src/libcharon/plugins/eap_aka/Makefile.am
new file mode 100644
index 000000000..d37d1691c
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-aka.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-aka.la
+libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+endif
+
+libstrongswan_eap_aka_la_SOURCES = \
+	eap_aka_plugin.h eap_aka_plugin.c \
+	eap_aka_peer.h eap_aka_peer.c \
+	eap_aka_server.h eap_aka_server.c
+
+libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index d241e1ad0..1cea81a9b 100644
--- a/src/charon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_aka
+subdir = src/libcharon/plugins/eap_aka
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,9 +72,9 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
-libstrongswan_eap_aka_la_DEPENDENCIES =  \
-	$(top_builddir)/src/libsimaka/libsimaka.la
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+@MONOLITHIC_FALSE@libstrongswan_eap_aka_la_DEPENDENCIES =  \
+@MONOLITHIC_FALSE@	$(top_builddir)/src/libsimaka/libsimaka.la
 am_libstrongswan_eap_aka_la_OBJECTS = eap_aka_plugin.lo \
 	eap_aka_peer.lo eap_aka_server.lo
 libstrongswan_eap_aka_la_OBJECTS =  \
@@ -82,6 +82,9 @@ libstrongswan_eap_aka_la_OBJECTS =  \
 libstrongswan_eap_aka_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_aka_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,16 +258,18 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
-  -I$(top_srcdir)/src/libsimaka
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
 
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-aka.la
-libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \
-  eap_aka_peer.h eap_aka_peer.c \
-  eap_aka_server.h eap_aka_server.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka.la
+@MONOLITHIC_FALSE@libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+libstrongswan_eap_aka_la_SOURCES = \
+	eap_aka_plugin.h eap_aka_plugin.c \
+	eap_aka_peer.h eap_aka_peer.c \
+	eap_aka_server.h eap_aka_server.c
 
-libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
 libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -278,9 +284,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -299,6 +305,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +346,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-aka.la: $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_DEPENDENCIES) 
-	$(libstrongswan_eap_aka_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_aka_la_LINK) $(am_libstrongswan_eap_aka_la_rpath) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -486,8 +501,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -558,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
index 26546809d..26546809d 100644
--- a/src/charon/plugins/eap_aka/eap_aka_peer.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c
diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.h b/src/libcharon/plugins/eap_aka/eap_aka_peer.h
index 65a210406..65a210406 100644
--- a/src/charon/plugins/eap_aka/eap_aka_peer.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.h
diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.c b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c
index c44a08966..f9283393a 100644
--- a/src/charon/plugins/eap_aka/eap_aka_plugin.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c
@@ -35,7 +35,7 @@ static void destroy(eap_aka_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_aka_plugin_create()
 {
 	eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t);
 
diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.h b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h
index 938e5ecbd..d011904b3 100644
--- a/src/charon/plugins/eap_aka/eap_aka_plugin.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h
@@ -42,9 +42,4 @@ struct eap_aka_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_aka_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_AKA_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index 9baff3e23..9baff3e23 100644
--- a/src/charon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
diff --git a/src/charon/plugins/eap_aka/eap_aka_server.h b/src/libcharon/plugins/eap_aka/eap_aka_server.h
index d48fc4c34..d48fc4c34 100644
--- a/src/charon/plugins/eap_aka/eap_aka_server.h
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.h
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am
new file mode 100644
index 000000000..598799e2a
--- /dev/null
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am
@@ -0,0 +1,20 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+endif
+
+libstrongswan_eap_aka_3gpp2_la_SOURCES = \
+	eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
+	eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
+	eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
+	eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
+
+libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version
+libstrongswan_eap_aka_3gpp2_la_LIBADD  = -lgmp
diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index b80f97f95..d0b0f5601 100644
--- a/src/charon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_aka_3gpp2
+subdir = src/libcharon/plugins/eap_aka_3gpp2
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES =
 am_libstrongswan_eap_aka_3gpp2_la_OBJECTS = eap_aka_3gpp2_plugin.lo \
 	eap_aka_3gpp2_card.lo eap_aka_3gpp2_provider.lo \
@@ -83,6 +83,9 @@ libstrongswan_eap_aka_3gpp2_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_aka_3gpp2_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_3gpp2_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_3gpp2_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,14 +259,17 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la
 libstrongswan_eap_aka_3gpp2_la_SOURCES = \
-  eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
-  eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
-  eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
-  eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
+	eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \
+	eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \
+	eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \
+	eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c
 
 libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version
 libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp
@@ -279,9 +286,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -300,6 +307,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -332,7 +348,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-aka-3gpp2.la: $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES) 
-	$(libstrongswan_eap_aka_3gpp2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_aka_3gpp2_la_LINK) $(am_libstrongswan_eap_aka_3gpp2_la_rpath) $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -488,8 +504,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -560,18 +576,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
index 5c0fe38ad..5c0fe38ad 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
index b95bc52af..b95bc52af 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
index 1d3d246d1..1d3d246d1 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
index 95c6da6a9..95c6da6a9 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
index 5286e0986..626e83311 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c
@@ -64,7 +64,7 @@ static void destroy(private_eap_aka_3gpp2_t *this)
 /**
  * See header
  */
-plugin_t *plugin_create()
+plugin_t *eap_aka_3gpp2_plugin_create()
 {
 	private_eap_aka_3gpp2_t *this = malloc_thing(private_eap_aka_3gpp2_t);
 
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
index ed5c4cf3e..2ac450a7d 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h
@@ -54,9 +54,4 @@ struct eap_aka_3gpp2_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_aka_3gpp2_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_AKA_3GPP2_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
index 9817fff8f..9817fff8f 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
index 22ac0a96e..22ac0a96e 100644
--- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.am b/src/libcharon/plugins/eap_gtc/Makefile.am
new file mode 100644
index 000000000..d8722bf9d
--- /dev/null
+++ b/src/libcharon/plugins/eap_gtc/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-gtc.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
+endif
+
+libstrongswan_eap_gtc_la_SOURCES = \
+	eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
+
+libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam
diff --git a/src/charon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index f3662e1cd..110e1528b 100644
--- a/src/charon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_gtc
+subdir = src/libcharon/plugins/eap_gtc
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_gtc_la_LIBADD =
 am_libstrongswan_eap_gtc_la_OBJECTS = eap_gtc_plugin.lo eap_gtc.lo
 libstrongswan_eap_gtc_la_OBJECTS =  \
@@ -80,6 +80,9 @@ libstrongswan_eap_gtc_la_OBJECTS =  \
 libstrongswan_eap_gtc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_gtc_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_gtc_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_gtc_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -252,10 +256,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
-libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-gtc.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-gtc.la
+libstrongswan_eap_gtc_la_SOURCES = \
+	eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c
+
 libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam
 all: all-am
 
@@ -270,9 +279,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -291,6 +300,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +341,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-gtc.la: $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_DEPENDENCIES) 
-	$(libstrongswan_eap_gtc_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_gtc_la_LINK) $(am_libstrongswan_eap_gtc_la_rpath) $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -477,8 +495,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -549,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c
index c7f55fa70..c7f55fa70 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c
diff --git a/src/charon/plugins/eap_gtc/eap_gtc.h b/src/libcharon/plugins/eap_gtc/eap_gtc.h
index 2eb8482f8..2eb8482f8 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc.h
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc.h
diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c
index 8550c254c..91ba84b3d 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c
@@ -37,7 +37,7 @@ static void destroy(eap_gtc_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_gtc_plugin_create()
 {
 	eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t);
 
diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h
index abb6bdcb6..9c4052a6d 100644
--- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h
+++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h
@@ -39,9 +39,4 @@ struct eap_gtc_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_gtc_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_GTC_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_identity/Makefile.am b/src/libcharon/plugins/eap_identity/Makefile.am
index 992eb43f7..2a7c764b0 100644
--- a/src/charon/plugins/eap_identity/Makefile.am
+++ b/src/libcharon/plugins/eap_identity/Makefile.am
@@ -1,10 +1,16 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-identity.la
+else
 plugin_LTLIBRARIES = libstrongswan-eap-identity.la
+endif
+
 libstrongswan_eap_identity_la_SOURCES = \
-  eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
-libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version
+	eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
 
+libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 80709246f..bbb987dd6 100644
--- a/src/charon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_identity
+subdir = src/libcharon/plugins/eap_identity
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_identity_la_LIBADD =
 am_libstrongswan_eap_identity_la_OBJECTS = eap_identity_plugin.lo \
 	eap_identity.lo
@@ -82,6 +82,9 @@ libstrongswan_eap_identity_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_identity_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_identity_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_identity_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,11 +258,14 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-identity.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-identity.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-identity.la
 libstrongswan_eap_identity_la_SOURCES = \
-  eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
+	eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c
 
 libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -274,9 +281,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -295,6 +302,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +343,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-identity.la: $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_DEPENDENCIES) 
-	$(libstrongswan_eap_identity_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_identity_la_LINK) $(am_libstrongswan_eap_identity_la_rpath) $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +497,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c
index ab082a955..ab082a955 100644
--- a/src/charon/plugins/eap_identity/eap_identity.c
+++ b/src/libcharon/plugins/eap_identity/eap_identity.c
diff --git a/src/charon/plugins/eap_identity/eap_identity.h b/src/libcharon/plugins/eap_identity/eap_identity.h
index 7364a8bda..7364a8bda 100644
--- a/src/charon/plugins/eap_identity/eap_identity.h
+++ b/src/libcharon/plugins/eap_identity/eap_identity.h
diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.c b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c
index a623e1951..082997154 100644
--- a/src/charon/plugins/eap_identity/eap_identity_plugin.c
+++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c
@@ -34,7 +34,7 @@ static void destroy(eap_identity_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_identity_plugin_create()
 {
 	eap_identity_plugin_t *this = malloc_thing(eap_identity_plugin_t);
 
diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.h b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h
index 0a7fb8228..274156a1b 100644
--- a/src/charon/plugins/eap_identity/eap_identity_plugin.h
+++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h
@@ -39,9 +39,4 @@ struct eap_identity_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_identity_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_IDENTITY_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/eap_md5/Makefile.am b/src/libcharon/plugins/eap_md5/Makefile.am
new file mode 100644
index 000000000..e9936c925
--- /dev/null
+++ b/src/libcharon/plugins/eap_md5/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-md5.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-md5.la
+endif
+
+libstrongswan_eap_md5_la_SOURCES = \
+	eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
+
+libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 21ac7fa92..943811604 100644
--- a/src/charon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_md5
+subdir = src/libcharon/plugins/eap_md5
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_md5_la_LIBADD =
 am_libstrongswan_eap_md5_la_OBJECTS = eap_md5_plugin.lo eap_md5.lo
 libstrongswan_eap_md5_la_OBJECTS =  \
@@ -80,6 +80,9 @@ libstrongswan_eap_md5_la_OBJECTS =  \
 libstrongswan_eap_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_md5_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_md5_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_md5_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -252,10 +256,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-md5.la
-libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-md5.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-md5.la
+libstrongswan_eap_md5_la_SOURCES = \
+	eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c
+
 libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -270,9 +279,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -291,6 +300,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +341,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-md5.la: $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_DEPENDENCIES) 
-	$(libstrongswan_eap_md5_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_md5_la_LINK) $(am_libstrongswan_eap_md5_la_rpath) $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -477,8 +495,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -549,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
index 0eda8f755..0eda8f755 100644
--- a/src/charon/plugins/eap_md5/eap_md5.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5.c
diff --git a/src/charon/plugins/eap_md5/eap_md5.h b/src/libcharon/plugins/eap_md5/eap_md5.h
index 3cff0dd79..3cff0dd79 100644
--- a/src/charon/plugins/eap_md5/eap_md5.h
+++ b/src/libcharon/plugins/eap_md5/eap_md5.h
diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.c b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c
index 629255ebf..e716dc6e8 100644
--- a/src/charon/plugins/eap_md5/eap_md5_plugin.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c
@@ -34,7 +34,7 @@ static void destroy(eap_md5_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_md5_plugin_create()
 {
 	eap_md5_plugin_t *this = malloc_thing(eap_md5_plugin_t);
 
diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.h b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h
index eb5b38e94..e5e1a6e94 100644
--- a/src/charon/plugins/eap_md5/eap_md5_plugin.h
+++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h
@@ -39,9 +39,4 @@ struct eap_md5_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_md5_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_MD5_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_mschapv2/Makefile.am b/src/libcharon/plugins/eap_mschapv2/Makefile.am
index 4758ad5f3..b9555b3c1 100644
--- a/src/charon/plugins/eap_mschapv2/Makefile.am
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.am
@@ -1,12 +1,17 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+else
 plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+endif
 
 libstrongswan_eap_mschapv2_la_SOURCES = \
 	eap_mschapv2_plugin.h eap_mschapv2_plugin.c \
 	eap_mschapv2.h eap_mschapv2.c
-libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version
 
+libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index 001818481..2f6c65df4 100644
--- a/src/charon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_mschapv2
+subdir = src/libcharon/plugins/eap_mschapv2
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_mschapv2_la_LIBADD =
 am_libstrongswan_eap_mschapv2_la_OBJECTS = eap_mschapv2_plugin.lo \
 	eap_mschapv2.lo
@@ -82,6 +82,9 @@ libstrongswan_eap_mschapv2_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_mschapv2_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_mschapv2_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_mschapv2_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,9 +258,12 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la
 libstrongswan_eap_mschapv2_la_SOURCES = \
 	eap_mschapv2_plugin.h eap_mschapv2_plugin.c \
 	eap_mschapv2.h eap_mschapv2.c
@@ -275,9 +282,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -296,6 +303,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +344,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-mschapv2.la: $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_DEPENDENCIES) 
-	$(libstrongswan_eap_mschapv2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_mschapv2_la_LINK) $(am_libstrongswan_eap_mschapv2_la_rpath) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -482,8 +498,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -554,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index f0222840d..c1ccf72eb 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2009 Tobias Brunner
+ * Copyright (C) 2010 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -460,37 +461,31 @@ static status_t GenerateMSK(chunk_t password_hash_hash,
 
 static status_t GenerateStuff(private_eap_mschapv2_t *this,
 							  chunk_t server_challenge, chunk_t peer_challenge,
-							  chunk_t username, chunk_t password)
+							  chunk_t username, chunk_t nt_hash)
 {
 	status_t status = FAILED;
-	chunk_t password_hash = chunk_empty, password_hash_hash = chunk_empty,
-			challenge_hash = chunk_empty;
+	chunk_t nt_hash_hash = chunk_empty, challenge_hash = chunk_empty;
 
-	if (NtPasswordHash(password, &password_hash) != SUCCESS)
-	{
-		goto error;
-	}
-	if (NtPasswordHash(password_hash, &password_hash_hash) != SUCCESS)
+	if (NtPasswordHash(nt_hash, &nt_hash_hash) != SUCCESS)
 	{
 		goto error;
 	}
 	if (ChallengeHash(peer_challenge, server_challenge, username,
-					  &challenge_hash) != SUCCESS)
+						&challenge_hash) != SUCCESS)
 	{
 		goto error;
 	}
-
-	if (ChallengeResponse(challenge_hash, password_hash,
-						  &this->nt_response) != SUCCESS)
+	if (ChallengeResponse(challenge_hash, nt_hash,
+						&this->nt_response) != SUCCESS)
 	{
 		goto error;
 	}
-	if (AuthenticatorResponse(password_hash_hash, challenge_hash,
-							  this->nt_response, &this->auth_response) != SUCCESS)
+	if (AuthenticatorResponse(nt_hash_hash, challenge_hash,
+						this->nt_response, &this->auth_response) != SUCCESS)
 	{
 		goto error;
 	}
-	if (GenerateMSK(password_hash_hash, this->nt_response, &this->msk) != SUCCESS)
+	if (GenerateMSK(nt_hash_hash, this->nt_response, &this->msk) != SUCCESS)
 	{
 		goto error;
 	}
@@ -498,8 +493,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this,
 	status = SUCCESS;
 
 error:
-	chunk_free(&password_hash);
-	chunk_free(&password_hash_hash);
+	chunk_free(&nt_hash_hash);
 	chunk_free(&challenge_hash);
 	return status;
 }
@@ -613,6 +607,39 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou
 	return NEED_MORE;
 }
 
+static bool get_nt_hash(private_eap_mschapv2_t *this, identification_t *me,
+					   identification_t *other, chunk_t *nt_hash)
+{
+	shared_key_t *shared;
+	chunk_t password;
+
+	/* try to find a stored NT_HASH first */
+	shared = charon->credentials->get_shared(charon->credentials,
+											SHARED_NT_HASH, me, other);
+	if (shared )
+	{
+		*nt_hash = chunk_clone(shared->get_key(shared));
+		shared->destroy(shared);
+		return TRUE;
+	}
+
+	/* fallback to plaintext password */
+	shared = charon->credentials->get_shared(charon->credentials,
+											SHARED_EAP, me, other);
+	if (shared)
+	{
+		password = ascii_to_unicode(shared->get_key(shared));
+		shared->destroy(shared);
+
+		if (NtPasswordHash(password, nt_hash) == SUCCESS)
+		{
+			chunk_clear(&password);
+			return TRUE;
+		}
+		chunk_clear(&password);
+	}
+	return FALSE;
+}
 
 /**
  * Process MS-CHAPv2 Challenge Requests
@@ -624,8 +651,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
 	eap_mschapv2_header_t *eap;
 	eap_mschapv2_challenge_t *cha;
 	eap_mschapv2_response_t *res;
-	shared_key_t *shared;
-	chunk_t data, peer_challenge, username, password;
+	chunk_t data, peer_challenge, username, nt_hash;
 	u_int16_t len = RESPONSE_PAYLOAD_LEN;
 
 	data = in->get_data(in);
@@ -660,28 +686,24 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this,
 	rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr);
 	rng->destroy(rng);
 
-	shared = charon->credentials->get_shared(charon->credentials,
-										SHARED_EAP, this->peer, this->server);
-	if (shared == NULL)
+	if (!get_nt_hash(this, this->peer, this->server, &nt_hash))
 	{
 		DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'",
 			 this->server, this->peer);
 		return NOT_FOUND;
 	}
 
-	password = ascii_to_unicode(shared->get_key(shared));
-	shared->destroy(shared);
-
 	username = extract_username(this->peer);
 	len += username.len;
 
-	if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS)
+	if (GenerateStuff(this, this->challenge, peer_challenge,
+					  username, nt_hash) != SUCCESS)
 	{
 		DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed");
-		chunk_clear(&password);
+		chunk_clear(&nt_hash);
 		return FAILED;
 	}
-	chunk_clear(&password);
+	chunk_clear(&nt_hash);
 
 	eap = alloca(len);
 	eap->code = EAP_RESPONSE;
@@ -995,9 +1017,8 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
 {
 	eap_mschapv2_header_t *eap;
 	eap_mschapv2_response_t *res;
-	chunk_t data, peer_challenge, username, password;
+	chunk_t data, peer_challenge, username, nt_hash;
 	identification_t *userid;
-	shared_key_t *shared;
 	int name_len;
 	char buf[256];
 
@@ -1019,9 +1040,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
 	DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid);
 	username = extract_username(userid);
 
-	shared = charon->credentials->get_shared(charon->credentials,
-											 SHARED_EAP, this->server, userid);
-	if (shared == NULL)
+	if (!get_nt_hash(this, this->server, userid, &nt_hash))
 	{
 		DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'",
 					  this->server, userid);
@@ -1035,21 +1054,19 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
 		return process_server_retry(this, out);
 	}
 
-	password = ascii_to_unicode(shared->get_key(shared));
-	shared->destroy(shared);
-
 	if (GenerateStuff(this, this->challenge, peer_challenge,
-					  username, password) != SUCCESS)
+					  username, nt_hash) != SUCCESS)
 	{
 		DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed");
 		userid->destroy(userid);
-		chunk_clear(&password);
+		chunk_clear(&nt_hash);
 		return FAILED;
 	}
 	userid->destroy(userid);
-	chunk_clear(&password);
+	chunk_clear(&nt_hash);
 
-	if (memeq(res->response.nt_response, this->nt_response.ptr, this->nt_response.len))
+	if (memeq(res->response.nt_response, this->nt_response.ptr,
+			  this->nt_response.len))
 	{
 		chunk_t hex;
 		char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)];
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
index 34cc1141e..34cc1141e 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
index 404cecb20..a7b41ddbf 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c
@@ -34,7 +34,7 @@ static void destroy(eap_mschapv2_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_mschapv2_plugin_create()
 {
 	eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t);
 
diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
index 9048fc64e..f250a9d47 100644
--- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h
@@ -39,9 +39,4 @@ struct eap_mschapv2_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_mschapv2_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_MSCHAPV2_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/eap_radius/Makefile.am b/src/libcharon/plugins/eap_radius/Makefile.am
new file mode 100644
index 000000000..a3abd4124
--- /dev/null
+++ b/src/libcharon/plugins/eap_radius/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-radius.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-radius.la
+endif
+
+libstrongswan_eap_radius_la_SOURCES = \
+	eap_radius_plugin.h eap_radius_plugin.c \
+	eap_radius.h eap_radius.c \
+	radius_client.h radius_client.c \
+	radius_message.h radius_message.c
+
+libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index eb135e750..18427adef 100644
--- a/src/charon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_radius
+subdir = src/libcharon/plugins/eap_radius
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_radius_la_LIBADD =
 am_libstrongswan_eap_radius_la_OBJECTS = eap_radius_plugin.lo \
 	eap_radius.lo radius_client.lo radius_message.lo
@@ -82,6 +82,9 @@ libstrongswan_eap_radius_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eap_radius_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_radius_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_radius_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,14 +258,17 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-radius.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-radius.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-radius.la
 libstrongswan_eap_radius_la_SOURCES = \
-  eap_radius_plugin.h eap_radius_plugin.c \
-  eap_radius.h eap_radius.c \
-  radius_client.h radius_client.c \
-  radius_message.h radius_message.c
+	eap_radius_plugin.h eap_radius_plugin.c \
+	eap_radius.h eap_radius.c \
+	radius_client.h radius_client.c \
+	radius_message.h radius_message.c
 
 libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -277,9 +284,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -298,6 +305,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -330,7 +346,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-radius.la: $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_DEPENDENCIES) 
-	$(libstrongswan_eap_radius_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_radius_la_LINK) $(am_libstrongswan_eap_radius_la_rpath) $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -486,8 +502,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -558,18 +574,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c
index f041fda54..f041fda54 100644
--- a/src/charon/plugins/eap_radius/eap_radius.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius.c
diff --git a/src/charon/plugins/eap_radius/eap_radius.h b/src/libcharon/plugins/eap_radius/eap_radius.h
index 8eb9e8c2d..8eb9e8c2d 100644
--- a/src/charon/plugins/eap_radius/eap_radius.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius.h
diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
index 51e6a69c8..7d2788c3e 100644
--- a/src/charon/plugins/eap_radius/eap_radius_plugin.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c
@@ -33,7 +33,7 @@ static void destroy(eap_radius_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_radius_plugin_create()
 {
 	eap_radius_plugin_t *this;
 
diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.h b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
index a79640796..f2b8b5082 100644
--- a/src/charon/plugins/eap_radius/eap_radius_plugin.h
+++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h
@@ -42,9 +42,4 @@ struct eap_radius_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_radius_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_RADIUS_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/libcharon/plugins/eap_radius/radius_client.c
index 1d1f21742..1d1f21742 100644
--- a/src/charon/plugins/eap_radius/radius_client.c
+++ b/src/libcharon/plugins/eap_radius/radius_client.c
diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/libcharon/plugins/eap_radius/radius_client.h
index 77ba94807..77ba94807 100644
--- a/src/charon/plugins/eap_radius/radius_client.h
+++ b/src/libcharon/plugins/eap_radius/radius_client.h
diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/libcharon/plugins/eap_radius/radius_message.c
index 11a1d8dfc..11a1d8dfc 100644
--- a/src/charon/plugins/eap_radius/radius_message.c
+++ b/src/libcharon/plugins/eap_radius/radius_message.c
diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/libcharon/plugins/eap_radius/radius_message.h
index 266839d3b..266839d3b 100644
--- a/src/charon/plugins/eap_radius/radius_message.h
+++ b/src/libcharon/plugins/eap_radius/radius_message.h
diff --git a/src/libcharon/plugins/eap_sim/Makefile.am b/src/libcharon/plugins/eap_sim/Makefile.am
new file mode 100644
index 000000000..a0cb72f5f
--- /dev/null
+++ b/src/libcharon/plugins/eap_sim/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-sim.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-sim.la
+libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+endif
+
+libstrongswan_eap_sim_la_SOURCES = \
+	eap_sim_plugin.h eap_sim_plugin.c \
+	eap_sim_peer.h eap_sim_peer.c \
+	eap_sim_server.h eap_sim_server.c
+
+libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index d9b568a42..588965113 100644
--- a/src/charon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_sim
+subdir = src/libcharon/plugins/eap_sim
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,9 +72,9 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
-libstrongswan_eap_sim_la_DEPENDENCIES =  \
-	$(top_builddir)/src/libsimaka/libsimaka.la
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+@MONOLITHIC_FALSE@libstrongswan_eap_sim_la_DEPENDENCIES =  \
+@MONOLITHIC_FALSE@	$(top_builddir)/src/libsimaka/libsimaka.la
 am_libstrongswan_eap_sim_la_OBJECTS = eap_sim_plugin.lo \
 	eap_sim_peer.lo eap_sim_server.lo
 libstrongswan_eap_sim_la_OBJECTS =  \
@@ -82,6 +82,9 @@ libstrongswan_eap_sim_la_OBJECTS =  \
 libstrongswan_eap_sim_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_sim_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_sim_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_sim_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,16 +258,18 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \
-  -I$(top_srcdir)/src/libsimaka
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka
 
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-sim.la
-libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \
-  eap_sim_peer.h eap_sim_peer.c \
-  eap_sim_server.h eap_sim_server.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-sim.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-sim.la
+@MONOLITHIC_FALSE@libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
+libstrongswan_eap_sim_la_SOURCES = \
+	eap_sim_plugin.h eap_sim_plugin.c \
+	eap_sim_peer.h eap_sim_peer.c \
+	eap_sim_server.h eap_sim_server.c
 
-libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la
 libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -278,9 +284,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -299,6 +305,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +346,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-sim.la: $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_DEPENDENCIES) 
-	$(libstrongswan_eap_sim_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_sim_la_LINK) $(am_libstrongswan_eap_sim_la_rpath) $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -486,8 +501,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -558,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
index 961cfd30d..961cfd30d 100644
--- a/src/charon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.h b/src/libcharon/plugins/eap_sim/eap_sim_peer.h
index 89f81301e..89f81301e 100644
--- a/src/charon/plugins/eap_sim/eap_sim_peer.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.h
diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.c b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c
index 1d2b9cf4f..f0c972253 100644
--- a/src/charon/plugins/eap_sim/eap_sim_plugin.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c
@@ -35,7 +35,7 @@ static void destroy(eap_sim_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *eap_sim_plugin_create()
 {
 	eap_sim_plugin_t *this = malloc_thing(eap_sim_plugin_t);
 
diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.h b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h
index 767eb65a5..4e10380c4 100644
--- a/src/charon/plugins/eap_sim/eap_sim_plugin.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h
@@ -39,9 +39,4 @@ struct eap_sim_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_sim_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_SIM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index f6d5df09b..f6d5df09b 100644
--- a/src/charon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
diff --git a/src/charon/plugins/eap_sim/eap_sim_server.h b/src/libcharon/plugins/eap_sim/eap_sim_server.h
index 978e1e1e9..978e1e1e9 100644
--- a/src/charon/plugins/eap_sim/eap_sim_server.h
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.h
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.am b/src/libcharon/plugins/eap_sim_file/Makefile.am
new file mode 100644
index 000000000..2b59a7c88
--- /dev/null
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
+endif
+
+libstrongswan_eap_sim_file_la_SOURCES = \
+	eap_sim_file_plugin.h eap_sim_file_plugin.c \
+	eap_sim_file_card.h eap_sim_file_card.c \
+	eap_sim_file_provider.h eap_sim_file_provider.c \
+	eap_sim_file_triplets.h eap_sim_file_triplets.c
+
+libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index 232c2a133..2d998dbcc 100644
--- a/src/charon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_sim_file
+subdir = src/libcharon/plugins/eap_sim_file
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_sim_file_la_LIBADD =
 am_libstrongswan_eap_sim_file_la_OBJECTS = eap_sim_file_plugin.lo \
 	eap_sim_file_card.lo eap_sim_file_provider.lo \
@@ -83,6 +83,9 @@ libstrongswan_eap_sim_file_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_sim_file_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_sim_file_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_sim_file_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,14 +259,17 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\"
-plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la
 libstrongswan_eap_sim_file_la_SOURCES = \
-  eap_sim_file_plugin.h eap_sim_file_plugin.c \
-  eap_sim_file_card.h eap_sim_file_card.c \
-  eap_sim_file_provider.h eap_sim_file_provider.c \
-  eap_sim_file_triplets.h eap_sim_file_triplets.c
+	eap_sim_file_plugin.h eap_sim_file_plugin.c \
+	eap_sim_file_card.h eap_sim_file_card.c \
+	eap_sim_file_provider.h eap_sim_file_provider.c \
+	eap_sim_file_triplets.h eap_sim_file_triplets.c
 
 libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -278,9 +285,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -299,6 +306,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +347,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-sim-file.la: $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_DEPENDENCIES) 
-	$(libstrongswan_eap_sim_file_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_sim_file_la_LINK) $(am_libstrongswan_eap_sim_file_la_rpath) $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -487,8 +503,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -559,18 +575,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
index d132a38f6..d132a38f6 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
index 1a5470968..1a5470968 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
index 22ad31703..4f25c35ea 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c
@@ -19,7 +19,7 @@
 #include "eap_sim_file_triplets.h"
 
 #include <daemon.h>
-

+
 #define TRIPLET_FILE IPSEC_CONFDIR "/ipsec.d/triplets.dat"
 
 typedef struct private_eap_sim_file_t private_eap_sim_file_t;
@@ -66,7 +66,7 @@ static void destroy(private_eap_sim_file_t *this)
 /**
  * See header
  */
-plugin_t *plugin_create()
+plugin_t *eap_sim_file_plugin_create()
 {
 	private_eap_sim_file_t *this = malloc_thing(private_eap_sim_file_t);
 
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h
index 24857d0b0..f5083c72f 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h
@@ -39,9 +39,4 @@ struct eap_sim_file_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_sim_file_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_SIM_FILE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
index 9bee31fc3..9bee31fc3 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
index 10fda282a..10fda282a 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
index 6b7d99fb7..6b7d99fb7 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c
diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
index 8f8130810..8f8130810 100644
--- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am
new file mode 100644
index 000000000..a158d6dbe
--- /dev/null
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+endif
+
+libstrongswan_eap_simaka_pseudonym_la_SOURCES = \
+	eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
+	eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
+	eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
+
+libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 392331fb1..6c44ea2bb 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_simaka_pseudonym
+subdir = src/libcharon/plugins/eap_simaka_pseudonym
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_simaka_pseudonym_la_LIBADD =
 am_libstrongswan_eap_simaka_pseudonym_la_OBJECTS =  \
 	eap_simaka_pseudonym_plugin.lo eap_simaka_pseudonym_card.lo \
@@ -84,6 +84,9 @@ libstrongswan_eap_simaka_pseudonym_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_simaka_pseudonym_la_LDFLAGS) $(LDFLAGS) -o \
 	$@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_simaka_pseudonym_la_rpath =  \
+@MONOLITHIC_FALSE@	-rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_simaka_pseudonym_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -222,6 +225,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -256,13 +260,16 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la
 libstrongswan_eap_simaka_pseudonym_la_SOURCES = \
-  eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
-  eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
-  eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
+	eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \
+	eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \
+	eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c
 
 libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -278,9 +285,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -299,6 +306,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +347,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-simaka-pseudonym.la: $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_DEPENDENCIES) 
-	$(libstrongswan_eap_simaka_pseudonym_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_simaka_pseudonym_la_LINK) $(am_libstrongswan_eap_simaka_pseudonym_la_rpath) $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -486,8 +502,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -558,18 +574,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
index 9b0f1bc71..9b0f1bc71 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
index 1b5940fdc..1b5940fdc 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
index e4e179a7d..81b9d7b00 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c
@@ -57,7 +57,7 @@ static void destroy(private_eap_simaka_pseudonym_t *this)
 /**
  * See header
  */
-plugin_t *plugin_create()
+plugin_t *eap_simaka_pseudonym_plugin_create()
 {
 	private_eap_simaka_pseudonym_t *this;
 
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
index 032604eb1..1992b2482 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h
@@ -39,9 +39,4 @@ struct eap_simaka_pseudonym_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_simaka_pseudonym_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_SIMAKA_PSEUDONYM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
index 0613b8807..0613b8807 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c
diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
index 5d8e6d221..5d8e6d221 100644
--- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.am b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am
new file mode 100644
index 000000000..fbcd544d3
--- /dev/null
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+else
+plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+endif
+
+libstrongswan_eap_simaka_reauth_la_SOURCES = \
+	eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
+	eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
+	eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
+
+libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index d709acb70..35d8e7c3b 100644
--- a/src/charon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/eap_simaka_reauth
+subdir = src/libcharon/plugins/eap_simaka_reauth
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_eap_simaka_reauth_la_LIBADD =
 am_libstrongswan_eap_simaka_reauth_la_OBJECTS =  \
 	eap_simaka_reauth_plugin.lo eap_simaka_reauth_card.lo \
@@ -83,6 +83,9 @@ libstrongswan_eap_simaka_reauth_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_eap_simaka_reauth_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_eap_simaka_reauth_la_rpath =  \
+@MONOLITHIC_FALSE@	-rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_eap_simaka_reauth_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,13 +259,16 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la
 libstrongswan_eap_simaka_reauth_la_SOURCES = \
-  eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
-  eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
-  eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
+	eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \
+	eap_simaka_reauth_card.h eap_simaka_reauth_card.c \
+	eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c
 
 libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -277,9 +284,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -298,6 +305,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -330,7 +346,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-eap-simaka-reauth.la: $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_DEPENDENCIES) 
-	$(libstrongswan_eap_simaka_reauth_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_LIBADD) $(LIBS)
+	$(libstrongswan_eap_simaka_reauth_la_LINK) $(am_libstrongswan_eap_simaka_reauth_la_rpath) $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -485,8 +501,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -557,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
index 14d0416d9..14d0416d9 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
index f24dc8a15..f24dc8a15 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
index b2e853e21..987a0e109 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c
@@ -57,7 +57,7 @@ static void destroy(private_eap_simaka_reauth_t *this)
 /**
  * See header
  */
-plugin_t *plugin_create()
+plugin_t *eap_simaka_reauth_plugin_create()
 {
 	private_eap_simaka_reauth_t *this = malloc_thing(private_eap_simaka_reauth_t);
 
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
index e86832c0e..80c8a1037 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h
@@ -39,9 +39,4 @@ struct eap_simaka_reauth_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a eap_simaka_reauth_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** EAP_SIMAKA_REAUTH_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
index f962b2d84..f962b2d84 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c
diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
index 7ae151a27..7ae151a27 100644
--- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
+++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h
diff --git a/src/libcharon/plugins/farp/Makefile.am b/src/libcharon/plugins/farp/Makefile.am
new file mode 100644
index 000000000..42cd31879
--- /dev/null
+++ b/src/libcharon/plugins/farp/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-farp.la
+else
+plugin_LTLIBRARIES = libstrongswan-farp.la
+endif
+
+libstrongswan_farp_la_SOURCES = farp_plugin.h farp_plugin.c \
+	farp_listener.h farp_listener.c farp_spoofer.h farp_spoofer.c
+
+libstrongswan_farp_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
new file mode 100644
index 000000000..20ac77080
--- /dev/null
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -0,0 +1,587 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/farp
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_farp_la_LIBADD =
+am_libstrongswan_farp_la_OBJECTS = farp_plugin.lo farp_listener.lo \
+	farp_spoofer.lo
+libstrongswan_farp_la_OBJECTS = $(am_libstrongswan_farp_la_OBJECTS)
+libstrongswan_farp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(libstrongswan_farp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_farp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_farp_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_farp_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_farp_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-farp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-farp.la
+libstrongswan_farp_la_SOURCES = farp_plugin.h farp_plugin.c \
+	farp_listener.h farp_listener.c farp_spoofer.h farp_spoofer.c
+
+libstrongswan_farp_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+	}
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libstrongswan-farp.la: $(libstrongswan_farp_la_OBJECTS) $(libstrongswan_farp_la_DEPENDENCIES) 
+	$(libstrongswan_farp_la_LINK) $(am_libstrongswan_farp_la_rpath) $(libstrongswan_farp_la_OBJECTS) $(libstrongswan_farp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_listener.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_spoofer.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c
new file mode 100644
index 000000000..8eed49778
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_listener.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "farp_listener.h"
+
+#include <utils/hashtable.h>
+#include <threading/rwlock.h>
+
+typedef struct private_farp_listener_t private_farp_listener_t;
+
+/**
+ * Private data of an farp_listener_t object.
+ */
+struct private_farp_listener_t {
+
+	/**
+	 * Public farp_listener_t interface.
+	 */
+	farp_listener_t public;
+
+	/**
+	 * Hashtable with active virtual IPs
+	 */
+	hashtable_t *ips;
+
+	/**
+	 * RWlock for IP list
+	 */
+	rwlock_t *lock;
+};
+
+/**
+ * Hashtable hash function
+ */
+static u_int hash(host_t *key)
+{
+	return chunk_hash(key->get_address(key));
+}
+
+/**
+ * Hashtable equals function
+ */
+static bool equals(host_t *a, host_t *b)
+{
+	return a->ip_equals(a, b);
+}
+
+METHOD(listener_t, ike_updown, bool,
+	private_farp_listener_t *this, ike_sa_t *ike_sa, bool up)
+{
+	if (!up)
+	{
+		host_t *ip;
+
+		ip = ike_sa->get_virtual_ip(ike_sa, FALSE);
+		if (ip)
+		{
+			this->lock->write_lock(this->lock);
+			ip = this->ips->remove(this->ips, ip);
+			this->lock->unlock(this->lock);
+			DESTROY_IF(ip);
+		}
+	}
+	return TRUE;
+}
+
+METHOD(listener_t, message_hook, bool,
+	private_farp_listener_t *this, ike_sa_t *ike_sa,
+	message_t *message, bool incoming)
+{
+	if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+		message->get_exchange_type(message) == IKE_AUTH &&
+		!message->get_request(message))
+	{
+		host_t *ip;
+
+		ip = ike_sa->get_virtual_ip(ike_sa, FALSE);
+		if (ip)
+		{
+			ip = ip->clone(ip);
+			this->lock->write_lock(this->lock);
+			ip = this->ips->put(this->ips, ip, ip);
+			this->lock->unlock(this->lock);
+			DESTROY_IF(ip);
+		}
+	}
+	return TRUE;
+}
+
+METHOD(farp_listener_t, is_active, bool,
+	private_farp_listener_t *this, host_t *ip)
+{
+	bool active;
+
+	this->lock->read_lock(this->lock);
+	active = this->ips->get(this->ips, ip) != NULL;
+	this->lock->unlock(this->lock);
+	return active;
+}
+
+METHOD(farp_listener_t, destroy, void,
+	private_farp_listener_t *this)
+{
+	enumerator_t *enumerator;
+	host_t *key, *value;
+
+	enumerator = this->ips->create_enumerator(this->ips);
+	while (enumerator->enumerate(enumerator, &key, &value))
+	{
+		value->destroy(value);
+	}
+	enumerator->destroy(enumerator);
+	this->ips->destroy(this->ips);
+
+	this->lock->destroy(this->lock);
+	free(this);
+}
+
+/**
+ * See header
+ */
+farp_listener_t *farp_listener_create()
+{
+	private_farp_listener_t *this;
+
+	INIT(this,
+		.public = {
+			.listener = {
+				.ike_updown = _ike_updown,
+				.message = _message_hook,
+			},
+			.is_active = _is_active,
+			.destroy = _destroy,
+		},
+		.ips = hashtable_create((hashtable_hash_t)hash,
+								(hashtable_equals_t)equals, 8),
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/farp/farp_listener.h b/src/libcharon/plugins/farp/farp_listener.h
new file mode 100644
index 000000000..bd96d7a1c
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_listener.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup farp_listener farp_listener
+ * @{ @ingroup farp
+ */
+
+#ifndef FARP_LISTENER_H_
+#define FARP_LISTENER_H_
+
+#include <utils/host.h>
+#include <bus/listeners/listener.h>
+
+typedef struct farp_listener_t farp_listener_t;
+
+/**
+ * Listener to register the set of IPs we spoof ARP responses for.
+ */
+struct farp_listener_t {
+
+	/**
+	 * Implements listener_t interface.
+	 */
+	listener_t listener;
+
+	/**
+	 * Check if a given IP is currently used as virtual IP by a peer.
+	 *
+	 * @param ip		IP to check
+	 * @return			TRUE if IP is an active virtual IP
+	 */
+	bool (*is_active)(farp_listener_t *this, host_t *ip);
+
+	/**
+	 * Destroy a farp_listener_t.
+	 */
+	void (*destroy)(farp_listener_t *this);
+};
+
+/**
+ * Create a farp_listener instance.
+ */
+farp_listener_t *farp_listener_create();
+
+#endif /** FARP_LISTENER_H_ @}*/
diff --git a/src/libcharon/plugins/farp/farp_plugin.c b/src/libcharon/plugins/farp/farp_plugin.c
new file mode 100644
index 000000000..01c2a39c8
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_plugin.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "farp_plugin.h"
+
+#include "farp_listener.h"
+#include "farp_spoofer.h"
+
+#include <daemon.h>
+
+typedef struct private_farp_plugin_t private_farp_plugin_t;
+
+/**
+ * private data of farp plugin
+ */
+struct private_farp_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	farp_plugin_t public;
+
+	/**
+	 * Listener registering active virtual IPs
+	 */
+	farp_listener_t *listener;
+
+	/**
+	 * Spoofer listening and spoofing ARP messages
+	 */
+	farp_spoofer_t *spoofer;
+};
+
+METHOD(plugin_t, destroy, void,
+	private_farp_plugin_t *this)
+{
+	DESTROY_IF(this->spoofer);
+	charon->bus->remove_listener(charon->bus, &this->listener->listener);
+	this->listener->destroy(this->listener);
+	free(this);
+}
+
+/**
+ * Plugin constructor
+ */
+plugin_t *farp_plugin_create()
+{
+	private_farp_plugin_t *this;
+
+	INIT(this,
+		.public.plugin.destroy = _destroy,
+		.listener = farp_listener_create(),
+	);
+
+	charon->bus->add_listener(charon->bus, &this->listener->listener);
+
+	this->spoofer = farp_spoofer_create(this->listener);
+	if (!this->spoofer)
+	{
+		destroy(this);
+		return NULL;
+	}
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/farp/farp_plugin.h b/src/libcharon/plugins/farp/farp_plugin.h
new file mode 100644
index 000000000..0246fcc2a
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup farp farp
+ * @ingroup cplugins
+ *
+ * @defgroup farp_plugin farp_plugin
+ * @{ @ingroup farp
+ */
+
+#ifndef FARP_PLUGIN_H_
+#define FARP_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct farp_plugin_t farp_plugin_t;
+
+/**
+ * ARP faking plugin that responds to ARP requests to peers virtual IP.
+ */
+struct farp_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** FARP_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/farp/farp_spoofer.c b/src/libcharon/plugins/farp/farp_spoofer.c
new file mode 100644
index 000000000..29e64e32d
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_spoofer.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "farp_spoofer.h"
+
+#include <errno.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <linux/if_arp.h>
+#include <linux/if_ether.h>
+#include <linux/filter.h>
+#include <sys/ioctl.h>
+
+#include <daemon.h>
+#include <threading/thread.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_farp_spoofer_t private_farp_spoofer_t;
+
+/**
+ * Private data of an farp_spoofer_t object.
+ */
+struct private_farp_spoofer_t {
+
+	/**
+	 * Public farp_spoofer_t interface.
+	 */
+	farp_spoofer_t public;
+
+	/**
+	 * Listener that knows active addresses
+	 */
+	farp_listener_t *listener;
+
+	/**
+	 * Callback job to read ARP requests
+	 */
+	callback_job_t *job;
+
+	/**
+	 * RAW socket for ARP requests
+	 */
+	int skt;
+};
+
+/**
+ * IP over Ethernet ARP message
+ */
+typedef struct __attribute__((packed)) {
+	u_int16_t hardware_type;
+	u_int16_t protocol_type;
+	u_int8_t hardware_size;
+	u_int8_t protocol_size;
+	u_int16_t opcode;
+	u_int8_t sender_mac[6];
+	u_int8_t sender_ip[4];
+	u_int8_t target_mac[6];
+	u_int8_t target_ip[4];
+} arp_t;
+
+/**
+ * Send faked ARP response
+ */
+static void send_arp(private_farp_spoofer_t *this,
+					 arp_t *arp, struct sockaddr_ll *addr)
+{
+	struct ifreq req;
+	char tmp[4];
+
+	req.ifr_ifindex = addr->sll_ifindex;
+	if (ioctl(this->skt, SIOCGIFNAME, &req) == 0 &&
+		ioctl(this->skt, SIOCGIFHWADDR, &req) == 0 &&
+		req.ifr_hwaddr.sa_family == ARPHRD_ETHER)
+	{
+		memcpy(arp->target_mac, arp->sender_mac, 6);
+		memcpy(arp->sender_mac, req.ifr_hwaddr.sa_data, 6);
+
+		memcpy(tmp, arp->sender_ip, 4);
+		memcpy(arp->sender_ip, arp->target_ip, 4);
+		memcpy(arp->target_ip, tmp, 4);
+
+		arp->opcode = htons(ARPOP_REPLY);
+
+		sendto(this->skt, arp, sizeof(*arp), 0,
+			   (struct sockaddr*)addr, sizeof(*addr));
+	}
+}
+
+/**
+ * ARP request receiving
+ */
+static job_requeue_t receive_arp(private_farp_spoofer_t *this)
+{
+	struct sockaddr_ll addr;
+	socklen_t addr_len = sizeof(addr);
+	arp_t arp;
+	int oldstate;
+	ssize_t len;
+	host_t *ip;
+
+	oldstate = thread_cancelability(TRUE);
+	len = recvfrom(this->skt, &arp, sizeof(arp), 0,
+				   (struct sockaddr*)&addr, &addr_len);
+	thread_cancelability(oldstate);
+
+	if (len == sizeof(arp))
+	{
+		ip = host_create_from_chunk(AF_INET,
+									chunk_create((char*)&arp.target_ip, 4), 0);
+		if (ip)
+		{
+			if (this->listener->is_active(this->listener, ip))
+			{
+				send_arp(this, &arp, &addr);
+			}
+			ip->destroy(ip);
+		}
+	}
+
+	return JOB_REQUEUE_DIRECT;
+}
+
+METHOD(farp_spoofer_t, destroy, void,
+	private_farp_spoofer_t *this)
+{
+	this->job->cancel(this->job);
+	close(this->skt);
+	free(this);
+}
+
+/**
+ * See header
+ */
+farp_spoofer_t *farp_spoofer_create(farp_listener_t *listener)
+{
+	private_farp_spoofer_t *this;
+	struct sock_filter arp_request_filter_code[] = {
+		BPF_STMT(BPF_LD+BPF_H+BPF_ABS, offsetof(arp_t, protocol_type)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETH_P_IP, 0, 9),
+		BPF_STMT(BPF_LD+BPF_B+BPF_ABS, offsetof(arp_t, hardware_size)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 7),
+		BPF_STMT(BPF_LD+BPF_B+BPF_ABS, offsetof(arp_t, protocol_size)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 4, 0, 4),
+		BPF_STMT(BPF_LD+BPF_H+BPF_ABS, offsetof(arp_t, opcode)),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPOP_REQUEST, 0, 3),
+		BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0),
+		BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 28, 0, 1),
+		BPF_STMT(BPF_RET+BPF_A, 0),
+		BPF_STMT(BPF_RET+BPF_K, 0),
+	};
+	struct sock_fprog arp_request_filter = {
+		sizeof(arp_request_filter_code) / sizeof(struct sock_filter),
+		arp_request_filter_code,
+	};
+
+	INIT(this,
+		.public = {
+			.destroy = _destroy,
+		},
+		.listener = listener,
+	);
+
+	this->skt = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP));
+	if (this->skt == -1)
+	{
+		DBG1(DBG_NET, "opening ARP packet socket failed: %s", strerror(errno));
+		free(this);
+		return NULL;
+	}
+
+	if (setsockopt(this->skt, SOL_SOCKET, SO_ATTACH_FILTER,
+				   &arp_request_filter, sizeof(arp_request_filter)) < 0)
+	{
+		DBG1(DBG_NET, "installing ARP packet filter failed: %s", strerror(errno));
+		close(this->skt);
+		free(this);
+		return NULL;
+	}
+
+	this->job = callback_job_create((callback_job_cb_t)receive_arp,
+									this, NULL, NULL);
+	charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/farp/farp_spoofer.h b/src/libcharon/plugins/farp/farp_spoofer.h
new file mode 100644
index 000000000..c91fb3b96
--- /dev/null
+++ b/src/libcharon/plugins/farp/farp_spoofer.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup farp_spoofer farp_spoofer
+ * @{ @ingroup farp
+ */
+
+#ifndef FARP_SPOOFER_H_
+#define FARP_SPOOFER_H_
+
+#include "farp_listener.h"
+
+typedef struct farp_spoofer_t farp_spoofer_t;
+
+/**
+ * Listen to ARP requests and spoof responses, if required.
+ */
+struct farp_spoofer_t {
+
+	/**
+	 * Destroy a farp_spoofer_t.
+	 */
+	void (*destroy)(farp_spoofer_t *this);
+};
+
+/**
+ * Create a farp_spoofer instance.
+ *
+ * @param listener		listener to check for addresses to spoof
+ * @return				spoofer instance
+ */
+farp_spoofer_t *farp_spoofer_create(farp_listener_t *listener);
+
+#endif /** FARP_SPOOFER_H_ @}*/
diff --git a/src/libcharon/plugins/ha/Makefile.am b/src/libcharon/plugins/ha/Makefile.am
new file mode 100644
index 000000000..74fe1f4c7
--- /dev/null
+++ b/src/libcharon/plugins/ha/Makefile.am
@@ -0,0 +1,25 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ha.la
+else
+plugin_LTLIBRARIES = libstrongswan-ha.la
+endif
+
+libstrongswan_ha_la_SOURCES = \
+  ha_plugin.h ha_plugin.c \
+  ha_message.h ha_message.c \
+  ha_socket.h ha_socket.c \
+  ha_tunnel.h ha_tunnel.c \
+  ha_dispatcher.h ha_dispatcher.c \
+  ha_segments.h ha_segments.c \
+  ha_kernel.h ha_kernel.c \
+  ha_ctl.h ha_ctl.c \
+  ha_ike.h ha_ike.c \
+  ha_child.h ha_child.c
+libstrongswan_ha_la_LDFLAGS = -module -avoid-version
+
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
new file mode 100644
index 000000000..c60d3bf56
--- /dev/null
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -0,0 +1,604 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/ha
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ha_la_LIBADD =
+am_libstrongswan_ha_la_OBJECTS = ha_plugin.lo ha_message.lo \
+	ha_socket.lo ha_tunnel.lo ha_dispatcher.lo ha_segments.lo \
+	ha_kernel.lo ha_ctl.lo ha_ike.lo ha_child.lo
+libstrongswan_ha_la_OBJECTS = $(am_libstrongswan_ha_la_OBJECTS)
+libstrongswan_ha_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(libstrongswan_ha_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ha_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ha_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_ha_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ha_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ha.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ha.la
+libstrongswan_ha_la_SOURCES = \
+  ha_plugin.h ha_plugin.c \
+  ha_message.h ha_message.c \
+  ha_socket.h ha_socket.c \
+  ha_tunnel.h ha_tunnel.c \
+  ha_dispatcher.h ha_dispatcher.c \
+  ha_segments.h ha_segments.c \
+  ha_kernel.h ha_kernel.c \
+  ha_ctl.h ha_ctl.c \
+  ha_ike.h ha_ike.c \
+  ha_child.h ha_child.c
+
+libstrongswan_ha_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+	}
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libstrongswan-ha.la: $(libstrongswan_ha_la_OBJECTS) $(libstrongswan_ha_la_DEPENDENCIES) 
+	$(libstrongswan_ha_la_LINK) $(am_libstrongswan_ha_la_rpath) $(libstrongswan_ha_la_OBJECTS) $(libstrongswan_ha_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_child.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_ctl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_dispatcher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_ike.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_kernel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_message.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_segments.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_socket.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_tunnel.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c
new file mode 100644
index 000000000..2eb8e27f6
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_child.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_child.h"
+
+typedef struct private_ha_child_t private_ha_child_t;
+
+/**
+ * Private data of an ha_child_t object.
+ */
+struct private_ha_child_t {
+
+	/**
+	 * Public ha_child_t interface.
+	 */
+	ha_child_t public;
+
+	/**
+	 * socket we use for syncing
+	 */
+	ha_socket_t *socket;
+
+	/**
+	 * tunnel securing sync messages
+	 */
+	ha_tunnel_t *tunnel;
+};
+
+/**
+ * Implementation of listener_t.child_keys
+ */
+static bool child_keys(private_ha_child_t *this, ike_sa_t *ike_sa,
+					   child_sa_t *child_sa, diffie_hellman_t *dh,
+					   chunk_t nonce_i, chunk_t nonce_r)
+{
+	ha_message_t *m;
+	chunk_t secret;
+	proposal_t *proposal;
+	u_int16_t alg, len;
+	linked_list_t *list;
+	enumerator_t *enumerator;
+	traffic_selector_t *ts;
+
+	if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+	{	/* do not sync SA between nodes */
+		return TRUE;
+	}
+
+	m = ha_message_create(HA_CHILD_ADD);
+
+	m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+	m->add_attribute(m, HA_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE));
+	m->add_attribute(m, HA_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE));
+	m->add_attribute(m, HA_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE));
+	m->add_attribute(m, HA_OUTBOUND_CPI, child_sa->get_cpi(child_sa, FALSE));
+	m->add_attribute(m, HA_IPSEC_MODE, child_sa->get_mode(child_sa));
+	m->add_attribute(m, HA_IPCOMP, child_sa->get_ipcomp(child_sa));
+	m->add_attribute(m, HA_CONFIG_NAME, child_sa->get_name(child_sa));
+
+	proposal = child_sa->get_proposal(child_sa);
+	if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len))
+	{
+		m->add_attribute(m, HA_ALG_ENCR, alg);
+		if (len)
+		{
+			m->add_attribute(m, HA_ALG_ENCR_LEN, len);
+		}
+	}
+	if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
+	{
+		m->add_attribute(m, HA_ALG_INTEG, alg);
+	}
+	m->add_attribute(m, HA_NONCE_I, nonce_i);
+	m->add_attribute(m, HA_NONCE_R, nonce_r);
+	if (dh && dh->get_shared_secret(dh, &secret) == SUCCESS)
+	{
+		m->add_attribute(m, HA_SECRET, secret);
+		chunk_clear(&secret);
+	}
+
+	list = child_sa->get_traffic_selectors(child_sa, TRUE);
+	enumerator = list->create_enumerator(list);
+	while (enumerator->enumerate(enumerator, &ts))
+	{
+		m->add_attribute(m, HA_LOCAL_TS, ts);
+	}
+	enumerator->destroy(enumerator);
+	list = child_sa->get_traffic_selectors(child_sa, FALSE);
+	enumerator = list->create_enumerator(list);
+	while (enumerator->enumerate(enumerator, &ts))
+	{
+		m->add_attribute(m, HA_REMOTE_TS, ts);
+	}
+	enumerator->destroy(enumerator);
+
+	this->socket->push(this->socket, m);
+
+	return TRUE;
+}
+
+/**
+ * Implementation of listener_t.child_state_change
+ */
+static bool child_state_change(private_ha_child_t *this, ike_sa_t *ike_sa,
+							   child_sa_t *child_sa, child_sa_state_t state)
+{
+	if (!ike_sa ||
+		ike_sa->get_state(ike_sa) == IKE_PASSIVE ||
+		ike_sa->get_state(ike_sa) == IKE_DESTROYING)
+	{	/* only sync active IKE_SAs */
+		return TRUE;
+	}
+	if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+	{	/* do not sync SA between nodes */
+		return TRUE;
+	}
+
+
+	if (state == CHILD_DESTROYING)
+	{
+		ha_message_t *m;
+
+		m = ha_message_create(HA_CHILD_DELETE);
+
+		m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+		m->add_attribute(m, HA_INBOUND_SPI,
+						 child_sa->get_spi(child_sa, TRUE));
+		this->socket->push(this->socket, m);
+	}
+	return TRUE;
+}
+
+/**
+ * Implementation of ha_child_t.destroy.
+ */
+static void destroy(private_ha_child_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel)
+{
+	private_ha_child_t *this = malloc_thing(private_ha_child_t);
+
+	memset(&this->public.listener, 0, sizeof(listener_t));
+	this->public.listener.child_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r))child_keys;
+	this->public.listener.child_state_change = (bool(*)(listener_t*,ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state))child_state_change;
+	this->public.destroy = (void(*)(ha_child_t*))destroy;
+
+	this->socket = socket;
+	this->tunnel = tunnel;
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_child.h b/src/libcharon/plugins/ha/ha_child.h
new file mode 100644
index 000000000..ea83495f7
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_child.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_child ha_child
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_CHILD_H_
+#define HA_CHILD_H_
+
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_segments.h"
+
+#include <daemon.h>
+
+typedef struct ha_child_t ha_child_t;
+
+/**
+ * Listener to synchronize CHILD_SAs.
+ */
+struct ha_child_t {
+
+	/**
+	 * Implements bus listener interface.
+	 */
+	listener_t listener;
+
+	/**
+	 * Destroy a ha_child_t.
+	 */
+	void (*destroy)(ha_child_t *this);
+};
+
+/**
+ * Create a ha_child instance.
+ *
+ * @param socket		socket to use for sending synchronization messages
+ * @param tunnel		tunnel securing sync messages, if any
+ * @return				CHILD listener
+ */
+ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel);
+
+#endif /* HA_CHILD_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c
new file mode 100644
index 000000000..441d26d9e
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ctl.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_ctl.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/select.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <pthread.h>
+
+#include <processing/jobs/callback_job.h>
+
+#define HA_FIFO IPSEC_PIDDIR "/charon.ha"
+
+typedef struct private_ha_ctl_t private_ha_ctl_t;
+
+/**
+ * Private data of an ha_ctl_t object.
+ */
+struct private_ha_ctl_t {
+
+	/**
+	 * Public ha_ctl_t interface.
+	 */
+	ha_ctl_t public;
+
+	/**
+	 * Segments to control
+	 */
+	ha_segments_t *segments;
+
+	/**
+	 * FIFO reader thread
+	 */
+	callback_job_t *job;
+};
+
+/**
+ * FIFO dispatching function
+ */
+static job_requeue_t dispatch_fifo(private_ha_ctl_t *this)
+{
+	int fifo, old;
+	char buf[8];
+	u_int segment;
+
+	pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old);
+	fifo = open(HA_FIFO, O_RDONLY);
+	pthread_setcancelstate(old, NULL);
+	if (fifo == -1)
+	{
+		DBG1(DBG_CFG, "opening HA fifo failed: %s", strerror(errno));
+		sleep(1);
+		return JOB_REQUEUE_FAIR;
+	}
+
+	memset(buf, 0, sizeof(buf));
+	if (read(fifo, buf, sizeof(buf)-1) > 1)
+	{
+		segment = atoi(&buf[1]);
+		if (segment)
+		{
+			switch (buf[0])
+			{
+				case '+':
+					this->segments->activate(this->segments, segment, TRUE);
+					break;
+				case '-':
+					this->segments->deactivate(this->segments, segment, TRUE);
+					break;
+				case '*':
+					this->segments->resync(this->segments, segment);
+					break;
+				default:
+					break;
+			}
+		}
+	}
+	close(fifo);
+
+	return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Implementation of ha_ctl_t.destroy.
+ */
+static void destroy(private_ha_ctl_t *this)
+{
+	this->job->cancel(this->job);
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_ctl_t *ha_ctl_create(ha_segments_t *segments)
+{
+	private_ha_ctl_t *this = malloc_thing(private_ha_ctl_t);
+
+	this->public.destroy = (void(*)(ha_ctl_t*))destroy;
+
+	if (access(HA_FIFO, R_OK|W_OK) != 0)
+	{
+		if (mkfifo(HA_FIFO, 600) != 0)
+		{
+			DBG1(DBG_CFG, "creating HA FIFO %s failed: %s",
+				 HA_FIFO, strerror(errno));
+		}
+	}
+
+	this->segments = segments;
+	this->job = callback_job_create((callback_job_cb_t)dispatch_fifo,
+									this, NULL, NULL);
+	charon->processor->queue_job(charon->processor, (job_t*)this->job);
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_ctl.h b/src/libcharon/plugins/ha/ha_ctl.h
new file mode 100644
index 000000000..f33a809be
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ctl.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_ctl ha_ctl
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_CTL_H_
+#define HA_CTL_H_
+
+#include "ha_segments.h"
+
+typedef struct ha_ctl_t ha_ctl_t;
+
+/**
+ * HA Sync control interface using a FIFO.
+ */
+struct ha_ctl_t {
+
+	/**
+	 * Destroy a ha_ctl_t.
+	 */
+	void (*destroy)(ha_ctl_t *this);
+};
+
+/**
+ * Create a ha_ctl instance.
+ *
+ * @param segments	segments to control
+ * @return			HA control interface
+ */
+ha_ctl_t *ha_ctl_create(ha_segments_t *segments);
+
+#endif /* HA_CTL_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
new file mode 100644
index 000000000..7df2f1fa8
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -0,0 +1,737 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_dispatcher.h"
+
+#include <daemon.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_ha_dispatcher_t private_ha_dispatcher_t;
+
+/**
+ * Private data of an ha_dispatcher_t object.
+ */
+struct private_ha_dispatcher_t {
+
+	/**
+	 * Public ha_dispatcher_t interface.
+	 */
+	ha_dispatcher_t public;
+
+	/**
+	 * socket to pull messages from
+	 */
+	ha_socket_t *socket;
+
+	/**
+	 * segments to control
+	 */
+	ha_segments_t *segments;
+
+	/**
+	 * Dispatcher job
+	 */
+	callback_job_t *job;
+};
+
+/**
+ * Quick and dirty hack implementation of diffie_hellman_t.get_shared_secret
+ */
+static status_t get_shared_secret(diffie_hellman_t *this, chunk_t *secret)
+{
+	*secret = chunk_clone((*(chunk_t*)this->destroy));
+	return SUCCESS;
+}
+
+/**
+ * Process messages of type IKE_ADD
+ */
+static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa = NULL, *old_sa = NULL;
+	u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED;
+	chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty;
+	chunk_t secret = chunk_empty, old_skd = chunk_empty;
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_IKE_ID:
+				ike_sa = ike_sa_create(value.ike_sa_id);
+				break;
+			case HA_IKE_REKEY_ID:
+				old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+														  value.ike_sa_id);
+				break;
+			case HA_NONCE_I:
+				nonce_i = value.chunk;
+				break;
+			case HA_NONCE_R:
+				nonce_r = value.chunk;
+				break;
+			case HA_SECRET:
+				secret = value.chunk;
+				break;
+			case HA_OLD_SKD:
+				old_skd = value.chunk;
+				break;
+			case HA_ALG_ENCR:
+				encr = value.u16;
+				break;
+			case HA_ALG_ENCR_LEN:
+				len = value.u16;
+				break;
+			case HA_ALG_INTEG:
+				integ = value.u16;
+				break;
+			case HA_ALG_PRF:
+				prf = value.u16;
+				break;
+			case HA_ALG_OLD_PRF:
+				old_prf = value.u16;
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (ike_sa)
+	{
+		proposal_t *proposal;
+		keymat_t *keymat;
+		/* quick and dirty hack of a DH implementation ;-) */
+		diffie_hellman_t dh = { .get_shared_secret = get_shared_secret,
+								.destroy = (void*)&secret };
+
+		proposal = proposal_create(PROTO_IKE);
+		keymat = ike_sa->get_keymat(ike_sa);
+		if (integ)
+		{
+			proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, integ, 0);
+		}
+		if (encr)
+		{
+			proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len);
+		}
+		if (prf)
+		{
+			proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, prf, 0);
+		}
+		charon->bus->set_sa(charon->bus, ike_sa);
+		if (keymat->derive_ike_keys(keymat, proposal, &dh, nonce_i, nonce_r,
+									 ike_sa->get_id(ike_sa), old_prf, old_skd))
+		{
+			if (old_sa)
+			{
+				peer_cfg_t *peer_cfg = old_sa->get_peer_cfg(old_sa);
+
+				if (peer_cfg)
+				{
+					ike_sa->set_peer_cfg(ike_sa, peer_cfg);
+					ike_sa->inherit(ike_sa, old_sa);
+				}
+				charon->ike_sa_manager->checkin_and_destroy(
+												charon->ike_sa_manager, old_sa);
+				old_sa = NULL;
+			}
+			ike_sa->set_state(ike_sa, IKE_CONNECTING);
+			charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+		}
+		else
+		{
+			DBG1(DBG_IKE, "HA keymat derivation failed");
+			ike_sa->destroy(ike_sa);
+		}
+		charon->bus->set_sa(charon->bus, NULL);
+		proposal->destroy(proposal);
+	}
+	if (old_sa)
+	{
+		charon->ike_sa_manager->checkin(charon->ike_sa_manager, old_sa);
+	}
+}
+
+/**
+ * Apply a condition flag to the IKE_SA if it is in set
+ */
+static void set_condition(ike_sa_t *ike_sa, ike_condition_t set,
+						  ike_condition_t flag)
+{
+	ike_sa->set_condition(ike_sa, flag, flag & set);
+}
+
+/**
+ * Apply a extension flag to the IKE_SA if it is in set
+ */
+static void set_extension(ike_sa_t *ike_sa, ike_extension_t set,
+						  ike_extension_t flag)
+{
+	if (flag & set)
+	{
+		ike_sa->enable_extension(ike_sa, flag);
+	}
+}
+
+/**
+ * Process messages of type IKE_UPDATE
+ */
+static void process_ike_update(private_ha_dispatcher_t *this,
+							   ha_message_t *message)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa = NULL;
+	peer_cfg_t *peer_cfg = NULL;
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		if (attribute != HA_IKE_ID && ike_sa == NULL)
+		{
+			/* must be first attribute */
+			break;
+		}
+		switch (attribute)
+		{
+			case HA_IKE_ID:
+				ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+														  value.ike_sa_id);
+				break;
+			case HA_LOCAL_ID:
+				ike_sa->set_my_id(ike_sa, value.id->clone(value.id));
+				break;
+			case HA_REMOTE_ID:
+				ike_sa->set_other_id(ike_sa, value.id->clone(value.id));
+				break;
+			case HA_LOCAL_ADDR:
+				ike_sa->set_my_host(ike_sa, value.host->clone(value.host));
+				break;
+			case HA_REMOTE_ADDR:
+				ike_sa->set_other_host(ike_sa, value.host->clone(value.host));
+				break;
+			case HA_LOCAL_VIP:
+				ike_sa->set_virtual_ip(ike_sa, TRUE, value.host);
+				break;
+			case HA_REMOTE_VIP:
+				ike_sa->set_virtual_ip(ike_sa, FALSE, value.host);
+				break;
+			case HA_ADDITIONAL_ADDR:
+				ike_sa->add_additional_address(ike_sa,
+											   value.host->clone(value.host));
+				break;
+			case HA_CONFIG_NAME:
+				peer_cfg = charon->backends->get_peer_cfg_by_name(
+												charon->backends, value.str);
+				if (peer_cfg)
+				{
+					ike_sa->set_peer_cfg(ike_sa, peer_cfg);
+					peer_cfg->destroy(peer_cfg);
+				}
+				else
+				{
+					DBG1(DBG_IKE, "HA is missing nodes peer configuration");
+				}
+				break;
+			case HA_EXTENSIONS:
+				set_extension(ike_sa, value.u32, EXT_NATT);
+				set_extension(ike_sa, value.u32, EXT_MOBIKE);
+				set_extension(ike_sa, value.u32, EXT_HASH_AND_URL);
+				break;
+			case HA_CONDITIONS:
+				set_condition(ike_sa, value.u32, COND_NAT_ANY);
+				set_condition(ike_sa, value.u32, COND_NAT_HERE);
+				set_condition(ike_sa, value.u32, COND_NAT_THERE);
+				set_condition(ike_sa, value.u32, COND_NAT_FAKE);
+				set_condition(ike_sa, value.u32, COND_EAP_AUTHENTICATED);
+				set_condition(ike_sa, value.u32, COND_CERTREQ_SEEN);
+				set_condition(ike_sa, value.u32, COND_ORIGINAL_INITIATOR);
+				break;
+			case HA_INITIATE_MID:
+				ike_sa->set_message_id(ike_sa, TRUE, value.u32);
+				break;
+			case HA_RESPOND_MID:
+				ike_sa->set_message_id(ike_sa, FALSE, value.u32);
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (ike_sa)
+	{
+		if (ike_sa->get_state(ike_sa) == IKE_CONNECTING &&
+			ike_sa->get_peer_cfg(ike_sa))
+		{
+			ike_sa->set_state(ike_sa, IKE_PASSIVE);
+		}
+		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+	}
+}
+
+/**
+ * Process messages of type IKE_DELETE
+ */
+static void process_ike_delete(private_ha_dispatcher_t *this,
+							   ha_message_t *message)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa;
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_IKE_ID:
+				ike_sa = charon->ike_sa_manager->checkout(
+									charon->ike_sa_manager, value.ike_sa_id);
+				if (ike_sa)
+				{
+					charon->ike_sa_manager->checkin_and_destroy(
+									charon->ike_sa_manager, ike_sa);
+				}
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Lookup a child cfg from the peer cfg by name
+ */
+static child_cfg_t* find_child_cfg(ike_sa_t *ike_sa, char *name)
+{
+	peer_cfg_t *peer_cfg;
+	child_cfg_t *current, *found = NULL;
+	enumerator_t *enumerator;
+
+	peer_cfg = ike_sa->get_peer_cfg(ike_sa);
+	if (peer_cfg)
+	{
+		enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
+		while (enumerator->enumerate(enumerator, &current))
+		{
+			if (streq(current->get_name(current), name))
+			{
+				found = current;
+				break;
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+	return found;
+}
+
+/**
+ * Process messages of type CHILD_ADD
+ */
+static void process_child_add(private_ha_dispatcher_t *this,
+							  ha_message_t *message)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa = NULL;
+	char *config_name = "";
+	child_cfg_t *config = NULL;
+	child_sa_t *child_sa;
+	proposal_t *proposal;
+	keymat_t *keymat;
+	bool initiator = FALSE, failed = FALSE;
+	u_int32_t inbound_spi = 0, outbound_spi = 0;
+	u_int16_t inbound_cpi = 0, outbound_cpi = 0;
+	u_int8_t mode = MODE_TUNNEL, ipcomp = 0;
+	u_int16_t encr = ENCR_UNDEFINED, integ = AUTH_UNDEFINED, len = 0;
+	chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty;
+	chunk_t encr_i, integ_i, encr_r, integ_r;
+	linked_list_t *local_ts, *remote_ts;
+	/* quick and dirty hack of a DH implementation */
+	diffie_hellman_t dh = { .get_shared_secret = get_shared_secret,
+							.destroy = (void*)&secret };
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_IKE_ID:
+				ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+														  value.ike_sa_id);
+				initiator = value.ike_sa_id->is_initiator(value.ike_sa_id);
+				break;
+			case HA_CONFIG_NAME:
+				config_name = value.str;
+				break;
+			case HA_INBOUND_SPI:
+				inbound_spi = value.u32;
+				break;
+			case HA_OUTBOUND_SPI:
+				outbound_spi = value.u32;
+				break;
+			case HA_INBOUND_CPI:
+				inbound_cpi = value.u32;
+				break;
+			case HA_OUTBOUND_CPI:
+				outbound_cpi = value.u32;
+				break;
+			case HA_IPSEC_MODE:
+				mode = value.u8;
+				break;
+			case HA_IPCOMP:
+				ipcomp = value.u8;
+				break;
+			case HA_ALG_ENCR:
+				encr = value.u16;
+				break;
+			case HA_ALG_ENCR_LEN:
+				len = value.u16;
+				break;
+			case HA_ALG_INTEG:
+				integ = value.u16;
+				break;
+			case HA_NONCE_I:
+				nonce_i = value.chunk;
+				break;
+			case HA_NONCE_R:
+				nonce_r = value.chunk;
+				break;
+			case HA_SECRET:
+				secret = value.chunk;
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (!ike_sa)
+	{
+		DBG1(DBG_CHD, "IKE_SA for HA CHILD_SA not found");
+		return;
+	}
+	config = find_child_cfg(ike_sa, config_name);
+	if (!config)
+	{
+		DBG1(DBG_CHD, "HA is missing nodes child configuration");
+		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+		return;
+	}
+
+	child_sa = child_sa_create(ike_sa->get_my_host(ike_sa),
+							   ike_sa->get_other_host(ike_sa), config, 0,
+							   ike_sa->has_condition(ike_sa, COND_NAT_ANY));
+	child_sa->set_mode(child_sa, mode);
+	child_sa->set_protocol(child_sa, PROTO_ESP);
+	child_sa->set_ipcomp(child_sa, ipcomp);
+
+	proposal = proposal_create(PROTO_ESP);
+	if (integ)
+	{
+		proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, integ, 0);
+	}
+	if (encr)
+	{
+		proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len);
+	}
+	keymat = ike_sa->get_keymat(ike_sa);
+
+	if (!keymat->derive_child_keys(keymat, proposal, secret.ptr ? &dh : NULL,
+					nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r))
+	{
+		DBG1(DBG_CHD, "HA CHILD_SA key derivation failed");
+		child_sa->destroy(child_sa);
+		proposal->destroy(proposal);
+		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+		return;
+	}
+	child_sa->set_proposal(child_sa, proposal);
+	child_sa->set_state(child_sa, CHILD_INSTALLING);
+	proposal->destroy(proposal);
+
+	/* TODO: Change CHILD_SA API to avoid cloning twice */
+	local_ts = linked_list_create();
+	remote_ts = linked_list_create();
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_LOCAL_TS:
+				local_ts->insert_last(local_ts, value.ts->clone(value.ts));
+				break;
+			case HA_REMOTE_TS:
+				remote_ts->insert_last(remote_ts, value.ts->clone(value.ts));
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	if (initiator)
+	{
+		if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi,
+						inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+			child_sa->install(child_sa, encr_i, integ_i, outbound_spi,
+						outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
+		{
+			failed = TRUE;
+		}
+	}
+	else
+	{
+		if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi,
+						inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS ||
+			child_sa->install(child_sa, encr_r, integ_r, outbound_spi,
+						outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS)
+		{
+			failed = TRUE;
+		}
+	}
+	chunk_clear(&encr_i);
+	chunk_clear(&integ_i);
+	chunk_clear(&encr_r);
+	chunk_clear(&integ_r);
+
+	if (failed)
+	{
+		DBG1(DBG_CHD, "HA CHILD_SA installation failed");
+		child_sa->destroy(child_sa);
+		local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
+		remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
+		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+		return;
+	}
+
+	child_sa->add_policies(child_sa, local_ts, remote_ts);
+	local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy));
+	remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy));
+
+	child_sa->set_state(child_sa, CHILD_INSTALLED);
+	ike_sa->add_child_sa(ike_sa, child_sa);
+	charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+}
+
+/**
+ * Process messages of type CHILD_DELETE
+ */
+static void process_child_delete(private_ha_dispatcher_t *this,
+								 ha_message_t *message)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+	ike_sa_t *ike_sa = NULL;
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_IKE_ID:
+				ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager,
+														  value.ike_sa_id);
+				break;
+			case HA_INBOUND_SPI:
+				if (ike_sa)
+				{
+					ike_sa->destroy_child_sa(ike_sa, PROTO_ESP, value.u32);
+				}
+				break;
+			default:
+				break;
+		}
+	}
+	if (ike_sa)
+	{
+		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Process messages of type SEGMENT_TAKE/DROP
+ */
+static void process_segment(private_ha_dispatcher_t *this,
+							ha_message_t *message, bool take)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_SEGMENT:
+				if (take)
+				{
+					DBG1(DBG_CFG, "remote node takes segment %d", value.u16);
+					this->segments->deactivate(this->segments, value.u16, FALSE);
+				}
+				else
+				{
+					DBG1(DBG_CFG, "remote node drops segment %d", value.u16);
+					this->segments->activate(this->segments, value.u16, FALSE);
+				}
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Process messages of type STATUS
+ */
+static void process_status(private_ha_dispatcher_t *this,
+						   ha_message_t *message)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+	segment_mask_t mask = 0;
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_SEGMENT:
+				mask |= SEGMENTS_BIT(value.u16);
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+
+	this->segments->handle_status(this->segments, mask);
+}
+
+/**
+ * Process messages of type RESYNC
+ */
+static void process_resync(private_ha_dispatcher_t *this,
+						   ha_message_t *message)
+{
+	ha_message_attribute_t attribute;
+	ha_message_value_t value;
+	enumerator_t *enumerator;
+
+	enumerator = message->create_attribute_enumerator(message);
+	while (enumerator->enumerate(enumerator, &attribute, &value))
+	{
+		switch (attribute)
+		{
+			case HA_SEGMENT:
+				this->segments->resync(this->segments, value.u16);
+				break;
+			default:
+				break;
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Dispatcher job function
+ */
+static job_requeue_t dispatch(private_ha_dispatcher_t *this)
+{
+	ha_message_t *message;
+
+	message = this->socket->pull(this->socket);
+	switch (message->get_type(message))
+	{
+		case HA_IKE_ADD:
+			process_ike_add(this, message);
+			break;
+		case HA_IKE_UPDATE:
+			process_ike_update(this, message);
+			break;
+		case HA_IKE_DELETE:
+			process_ike_delete(this, message);
+			break;
+		case HA_CHILD_ADD:
+			process_child_add(this, message);
+			break;
+		case HA_CHILD_DELETE:
+			process_child_delete(this, message);
+			break;
+		case HA_SEGMENT_DROP:
+			process_segment(this, message, FALSE);
+			break;
+		case HA_SEGMENT_TAKE:
+			process_segment(this, message, TRUE);
+			break;
+		case HA_STATUS:
+			process_status(this, message);
+			break;
+		case HA_RESYNC:
+			process_resync(this, message);
+			break;
+		default:
+			DBG1(DBG_CFG, "received unknown HA message type %d",
+				 message->get_type(message));
+			break;
+	}
+	message->destroy(message);
+
+	return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Implementation of ha_dispatcher_t.destroy.
+ */
+static void destroy(private_ha_dispatcher_t *this)
+{
+	this->job->cancel(this->job);
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
+									  ha_segments_t *segments)
+{
+	private_ha_dispatcher_t *this = malloc_thing(private_ha_dispatcher_t);
+
+	this->public.destroy = (void(*)(ha_dispatcher_t*))destroy;
+
+	this->socket = socket;
+	this->segments = segments;
+	this->job = callback_job_create((callback_job_cb_t)dispatch,
+									this, NULL, NULL);
+	charon->processor->queue_job(charon->processor, (job_t*)this->job);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.h b/src/libcharon/plugins/ha/ha_dispatcher.h
new file mode 100644
index 000000000..d2baace3f
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_dispatcher.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_dispatcher ha_dispatcher
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_DISPATCHER_H_
+#define HA_DISPATCHER_H_
+
+#include "ha_socket.h"
+#include "ha_segments.h"
+
+typedef struct ha_dispatcher_t ha_dispatcher_t;
+
+/**
+ * The dispatcher pulls messages in a thread an processes them.
+ */
+struct ha_dispatcher_t {
+
+	/**
+	 * Destroy a ha_dispatcher_t.
+	 */
+	void (*destroy)(ha_dispatcher_t *this);
+};
+
+/**
+ * Create a ha_dispatcher instance pulling from socket.
+ *
+ * @param socket		socket to pull messages from
+ * @param segments		segments to control based on received messages
+ * @return				dispatcher object
+ */
+ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket,
+									  ha_segments_t *segments);
+
+#endif /* HA_DISPATCHER_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
new file mode 100644
index 000000000..1f025d0e5
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_ike.h"
+
+typedef struct private_ha_ike_t private_ha_ike_t;
+
+/**
+ * Private data of an ha_ike_t object.
+ */
+struct private_ha_ike_t {
+
+	/**
+	 * Public ha_ike_t interface.
+	 */
+	ha_ike_t public;
+
+	/**
+	 * socket we use for syncing
+	 */
+	ha_socket_t *socket;
+
+	/**
+	 * tunnel securing sync messages
+	 */
+	ha_tunnel_t *tunnel;
+};
+
+/**
+ * Return condition if it is set on ike_sa
+ */
+static ike_condition_t copy_condition(ike_sa_t *ike_sa, ike_condition_t cond)
+{
+	if (ike_sa->has_condition(ike_sa, cond))
+	{
+		return cond;
+	}
+	return 0;
+}
+
+/**
+ * Return extension if it is supported by peers IKE_SA
+ */
+static ike_extension_t copy_extension(ike_sa_t *ike_sa, ike_extension_t ext)
+{
+	if (ike_sa->supports_extension(ike_sa, ext))
+	{
+		return ext;
+	}
+	return 0;
+}
+
+/**
+ * Implementation of listener_t.ike_keys
+ */
+static bool ike_keys(private_ha_ike_t *this, ike_sa_t *ike_sa,
+					 diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r,
+					 ike_sa_t *rekey)
+{
+	ha_message_t *m;
+	chunk_t secret;
+	proposal_t *proposal;
+	u_int16_t alg, len;
+
+	if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+	{	/* do not sync SA between nodes */
+		return TRUE;
+	}
+	if (dh->get_shared_secret(dh, &secret) != SUCCESS)
+	{
+		return TRUE;
+	}
+
+	m = ha_message_create(HA_IKE_ADD);
+	m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+
+	if (rekey)
+	{
+		chunk_t skd;
+		keymat_t *keymat;
+
+		keymat = rekey->get_keymat(rekey);
+		m->add_attribute(m, HA_IKE_REKEY_ID, rekey->get_id(rekey));
+		m->add_attribute(m, HA_ALG_OLD_PRF, keymat->get_skd(keymat, &skd));
+		m->add_attribute(m, HA_OLD_SKD, skd);
+	}
+
+	proposal = ike_sa->get_proposal(ike_sa);
+	if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len))
+	{
+		m->add_attribute(m, HA_ALG_ENCR, alg);
+		if (len)
+		{
+			m->add_attribute(m, HA_ALG_ENCR_LEN, len);
+		}
+	}
+	if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL))
+	{
+		m->add_attribute(m, HA_ALG_INTEG, alg);
+	}
+	if (proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL))
+	{
+		m->add_attribute(m, HA_ALG_PRF, alg);
+	}
+	m->add_attribute(m, HA_NONCE_I, nonce_i);
+	m->add_attribute(m, HA_NONCE_R, nonce_r);
+	m->add_attribute(m, HA_SECRET, secret);
+	chunk_clear(&secret);
+
+	this->socket->push(this->socket, m);
+
+	return TRUE;
+}
+
+/**
+ * Implementation of listener_t.ike_updown
+ */
+static bool ike_updown(private_ha_ike_t *this, ike_sa_t *ike_sa, bool up)
+{
+	ha_message_t *m;
+
+	if (ike_sa->get_state(ike_sa) == IKE_PASSIVE)
+	{	/* only sync active IKE_SAs */
+		return TRUE;
+	}
+	if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+	{	/* do not sync SA between nodes */
+		return TRUE;
+	}
+
+	if (up)
+	{
+		iterator_t *iterator;
+		peer_cfg_t *peer_cfg;
+		u_int32_t extension, condition;
+		host_t *addr;
+		ike_sa_id_t *id;
+
+		peer_cfg = ike_sa->get_peer_cfg(ike_sa);
+
+		condition = copy_condition(ike_sa, COND_NAT_ANY)
+				  | copy_condition(ike_sa, COND_NAT_HERE)
+				  | copy_condition(ike_sa, COND_NAT_THERE)
+				  | copy_condition(ike_sa, COND_NAT_FAKE)
+				  | copy_condition(ike_sa, COND_EAP_AUTHENTICATED)
+				  | copy_condition(ike_sa, COND_CERTREQ_SEEN)
+				  | copy_condition(ike_sa, COND_ORIGINAL_INITIATOR);
+
+		extension = copy_extension(ike_sa, EXT_NATT)
+				  | copy_extension(ike_sa, EXT_MOBIKE)
+				  | copy_extension(ike_sa, EXT_HASH_AND_URL);
+
+		id = ike_sa->get_id(ike_sa);
+
+		m = ha_message_create(HA_IKE_UPDATE);
+		m->add_attribute(m, HA_IKE_ID, id);
+		m->add_attribute(m, HA_LOCAL_ID, ike_sa->get_my_id(ike_sa));
+		m->add_attribute(m, HA_REMOTE_ID, ike_sa->get_other_id(ike_sa));
+		m->add_attribute(m, HA_LOCAL_ADDR, ike_sa->get_my_host(ike_sa));
+		m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
+		m->add_attribute(m, HA_CONDITIONS, condition);
+		m->add_attribute(m, HA_EXTENSIONS, extension);
+		m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
+		iterator = ike_sa->create_additional_address_iterator(ike_sa);
+		while (iterator->iterate(iterator, (void**)&addr))
+		{
+			m->add_attribute(m, HA_ADDITIONAL_ADDR, addr);
+		}
+		iterator->destroy(iterator);
+	}
+	else
+	{
+		m = ha_message_create(HA_IKE_DELETE);
+		m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+	}
+	this->socket->push(this->socket, m);
+	return TRUE;
+}
+
+/**
+ * Implementation of listener_t.ike_rekey
+ */
+static bool ike_rekey(private_ha_ike_t *this, ike_sa_t *old, ike_sa_t *new)
+{
+	ike_updown(this, old, FALSE);
+	ike_updown(this, new, TRUE);
+	return TRUE;
+}
+
+/**
+ * Implementation of listener_t.message
+ */
+static bool message_hook(private_ha_ike_t *this, ike_sa_t *ike_sa,
+						 message_t *message, bool incoming)
+{
+	if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+	{	/* do not sync SA between nodes */
+		return TRUE;
+	}
+
+	if (message->get_exchange_type(message) != IKE_SA_INIT &&
+		message->get_request(message))
+	{	/* we sync on requests, but skip it on IKE_SA_INIT */
+		ha_message_t *m;
+		u_int32_t mid;
+
+		m = ha_message_create(HA_IKE_UPDATE);
+		m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+		mid = message->get_message_id(message) + 1;
+		if (incoming)
+		{
+			m->add_attribute(m, HA_RESPOND_MID, mid);
+		}
+		else
+		{
+			m->add_attribute(m, HA_INITIATE_MID, mid);
+		}
+		this->socket->push(this->socket, m);
+	}
+	if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+		message->get_exchange_type(message) == IKE_AUTH &&
+		!message->get_request(message))
+	{	/* After IKE_SA has been established, sync peers virtual IP.
+		 * We cannot sync it in the state_change hook, it is installed later.
+		 * TODO: where to sync local VIP? */
+		ha_message_t *m;
+		host_t *vip;
+
+		vip = ike_sa->get_virtual_ip(ike_sa, FALSE);
+		if (vip)
+		{
+			m = ha_message_create(HA_IKE_UPDATE);
+			m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa));
+			m->add_attribute(m, HA_REMOTE_VIP, vip);
+			this->socket->push(this->socket, m);
+		}
+	}
+	return TRUE;
+}
+
+/**
+ * Implementation of ha_ike_t.destroy.
+ */
+static void destroy(private_ha_ike_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel)
+{
+	private_ha_ike_t *this = malloc_thing(private_ha_ike_t);
+
+	memset(&this->public.listener, 0, sizeof(listener_t));
+	this->public.listener.ike_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, diffie_hellman_t *dh,chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey))ike_keys;
+	this->public.listener.ike_updown = (bool(*)(listener_t*,ike_sa_t *ike_sa, bool up))ike_updown;
+	this->public.listener.ike_rekey = (bool(*)(listener_t*,ike_sa_t *old, ike_sa_t *new))ike_rekey;
+	this->public.listener.message = (bool(*)(listener_t*, ike_sa_t *, message_t *,bool))message_hook;
+	this->public.destroy = (void(*)(ha_ike_t*))destroy;
+
+	this->socket = socket;
+	this->tunnel = tunnel;
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_ike.h b/src/libcharon/plugins/ha/ha_ike.h
new file mode 100644
index 000000000..9de210e67
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_ike.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_ike ha_ike
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_IKE_H_
+#define HA_IKE_H_
+
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_segments.h"
+
+#include <daemon.h>
+
+typedef struct ha_ike_t ha_ike_t;
+
+/**
+ * Listener to synchronize IKE_SAs.
+ */
+struct ha_ike_t {
+
+	/**
+	 * Implements bus listener interface.
+	 */
+	listener_t listener;
+
+	/**
+	 * Destroy a ha_ike_t.
+	 */
+	void (*destroy)(ha_ike_t *this);
+};
+
+/**
+ * Create a ha_ike instance.
+ *
+ * @param socket		socket to use for sending synchronization messages
+ * @param tunnel		tunnel securing sync messages, if any
+ * @return				IKE listener
+ */
+ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel);
+
+#endif /* HA_IKE_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c
new file mode 100644
index 000000000..0ad9c22c3
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_kernel.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_kernel.h"
+
+typedef u_int32_t u32;
+typedef u_int8_t u8;
+
+#include <linux/jhash.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#define CLUSTERIP_DIR "/proc/net/ipt_CLUSTERIP"
+
+typedef struct private_ha_kernel_t private_ha_kernel_t;
+
+/**
+ * Private data of an ha_kernel_t object.
+ */
+struct private_ha_kernel_t {
+
+	/**
+	 * Public ha_kernel_t interface.
+	 */
+	ha_kernel_t public;
+
+	/**
+	 * Init value for jhash
+	 */
+	u_int initval;
+
+	/**
+	 * Total number of ClusterIP segments
+	 */
+	u_int count;
+};
+
+/**
+ * Implementation of ha_kernel_t.in_segment
+ */
+static bool in_segment(private_ha_kernel_t *this, host_t *host, u_int segment)
+{
+	if (host->get_family(host) == AF_INET)
+	{
+		unsigned long hash;
+		u_int32_t addr;
+
+		addr = *(u_int32_t*)host->get_address(host).ptr;
+		hash = jhash_1word(ntohl(addr), this->initval);
+
+		if ((((u_int64_t)hash * this->count) >> 32) + 1 == segment)
+		{
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+/**
+ * Activate/Deactivate a segment for a given clusterip file
+ */
+static void enable_disable(private_ha_kernel_t *this, u_int segment,
+						   char *file, bool enable)
+{
+	char cmd[8];
+	int fd;
+
+	snprintf(cmd, sizeof(cmd), "%c%d\n", enable ? '+' : '-', segment);
+
+	fd = open(file, O_WRONLY);
+	if (fd == -1)
+	{
+		DBG1(DBG_CFG, "opening CLUSTERIP file '%s' failed: %s",
+			 file, strerror(errno));
+		return;
+	}
+	if (write(fd, cmd, strlen(cmd) == -1))
+	{
+		DBG1(DBG_CFG, "writing to CLUSTERIP file '%s' failed: %s",
+			 file, strerror(errno));
+	}
+	close(fd);
+}
+
+/**
+ * Get the currenlty active segments in the kernel for a clusterip file
+ */
+static segment_mask_t get_active(private_ha_kernel_t *this, char *file)
+{
+	char buf[256];
+	segment_mask_t mask = 0;
+	ssize_t len;
+	int fd;
+
+	fd = open(file, O_RDONLY);
+	if (fd == -1)
+	{
+		DBG1(DBG_CFG, "opening CLUSTERIP file '%s' failed: %s",
+			 file, strerror(errno));
+		return 0;
+	}
+	len = read(fd, buf, sizeof(buf)-1);
+	if (len == -1)
+	{
+		DBG1(DBG_CFG, "reading from CLUSTERIP file '%s' failed: %s",
+			 file, strerror(errno));
+	}
+	else
+	{
+		enumerator_t *enumerator;
+		u_int segment;
+		char *token;
+
+		buf[len] = '\0';
+		enumerator = enumerator_create_token(buf, ",", " ");
+		while (enumerator->enumerate(enumerator, &token))
+		{
+			segment = atoi(token);
+			if (segment)
+			{
+				mask |= SEGMENTS_BIT(segment);
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+	return mask;
+}
+
+/**
+ * Implementation of ha_kernel_t.activate
+ */
+static void activate(private_ha_kernel_t *this, u_int segment)
+{
+	enumerator_t *enumerator;
+	char *file;
+
+	enumerator = enumerator_create_directory(CLUSTERIP_DIR);
+	while (enumerator->enumerate(enumerator, NULL, &file, NULL))
+	{
+		enable_disable(this, segment, file, TRUE);
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Implementation of ha_kernel_t.deactivate
+ */
+static void deactivate(private_ha_kernel_t *this, u_int segment)
+{
+	enumerator_t *enumerator;
+	char *file;
+
+	enumerator = enumerator_create_directory(CLUSTERIP_DIR);
+	while (enumerator->enumerate(enumerator, NULL, &file, NULL))
+	{
+		enable_disable(this, segment, file, FALSE);
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Disable all not-yet disabled segments on all clusterip addresses
+ */
+static void disable_all(private_ha_kernel_t *this)
+{
+	enumerator_t *enumerator;
+	segment_mask_t active;
+	char *file;
+	int i;
+
+	enumerator = enumerator_create_directory(CLUSTERIP_DIR);
+	while (enumerator->enumerate(enumerator, NULL, &file, NULL))
+	{
+		active = get_active(this, file);
+		for (i = 1; i <= this->count; i++)
+		{
+			if (active & SEGMENTS_BIT(i))
+			{
+				enable_disable(this, i, file, FALSE);
+			}
+		}
+	}
+	enumerator->destroy(enumerator);
+}
+
+/**
+ * Implementation of ha_kernel_t.destroy.
+ */
+static void destroy(private_ha_kernel_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_kernel_t *ha_kernel_create(u_int count)
+{
+	private_ha_kernel_t *this = malloc_thing(private_ha_kernel_t);
+
+	this->public.in_segment = (bool(*)(ha_kernel_t*, host_t *host, u_int segment))in_segment;
+	this->public.activate = (void(*)(ha_kernel_t*, u_int segment))activate;
+	this->public.deactivate = (void(*)(ha_kernel_t*, u_int segment))deactivate;
+	this->public.destroy = (void(*)(ha_kernel_t*))destroy;
+
+	this->initval = 0;
+	this->count = count;
+
+	disable_all(this);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h
new file mode 100644
index 000000000..b37cc7667
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_kernel.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_kernel ha_kernel
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_KERNEL_H_
+#define HA_KERNEL_H_
+
+typedef struct ha_kernel_t ha_kernel_t;
+
+#include "ha_segments.h"
+
+/**
+ * HA segment kernel configuration interface.
+ */
+struct ha_kernel_t {
+
+	/**
+	 * Check if a host is in a segment.
+	 *
+	 * @param host		host to check
+	 * @param segment	segment
+	 * @return 			TRUE if host belongs to segment
+	 */
+	bool (*in_segment)(ha_kernel_t *this, host_t *host, u_int segment);
+
+	/**
+	 * Activate a segment at kernel level for all cluster addresses.
+	 *
+	 * @param segment	segment to activate
+	 */
+	void (*activate)(ha_kernel_t *this, u_int segment);
+
+	/**
+	 * Deactivate a segment at kernel level for all cluster addresses.
+	 *
+	 * @param segment	segment to deactivate
+	 */
+	void (*deactivate)(ha_kernel_t *this, u_int segment);
+
+	/**
+	 * Destroy a ha_kernel_t.
+	 */
+	void (*destroy)(ha_kernel_t *this);
+};
+
+/**
+ * Create a ha_kernel instance.
+ *
+ * @param count			total number of segments to use
+ * @param active		bitmask of initially active segments
+ */
+ha_kernel_t *ha_kernel_create(u_int count);
+
+#endif /* HA_KERNEL_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c
new file mode 100644
index 000000000..54b10f05d
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_message.c
@@ -0,0 +1,663 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <arpa/inet.h>
+
+#include "ha_message.h"
+
+#include <daemon.h>
+
+#define ALLOCATION_BLOCK 64
+
+typedef struct private_ha_message_t private_ha_message_t;
+
+/**
+ * Private data of an ha_message_t object.
+ */
+struct private_ha_message_t {
+
+	/**
+	 * Public ha_message_t interface.
+	 */
+	ha_message_t public;
+
+	/**
+	 * Allocated size of buf
+	 */
+	size_t allocated;
+
+	/**
+	 * Buffer containing encoded data
+	 */
+	chunk_t buf;
+};
+
+typedef struct ike_sa_id_encoding_t ike_sa_id_encoding_t;
+
+/**
+ * Encoding if an ike_sa_id_t
+ */
+struct ike_sa_id_encoding_t {
+	u_int64_t initiator_spi;
+	u_int64_t responder_spi;
+	u_int8_t initiator;
+} __attribute__((packed));
+
+typedef struct identification_encoding_t identification_encoding_t;
+
+/**
+ * Encoding of a identification_t
+ */
+struct identification_encoding_t {
+	u_int8_t type;
+	u_int8_t len;
+	char encoding[];
+} __attribute__((packed));
+
+typedef struct host_encoding_t host_encoding_t;
+
+/**
+ * encoding of a host_t
+ */
+struct host_encoding_t {
+	u_int16_t port;
+	u_int8_t family;
+	char encoding[];
+} __attribute__((packed));
+
+typedef struct ts_encoding_t ts_encoding_t;
+
+/**
+ * encoding of a traffic_selector_t
+ */
+struct ts_encoding_t {
+	u_int8_t type;
+	u_int8_t protocol;
+	u_int16_t from_port;
+	u_int16_t to_port;
+	u_int8_t dynamic;
+	char encoding[];
+} __attribute__((packed));
+
+/**
+ * Implementation of ha_message_t.get_type
+ */
+static ha_message_type_t get_type(private_ha_message_t *this)
+{
+	return this->buf.ptr[1];
+}
+
+/**
+ * check for space in buffer, increase if necessary
+ */
+static void check_buf(private_ha_message_t *this, size_t len)
+{
+	int increased = 0;
+
+	while (this->buf.len + len > this->allocated)
+	{	/* double size */
+		this->allocated += ALLOCATION_BLOCK;
+		increased++;
+	}
+	if (increased)
+	{
+		this->buf.ptr = realloc(this->buf.ptr, this->allocated);
+	}
+}
+
+/**
+ * Implementation of ha_message_t.add_attribute
+ */
+static void add_attribute(private_ha_message_t *this,
+						  ha_message_attribute_t attribute, ...)
+{
+	size_t len;
+	va_list args;
+
+	check_buf(this, sizeof(u_int8_t));
+	this->buf.ptr[this->buf.len] = attribute;
+	this->buf.len += sizeof(u_int8_t);
+
+	va_start(args, attribute);
+	switch (attribute)
+	{
+		/* ike_sa_id_t* */
+		case HA_IKE_ID:
+		case HA_IKE_REKEY_ID:
+		{
+			ike_sa_id_encoding_t *enc;
+			ike_sa_id_t *id;
+
+			id = va_arg(args, ike_sa_id_t*);
+			check_buf(this, sizeof(ike_sa_id_encoding_t));
+			enc = (ike_sa_id_encoding_t*)(this->buf.ptr + this->buf.len);
+			this->buf.len += sizeof(ike_sa_id_encoding_t);
+			enc->initiator = id->is_initiator(id);
+			enc->initiator_spi = id->get_initiator_spi(id);
+			enc->responder_spi = id->get_responder_spi(id);
+			break;
+		}
+		/* identification_t* */
+		case HA_LOCAL_ID:
+		case HA_REMOTE_ID:
+		{
+			identification_encoding_t *enc;
+			identification_t *id;
+			chunk_t data;
+
+			id = va_arg(args, identification_t*);
+			data = id->get_encoding(id);
+			check_buf(this, sizeof(identification_encoding_t) + data.len);
+			enc = (identification_encoding_t*)(this->buf.ptr + this->buf.len);
+			this->buf.len += sizeof(identification_encoding_t) + data.len;
+			enc->type = id->get_type(id);
+			enc->len = data.len;
+			memcpy(enc->encoding, data.ptr, data.len);
+			break;
+		}
+		/* host_t* */
+		case HA_LOCAL_ADDR:
+		case HA_REMOTE_ADDR:
+		case HA_LOCAL_VIP:
+		case HA_REMOTE_VIP:
+		case HA_ADDITIONAL_ADDR:
+		{
+			host_encoding_t *enc;
+			host_t *host;
+			chunk_t data;
+
+			host = va_arg(args, host_t*);
+			data = host->get_address(host);
+			check_buf(this, sizeof(host_encoding_t) + data.len);
+			enc = (host_encoding_t*)(this->buf.ptr + this->buf.len);
+			this->buf.len += sizeof(host_encoding_t) + data.len;
+			enc->family = host->get_family(host);
+			enc->port = htons(host->get_port(host));
+			memcpy(enc->encoding, data.ptr, data.len);
+			break;
+		}
+		/* char* */
+		case HA_CONFIG_NAME:
+		{
+			char *str;
+
+			str = va_arg(args, char*);
+			len = strlen(str) + 1;
+			check_buf(this, len);
+			memcpy(this->buf.ptr + this->buf.len, str, len);
+			this->buf.len += len;
+			break;
+		}
+		/* u_int8_t */
+		case HA_IPSEC_MODE:
+		case HA_IPCOMP:
+		{
+			u_int8_t val;
+
+			val = va_arg(args, u_int);
+			check_buf(this, sizeof(val));
+			this->buf.ptr[this->buf.len] = val;
+			this->buf.len += sizeof(val);
+			break;
+		}
+		/* u_int16_t */
+		case HA_ALG_PRF:
+		case HA_ALG_OLD_PRF:
+		case HA_ALG_ENCR:
+		case HA_ALG_ENCR_LEN:
+		case HA_ALG_INTEG:
+		case HA_INBOUND_CPI:
+		case HA_OUTBOUND_CPI:
+		case HA_SEGMENT:
+		{
+			u_int16_t val;
+
+			val = va_arg(args, u_int);
+			check_buf(this, sizeof(val));
+			*(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(val);
+			this->buf.len += sizeof(val);
+			break;
+		}
+		/** u_int32_t */
+		case HA_CONDITIONS:
+		case HA_EXTENSIONS:
+		case HA_INBOUND_SPI:
+		case HA_OUTBOUND_SPI:
+		case HA_INITIATE_MID:
+		case HA_RESPOND_MID:
+		{
+			u_int32_t val;
+
+			val = va_arg(args, u_int);
+			check_buf(this, sizeof(val));
+			*(u_int32_t*)(this->buf.ptr + this->buf.len) = htonl(val);
+			this->buf.len += sizeof(val);
+			break;
+		}
+		/** chunk_t */
+		case HA_NONCE_I:
+		case HA_NONCE_R:
+		case HA_SECRET:
+		case HA_OLD_SKD:
+		{
+			chunk_t chunk;
+
+			chunk = va_arg(args, chunk_t);
+			check_buf(this, chunk.len + sizeof(u_int16_t));
+			*(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len);
+			memcpy(this->buf.ptr + this->buf.len + sizeof(u_int16_t),
+				   chunk.ptr, chunk.len);
+			this->buf.len += chunk.len + sizeof(u_int16_t);;
+			break;
+		}
+		/** traffic_selector_t */
+		case HA_LOCAL_TS:
+		case HA_REMOTE_TS:
+		{
+			ts_encoding_t *enc;
+			traffic_selector_t *ts;
+			chunk_t data;
+
+			ts = va_arg(args, traffic_selector_t*);
+			data = chunk_cata("cc", ts->get_from_address(ts),
+							  ts->get_to_address(ts));
+			check_buf(this, sizeof(ts_encoding_t) + data.len);
+			enc = (ts_encoding_t*)(this->buf.ptr + this->buf.len);
+			this->buf.len += sizeof(ts_encoding_t) + data.len;
+			enc->type = ts->get_type(ts);
+			enc->protocol = ts->get_protocol(ts);
+			enc->from_port = htons(ts->get_from_port(ts));
+			enc->to_port = htons(ts->get_to_port(ts));
+			enc->dynamic = ts->is_dynamic(ts);
+			memcpy(enc->encoding, data.ptr, data.len);
+			break;
+		}
+		default:
+		{
+			DBG1(DBG_CFG, "unable to encode, attribute %d unknown", attribute);
+			this->buf.len -= sizeof(u_int8_t);
+			break;
+		}
+	}
+	va_end(args);
+}
+
+/**
+ * Attribute enumerator implementation
+ */
+typedef struct {
+	/** implementes enumerator_t */
+	enumerator_t public;
+	/** position in message */
+	chunk_t buf;
+	/** cleanup handler of current element, if any */
+	void (*cleanup)(void* data);
+	/** data to pass to cleanup handler */
+	void *cleanup_data;
+} attribute_enumerator_t;
+
+/**
+ * Implementation of create_attribute_enumerator().enumerate
+ */
+static bool attribute_enumerate(attribute_enumerator_t *this,
+								ha_message_attribute_t *attr_out,
+								ha_message_value_t *value)
+{
+	ha_message_attribute_t attr;
+
+	if (this->cleanup)
+	{
+		this->cleanup(this->cleanup_data);
+		this->cleanup = NULL;
+	}
+	if (this->buf.len < 1)
+	{
+		return FALSE;
+	}
+	attr = this->buf.ptr[0];
+	this->buf = chunk_skip(this->buf, 1);
+	switch (attr)
+	{
+		/* ike_sa_id_t* */
+		case HA_IKE_ID:
+		case HA_IKE_REKEY_ID:
+		{
+			ike_sa_id_encoding_t *enc;
+
+			if (this->buf.len < sizeof(ike_sa_id_encoding_t))
+			{
+				return FALSE;
+			}
+			enc = (ike_sa_id_encoding_t*)(this->buf.ptr);
+			value->ike_sa_id = ike_sa_id_create(enc->initiator_spi,
+											enc->responder_spi, enc->initiator);
+			*attr_out = attr;
+			this->cleanup = (void*)value->ike_sa_id->destroy;
+			this->cleanup_data = value->ike_sa_id;
+			this->buf = chunk_skip(this->buf, sizeof(ike_sa_id_encoding_t));
+			return TRUE;
+		}
+		/* identification_t* */
+		case HA_LOCAL_ID:
+		case HA_REMOTE_ID:
+		{
+			identification_encoding_t *enc;
+
+			enc = (identification_encoding_t*)(this->buf.ptr);
+			if (this->buf.len < sizeof(identification_encoding_t) ||
+				this->buf.len < sizeof(identification_encoding_t) + enc->len)
+			{
+				return FALSE;
+			}
+			value->id = identification_create_from_encoding(enc->type,
+										chunk_create(enc->encoding, enc->len));
+			*attr_out = attr;
+			this->cleanup = (void*)value->id->destroy;
+			this->cleanup_data = value->id;
+			this->buf = chunk_skip(this->buf,
+								sizeof(identification_encoding_t) + enc->len);
+			return TRUE;
+		}
+		/* host_t* */
+		case HA_LOCAL_ADDR:
+		case HA_REMOTE_ADDR:
+		case HA_LOCAL_VIP:
+		case HA_REMOTE_VIP:
+		case HA_ADDITIONAL_ADDR:
+		{
+			host_encoding_t *enc;
+
+			enc = (host_encoding_t*)(this->buf.ptr);
+			if (this->buf.len < sizeof(host_encoding_t))
+			{
+				return FALSE;
+			}
+			value->host = host_create_from_chunk(enc->family,
+									chunk_create(enc->encoding,
+										this->buf.len - sizeof(host_encoding_t)),
+									ntohs(enc->port));
+			if (!value->host)
+			{
+				return FALSE;
+			}
+			*attr_out = attr;
+			this->cleanup = (void*)value->host->destroy;
+			this->cleanup_data = value->host;
+			this->buf = chunk_skip(this->buf, sizeof(host_encoding_t) +
+								   value->host->get_address(value->host).len);
+			return TRUE;
+		}
+		/* char* */
+		case HA_CONFIG_NAME:
+		{
+			size_t len;
+
+			len = strnlen(this->buf.ptr, this->buf.len);
+			if (len >= this->buf.len)
+			{
+				return FALSE;
+			}
+			value->str = this->buf.ptr;
+			*attr_out = attr;
+			this->buf = chunk_skip(this->buf, len + 1);
+			return TRUE;
+		}
+		/* u_int8_t */
+		case HA_IPSEC_MODE:
+		case HA_IPCOMP:
+		{
+			if (this->buf.len < sizeof(u_int8_t))
+			{
+				return FALSE;
+			}
+			value->u8 = *(u_int8_t*)this->buf.ptr;
+			*attr_out = attr;
+			this->buf = chunk_skip(this->buf, sizeof(u_int8_t));
+			return TRUE;
+		}
+		/** u_int16_t */
+		case HA_ALG_PRF:
+		case HA_ALG_OLD_PRF:
+		case HA_ALG_ENCR:
+		case HA_ALG_ENCR_LEN:
+		case HA_ALG_INTEG:
+		case HA_INBOUND_CPI:
+		case HA_OUTBOUND_CPI:
+		case HA_SEGMENT:
+		{
+			if (this->buf.len < sizeof(u_int16_t))
+			{
+				return FALSE;
+			}
+			value->u16 = ntohs(*(u_int16_t*)this->buf.ptr);
+			*attr_out = attr;
+			this->buf = chunk_skip(this->buf, sizeof(u_int16_t));
+			return TRUE;
+		}
+		/** u_int32_t */
+		case HA_CONDITIONS:
+		case HA_EXTENSIONS:
+		case HA_INBOUND_SPI:
+		case HA_OUTBOUND_SPI:
+		case HA_INITIATE_MID:
+		case HA_RESPOND_MID:
+		{
+			if (this->buf.len < sizeof(u_int32_t))
+			{
+				return FALSE;
+			}
+			value->u32 = ntohl(*(u_int32_t*)this->buf.ptr);
+			*attr_out = attr;
+			this->buf = chunk_skip(this->buf, sizeof(u_int32_t));
+			return TRUE;
+		}
+		/** chunk_t */
+		case HA_NONCE_I:
+		case HA_NONCE_R:
+		case HA_SECRET:
+		case HA_OLD_SKD:
+		{
+			size_t len;
+
+			if (this->buf.len < sizeof(u_int16_t))
+			{
+				return FALSE;
+			}
+			len = ntohs(*(u_int16_t*)this->buf.ptr);
+			this->buf = chunk_skip(this->buf, sizeof(u_int16_t));
+			if (this->buf.len < len)
+			{
+				return FALSE;
+			}
+			value->chunk.len = len;
+			value->chunk.ptr = this->buf.ptr;
+			*attr_out = attr;
+			this->buf = chunk_skip(this->buf, len);
+			return TRUE;
+		}
+		case HA_LOCAL_TS:
+		case HA_REMOTE_TS:
+		{
+			ts_encoding_t *enc;
+			host_t *host;
+			int addr_len;
+
+			enc = (ts_encoding_t*)(this->buf.ptr);
+			if (this->buf.len < sizeof(ts_encoding_t))
+			{
+				return FALSE;
+			}
+			switch (enc->type)
+			{
+				case TS_IPV4_ADDR_RANGE:
+					addr_len = 4;
+					if (this->buf.len < sizeof(ts_encoding_t) + 2 * addr_len)
+					{
+						return FALSE;
+					}
+					break;
+				case TS_IPV6_ADDR_RANGE:
+					addr_len = 16;
+					if (this->buf.len < sizeof(ts_encoding_t) + 2 * addr_len)
+					{
+						return FALSE;
+					}
+					break;
+				default:
+					return FALSE;
+			}
+			if (enc->dynamic)
+			{
+				host = host_create_from_chunk(0,
+									chunk_create(enc->encoding, addr_len), 0);
+				if (!host)
+				{
+					return FALSE;
+				}
+				value->ts = traffic_selector_create_dynamic(enc->protocol,
+									ntohs(enc->from_port), ntohs(enc->to_port));
+				value->ts->set_address(value->ts, host);
+				host->destroy(host);
+			}
+			else
+			{
+				value->ts = traffic_selector_create_from_bytes(enc->protocol,
+								enc->type, chunk_create(enc->encoding, addr_len),
+								ntohs(enc->from_port),
+								chunk_create(enc->encoding + addr_len, addr_len),
+								ntohs(enc->to_port));
+				if (!value->ts)
+				{
+					return FALSE;
+				}
+			}
+			*attr_out = attr;
+			this->cleanup = (void*)value->ts->destroy;
+			this->cleanup_data = value->ts;
+			this->buf = chunk_skip(this->buf, sizeof(ts_encoding_t)
+										+ addr_len * 2);
+			return TRUE;
+		}
+		default:
+		{
+			return FALSE;
+		}
+	}
+}
+
+/**
+ * Implementation of create_attribute_enumerator().destroy
+ */
+static void enum_destroy(attribute_enumerator_t *this)
+{
+	if (this->cleanup)
+	{
+		this->cleanup(this->cleanup_data);
+	}
+	free(this);
+}
+
+/**
+ * Implementation of ha_message_t.create_attribute_enumerator
+ */
+static enumerator_t* create_attribute_enumerator(private_ha_message_t *this)
+{
+	attribute_enumerator_t *e = malloc_thing(attribute_enumerator_t);
+
+	e->public.enumerate = (void*)attribute_enumerate;
+	e->public.destroy = (void*)enum_destroy;
+
+	e->buf = chunk_skip(this->buf, 2);
+	e->cleanup = NULL;
+	e->cleanup_data = NULL;
+
+	return &e->public;
+}
+
+/**
+ * Implementation of ha_message_t.get_encoding
+ */
+static chunk_t get_encoding(private_ha_message_t *this)
+{
+	return this->buf;
+}
+
+/**
+ * Implementation of ha_message_t.destroy.
+ */
+static void destroy(private_ha_message_t *this)
+{
+	free(this->buf.ptr);
+	free(this);
+}
+
+
+static private_ha_message_t *ha_message_create_generic()
+{
+	private_ha_message_t *this = malloc_thing(private_ha_message_t);
+
+	this->public.get_type = (ha_message_type_t(*)(ha_message_t*))get_type;
+	this->public.add_attribute = (void(*)(ha_message_t*, ha_message_attribute_t attribute, ...))add_attribute;
+	this->public.create_attribute_enumerator = (enumerator_t*(*)(ha_message_t*))create_attribute_enumerator;
+	this->public.get_encoding = (chunk_t(*)(ha_message_t*))get_encoding;
+	this->public.destroy = (void(*)(ha_message_t*))destroy;
+
+	return this;
+}
+
+/**
+ * See header
+ */
+ha_message_t *ha_message_create(ha_message_type_t type)
+{
+	private_ha_message_t *this = ha_message_create_generic();
+
+	this->allocated = ALLOCATION_BLOCK;
+	this->buf.ptr = malloc(this->allocated);
+	this->buf.len = 2;
+	this->buf.ptr[0] = HA_MESSAGE_VERSION;
+	this->buf.ptr[1] = type;
+
+	return &this->public;
+}
+
+/**
+ * See header
+ */
+ha_message_t *ha_message_parse(chunk_t data)
+{
+	private_ha_message_t *this;
+
+	if (data.len < 2)
+	{
+		DBG1(DBG_CFG, "HA message too short");
+		return NULL;
+	}
+	if (data.ptr[0] != HA_MESSAGE_VERSION)
+	{
+		DBG1(DBG_CFG, "HA message has version %d, expected %d",
+			 data.ptr[0], HA_MESSAGE_VERSION);
+		return NULL;
+	}
+
+	this = ha_message_create_generic();
+	this->buf = chunk_clone(data);
+	this->allocated = this->buf.len;
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h
new file mode 100644
index 000000000..b2bc23724
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_message.h
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_message ha_message
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_MESSAGE_H_
+#define HA_MESSAGE_H_
+
+#include <library.h>
+#include <utils/host.h>
+#include <utils/identification.h>
+#include <sa/ike_sa_id.h>
+#include <selectors/traffic_selector.h>
+
+/**
+ * Protocol version of this implementation
+ */
+#define HA_MESSAGE_VERSION 1
+
+typedef struct ha_message_t ha_message_t;
+typedef enum ha_message_type_t ha_message_type_t;
+typedef enum ha_message_attribute_t ha_message_attribute_t;
+typedef union ha_message_value_t ha_message_value_t;
+
+/**
+ * Type of a HA message
+ */
+enum ha_message_type_t {
+	/** add a completely new IKE_SA */
+	HA_IKE_ADD = 1,
+	/** update an existing IKE_SA (message IDs, address update, ...) */
+	HA_IKE_UPDATE,
+	/** delete an existing IKE_SA */
+	HA_IKE_DELETE,
+	/** add a new CHILD_SA */
+	HA_CHILD_ADD,
+	/** delete an existing CHILD_SA */
+	HA_CHILD_DELETE,
+	/** segments the sending node is giving up */
+	HA_SEGMENT_DROP,
+	/** segments the sending node is taking over */
+	HA_SEGMENT_TAKE,
+	/** status with the segments the sending node is currently serving */
+	HA_STATUS,
+	/** segments the receiving node is requested to resync */
+	HA_RESYNC,
+};
+
+/**
+ * Type of attributes contained in a message
+ */
+enum ha_message_attribute_t {
+	/** ike_sa_id_t*, to identify IKE_SA */
+	HA_IKE_ID = 1,
+	/** ike_Sa_id_t*, identifies IKE_SA which gets rekeyed */
+	HA_IKE_REKEY_ID,
+	/** identification_t*, local identity */
+	HA_LOCAL_ID,
+	/** identification_t*, remote identity */
+	HA_REMOTE_ID,
+	/** host_t*, local address */
+	HA_LOCAL_ADDR,
+	/** host_t*, remote address */
+	HA_REMOTE_ADDR,
+	/** char*, name of configuration */
+	HA_CONFIG_NAME,
+	/** u_int32_t, bitset of ike_condition_t */
+	HA_CONDITIONS,
+	/** u_int32_t, bitset of ike_extension_t */
+	HA_EXTENSIONS,
+	/** host_t*, local virtual IP */
+	HA_LOCAL_VIP,
+	/** host_t*, remote virtual IP */
+	HA_REMOTE_VIP,
+	/** host_t*, additional MOBIKE peer address */
+	HA_ADDITIONAL_ADDR,
+	/** chunk_t, initiators nonce */
+	HA_NONCE_I,
+	/** chunk_t, responders nonce */
+	HA_NONCE_R,
+	/** chunk_t, diffie hellman shared secret */
+	HA_SECRET,
+	/** chunk_t, SKd of old SA if rekeying */
+	HA_OLD_SKD,
+	/** u_int16_t, pseudo random function */
+	HA_ALG_PRF,
+	/** u_int16_t, old pseudo random function if rekeying */
+	HA_ALG_OLD_PRF,
+	/** u_int16_t, encryption algorithm */
+	HA_ALG_ENCR,
+	/** u_int16_t, encryption key size in bytes */
+	HA_ALG_ENCR_LEN,
+	/** u_int16_t, integrity protection algorithm */
+	HA_ALG_INTEG,
+	/** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */
+	HA_IPSEC_MODE,
+	/** u_int8_t, IPComp protocol */
+	HA_IPCOMP,
+	/** u_int32_t, inbound security parameter index */
+	HA_INBOUND_SPI,
+	/** u_int32_t, outbound security parameter index */
+	HA_OUTBOUND_SPI,
+	/** u_int16_t, inbound security parameter index */
+	HA_INBOUND_CPI,
+	/** u_int16_t, outbound security parameter index */
+	HA_OUTBOUND_CPI,
+	/** traffic_selector_t*, local traffic selector */
+	HA_LOCAL_TS,
+	/** traffic_selector_t*, remote traffic selector */
+	HA_REMOTE_TS,
+	/** u_int32_t, initiating message ID */
+	HA_INITIATE_MID,
+	/** u_int32_t, responding message ID */
+	HA_RESPOND_MID,
+	/** u_int16_t, HA segment */
+	HA_SEGMENT,
+};
+
+/**
+ * Union to enumerate typed attributes in a message
+ */
+union ha_message_value_t {
+	u_int8_t u8;
+	u_int16_t u16;
+	u_int32_t u32;
+	char *str;
+	chunk_t chunk;
+	ike_sa_id_t *ike_sa_id;
+	identification_t *id;
+	host_t *host;
+	traffic_selector_t *ts;
+};
+
+/**
+ * Abstracted message passed between nodes in a HA cluster.
+ */
+struct ha_message_t {
+
+	/**
+	 * Get the type of the message.
+	 *
+	 * @return		message type
+	 */
+	ha_message_type_t (*get_type)(ha_message_t *this);
+
+	/**
+	 * Add an attribute to a message.
+	 *
+	 * @param attribute		attribute type to add
+	 * @param ...			attribute specific data
+	 */
+	void (*add_attribute)(ha_message_t *this,
+						  ha_message_attribute_t attribute, ...);
+
+	/**
+	 * Create an enumerator over all attributes in a message.
+	 *
+	 * @return				enumerator over attribute, ha_message_value_t
+	 */
+	enumerator_t* (*create_attribute_enumerator)(ha_message_t *this);
+
+	/**
+	 * Get the message in a encoded form.
+	 *
+	 * @return				chunk pointing to internal data
+	 */
+	chunk_t (*get_encoding)(ha_message_t *this);
+
+	/**
+	 * Destroy a ha_message_t.
+	 */
+	void (*destroy)(ha_message_t *this);
+};
+
+/**
+ * Create a new ha_message instance, ready for adding attributes
+ *
+ * @param version			protocol version to create a message from
+ * @param type				type of the message
+ */
+ha_message_t *ha_message_create(ha_message_type_t type);
+
+/**
+ * Create a ha_message from encoded data.
+ *
+ * @param data				encoded message data
+ */
+ha_message_t *ha_message_parse(chunk_t data);
+
+#endif /* HA_MESSAGE_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c
new file mode 100644
index 000000000..ea255c8ab
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_plugin.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_plugin.h"
+#include "ha_ike.h"
+#include "ha_child.h"
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_dispatcher.h"
+#include "ha_segments.h"
+#include "ha_ctl.h"
+
+#include <daemon.h>
+#include <config/child_cfg.h>
+
+typedef struct private_ha_plugin_t private_ha_plugin_t;
+
+/**
+ * private data of ha plugin
+ */
+struct private_ha_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	ha_plugin_t public;
+
+	/**
+	 * Communication socket
+	 */
+	ha_socket_t *socket;
+
+	/**
+	 * Tunnel securing sync messages.
+	 */
+	ha_tunnel_t *tunnel;
+
+	/**
+	 * IKE_SA synchronization
+	 */
+	ha_ike_t *ike;
+
+	/**
+	 * CHILD_SA synchronization
+	 */
+	ha_child_t *child;
+
+	/**
+	 * Dispatcher to process incoming messages
+	 */
+	ha_dispatcher_t *dispatcher;
+
+	/**
+	 * Active/Passive segment management
+	 */
+	ha_segments_t *segments;
+
+	/**
+	 * Interface to control segments at kernel level
+	 */
+	ha_kernel_t *kernel;
+
+	/**
+	 * Segment control interface via FIFO
+	 */
+	ha_ctl_t *ctl;
+};
+
+/**
+ * Implementation of plugin_t.destroy
+ */
+static void destroy(private_ha_plugin_t *this)
+{
+	DESTROY_IF(this->ctl);
+	charon->bus->remove_listener(charon->bus, &this->segments->listener);
+	charon->bus->remove_listener(charon->bus, &this->ike->listener);
+	charon->bus->remove_listener(charon->bus, &this->child->listener);
+	this->ike->destroy(this->ike);
+	this->child->destroy(this->child);
+	this->dispatcher->destroy(this->dispatcher);
+	this->segments->destroy(this->segments);
+	this->kernel->destroy(this->kernel);
+	this->socket->destroy(this->socket);
+	DESTROY_IF(this->tunnel);
+	free(this);
+}
+
+/**
+ * Plugin constructor
+ */
+plugin_t *ha_plugin_create()
+{
+	private_ha_plugin_t *this;
+	char *local, *remote, *secret;
+	u_int count;
+	bool fifo, monitor, resync;
+
+	local = lib->settings->get_str(lib->settings,
+								"charon.plugins.ha.local", NULL);
+	remote = lib->settings->get_str(lib->settings,
+								"charon.plugins.ha.remote", NULL);
+	secret = lib->settings->get_str(lib->settings,
+								"charon.plugins.ha.secret", NULL);
+	fifo = lib->settings->get_bool(lib->settings,
+								"charon.plugins.ha.fifo_interface", TRUE);
+	monitor = lib->settings->get_bool(lib->settings,
+								"charon.plugins.ha.monitor", TRUE);
+	resync = lib->settings->get_bool(lib->settings,
+								"charon.plugins.ha.resync", TRUE);
+	count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings,
+								"charon.plugins.ha.segment_count", 1));
+	if (!local || !remote)
+	{
+		DBG1(DBG_CFG, "HA config misses local/remote address");
+		return NULL;
+	}
+
+	this = malloc_thing(private_ha_plugin_t);
+
+	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+	this->tunnel = NULL;
+	this->ctl = NULL;
+
+	if (secret)
+	{
+		this->tunnel = ha_tunnel_create(local, remote, secret);
+	}
+	this->socket = ha_socket_create(local, remote);
+	if (!this->socket)
+	{
+		DESTROY_IF(this->tunnel);
+		free(this);
+		return NULL;
+	}
+	this->kernel = ha_kernel_create(count);
+	this->segments = ha_segments_create(this->socket, this->kernel, this->tunnel,
+							count, strcmp(local, remote) > 0, monitor, resync);
+	if (fifo)
+	{
+		this->ctl = ha_ctl_create(this->segments);
+	}
+	this->dispatcher = ha_dispatcher_create(this->socket, this->segments);
+	this->ike = ha_ike_create(this->socket, this->tunnel);
+	this->child = ha_child_create(this->socket, this->tunnel);
+	charon->bus->add_listener(charon->bus, &this->segments->listener);
+	charon->bus->add_listener(charon->bus, &this->ike->listener);
+	charon->bus->add_listener(charon->bus, &this->child->listener);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_plugin.h b/src/libcharon/plugins/ha/ha_plugin.h
new file mode 100644
index 000000000..1ae2fe6dd
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_plugin.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha ha
+ * @ingroup cplugins
+ *
+ * @defgroup ha_plugin ha_plugin
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_PLUGIN_H_
+#define HA_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+/**
+ * UDP port we use for communication
+ */
+#define HA_PORT 4510
+
+typedef struct ha_plugin_t ha_plugin_t;
+
+/**
+ * Plugin to synchronize state in a high availability cluster.
+ */
+struct ha_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /* HA_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c
new file mode 100644
index 000000000..2199671fc
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_segments.c
@@ -0,0 +1,503 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_segments.h"
+
+#include <pthread.h>
+
+#include <threading/mutex.h>
+#include <threading/condvar.h>
+#include <utils/linked_list.h>
+#include <processing/jobs/callback_job.h>
+
+#define HEARTBEAT_DELAY 1000
+#define HEARTBEAT_TIMEOUT 2100
+
+typedef struct private_ha_segments_t private_ha_segments_t;
+
+/**
+ * Private data of an ha_segments_t object.
+ */
+struct private_ha_segments_t {
+
+	/**
+	 * Public ha_segments_t interface.
+	 */
+	ha_segments_t public;
+
+	/**
+	 * communication socket
+	 */
+	ha_socket_t *socket;
+
+	/**
+	 * Sync tunnel, if any
+	 */
+	ha_tunnel_t *tunnel;
+
+	/**
+	 * Interface to control segments at kernel level
+	 */
+	ha_kernel_t *kernel;
+
+	/**
+	 * Mutex to lock segment manipulation
+	 */
+	mutex_t *mutex;
+
+	/**
+	 * Condvar to wait for heartbeats
+	 */
+	condvar_t *condvar;
+
+	/**
+	 * Job checking for heartbeats
+	 */
+	callback_job_t *job;
+
+	/**
+	 * Total number of ClusterIP segments
+	 */
+	u_int count;
+
+	/**
+	 * mask of active segments
+	 */
+	segment_mask_t active;
+
+	/**
+	 * Node number
+	 */
+	u_int node;
+};
+
+/**
+ * Log currently active segments
+ */
+static void log_segments(private_ha_segments_t *this, bool activated,
+						 u_int segment)
+{
+	char buf[64] = "none", *pos = buf;
+	int i;
+	bool first = TRUE;
+
+	for (i = 1; i <= this->count; i++)
+	{
+		if (this->active & SEGMENTS_BIT(i))
+		{
+			if (first)
+			{
+				first = FALSE;
+			}
+			else
+			{
+				pos += snprintf(pos, buf + sizeof(buf) - pos, ",");
+			}
+			pos += snprintf(pos, buf + sizeof(buf) - pos, "%d", i);
+		}
+	}
+	DBG1(DBG_CFG, "HA segment %d %sactivated, now active: %s",
+		 segment, activated ? "" : "de", buf);
+}
+
+/**
+ * Enable/Disable a specific segment
+ */
+static void enable_disable(private_ha_segments_t *this, u_int segment,
+						   bool enable, bool notify)
+{
+	ike_sa_t *ike_sa;
+	enumerator_t *enumerator;
+	ike_sa_state_t old, new;
+	ha_message_t *message = NULL;
+	ha_message_type_t type;
+	bool changes = FALSE;
+
+	if (segment > this->count)
+	{
+		return;
+	}
+
+	if (enable)
+	{
+		old = IKE_PASSIVE;
+		new = IKE_ESTABLISHED;
+		type = HA_SEGMENT_TAKE;
+		if (!(this->active & SEGMENTS_BIT(segment)))
+		{
+			this->active |= SEGMENTS_BIT(segment);
+			this->kernel->activate(this->kernel, segment);
+			changes = TRUE;
+		}
+	}
+	else
+	{
+		old = IKE_ESTABLISHED;
+		new = IKE_PASSIVE;
+		type = HA_SEGMENT_DROP;
+		if (this->active & SEGMENTS_BIT(segment))
+		{
+			this->active &= ~SEGMENTS_BIT(segment);
+			this->kernel->deactivate(this->kernel, segment);
+			changes = TRUE;
+		}
+	}
+
+	if (changes)
+	{
+		enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager);
+		while (enumerator->enumerate(enumerator, &ike_sa))
+		{
+			if (ike_sa->get_state(ike_sa) != old)
+			{
+				continue;
+			}
+			if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa))
+			{
+				continue;
+			}
+			if (this->kernel->in_segment(this->kernel,
+									ike_sa->get_other_host(ike_sa), segment))
+			{
+				ike_sa->set_state(ike_sa, new);
+			}
+		}
+		enumerator->destroy(enumerator);
+		log_segments(this, enable, segment);
+	}
+
+	if (notify)
+	{
+		message = ha_message_create(type);
+		message->add_attribute(message, HA_SEGMENT, segment);
+		this->socket->push(this->socket, message);
+	}
+}
+
+/**
+ * Enable/Disable all or a specific segment, do locking
+ */
+static void enable_disable_all(private_ha_segments_t *this, u_int segment,
+							   bool enable, bool notify)
+{
+	int i;
+
+	this->mutex->lock(this->mutex);
+	if (segment == 0)
+	{
+		for (i = 1; i <= this->count; i++)
+		{
+			enable_disable(this, i, enable, notify);
+		}
+	}
+	else
+	{
+		enable_disable(this, segment, enable, notify);
+	}
+	this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of ha_segments_t.activate
+ */
+static void activate(private_ha_segments_t *this, u_int segment, bool notify)
+{
+	enable_disable_all(this, segment, TRUE, notify);
+}
+
+/**
+ * Implementation of ha_segments_t.deactivate
+ */
+static void deactivate(private_ha_segments_t *this, u_int segment, bool notify)
+{
+	enable_disable_all(this, segment, FALSE, notify);
+}
+
+/**
+ * Rekey all children of an IKE_SA
+ */
+static status_t rekey_children(ike_sa_t *ike_sa)
+{
+	iterator_t *iterator;
+	child_sa_t *child_sa;
+	status_t status = SUCCESS;
+
+	iterator = ike_sa->create_child_sa_iterator(ike_sa);
+	while (iterator->iterate(iterator, (void**)&child_sa))
+	{
+		DBG1(DBG_CFG, "resyncing CHILD_SA");
+		status = ike_sa->rekey_child_sa(ike_sa, child_sa->get_protocol(child_sa),
+										child_sa->get_spi(child_sa, TRUE));
+		if (status == DESTROY_ME)
+		{
+			break;
+		}
+	}
+	iterator->destroy(iterator);
+	return status;
+}
+
+/**
+ * Implementation of ha_segments_t.resync
+ */
+static void resync(private_ha_segments_t *this, u_int segment)
+{
+	ike_sa_t *ike_sa;
+	enumerator_t *enumerator;
+	linked_list_t *list;
+	ike_sa_id_t *id;
+
+	list = linked_list_create();
+	this->mutex->lock(this->mutex);
+
+	if (segment > 0 && segment <= this->count)
+	{
+		DBG1(DBG_CFG, "resyncing HA segment %d", segment);
+
+		/* we do the actual rekeying in a seperate loop to avoid rekeying
+		 * an SA twice. */
+		enumerator = charon->ike_sa_manager->create_enumerator(
+													charon->ike_sa_manager);
+		while (enumerator->enumerate(enumerator, &ike_sa))
+		{
+			if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED &&
+				this->kernel->in_segment(this->kernel,
+									ike_sa->get_other_host(ike_sa), segment))
+			{
+				id = ike_sa->get_id(ike_sa);
+				list->insert_last(list, id->clone(id));
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+	this->mutex->unlock(this->mutex);
+
+	while (list->remove_last(list, (void**)&id) == SUCCESS)
+	{
+		ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, id);
+		id->destroy(id);
+		if (ike_sa)
+		{
+			DBG1(DBG_CFG, "resyncing IKE_SA");
+			if (ike_sa->rekey(ike_sa) != DESTROY_ME)
+			{
+				if (rekey_children(ike_sa) != DESTROY_ME)
+				{
+					charon->ike_sa_manager->checkin(
+										charon->ike_sa_manager, ike_sa);
+					continue;
+				}
+			}
+			charon->ike_sa_manager->checkin_and_destroy(
+										charon->ike_sa_manager, ike_sa);
+		}
+	}
+	list->destroy(list);
+}
+
+/**
+ * Implementation of listener_t.alert
+ */
+static bool alert_hook(private_ha_segments_t *this, ike_sa_t *ike_sa,
+					   alert_t alert, va_list args)
+{
+	if (alert == ALERT_SHUTDOWN_SIGNAL)
+	{
+		deactivate(this, 0, TRUE);
+	}
+	return TRUE;
+}
+
+/**
+ * Request a resync of all segments
+ */
+static job_requeue_t request_resync(private_ha_segments_t *this)
+{
+	ha_message_t *message;
+	int i;
+
+	message = ha_message_create(HA_RESYNC);
+	for (i = 1; i <= this->count; i++)
+	{
+		message->add_attribute(message, HA_SEGMENT, i);
+	}
+	this->socket->push(this->socket, message);
+	return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Monitor heartbeat activity of remote node
+ */
+static job_requeue_t watchdog(private_ha_segments_t *this)
+{
+	int oldstate;
+	bool timeout;
+
+	this->mutex->lock(this->mutex);
+	pthread_cleanup_push((void*)this->mutex->unlock, this->mutex);
+	pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+	timeout = this->condvar->timed_wait(this->condvar, this->mutex,
+										HEARTBEAT_TIMEOUT);
+	pthread_setcancelstate(oldstate, NULL);
+	pthread_cleanup_pop(TRUE);
+	if (timeout)
+	{
+		DBG1(DBG_CFG, "no heartbeat received, taking all segments");
+		activate(this, 0, TRUE);
+		/* disable heartbeat detection util we get one */
+		this->job = NULL;
+		return JOB_REQUEUE_NONE;
+	}
+	return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Start the heartbeat detection thread
+ */
+static void start_watchdog(private_ha_segments_t *this)
+{
+	this->job = callback_job_create((callback_job_cb_t)watchdog,
+									this, NULL, NULL);
+	charon->processor->queue_job(charon->processor, (job_t*)this->job);
+}
+
+/**
+ * Implementation of ha_segments_t.handle_status
+ */
+static void handle_status(private_ha_segments_t *this, segment_mask_t mask)
+{
+	segment_mask_t missing;
+	int i;
+
+	this->mutex->lock(this->mutex);
+
+	missing = ~(this->active | mask);
+
+	for (i = 1; i <= this->count; i++)
+	{
+		if (missing & SEGMENTS_BIT(i))
+		{
+			if (this->node == i % 2)
+			{
+				DBG1(DBG_CFG, "HA segment %d was not handled, taking", i);
+				enable_disable(this, i, TRUE, TRUE);
+			}
+			else
+			{
+				DBG1(DBG_CFG, "HA segment %d was not handled, dropping", i);
+				enable_disable(this, i, FALSE, TRUE);
+			}
+		}
+	}
+
+	this->mutex->unlock(this->mutex);
+	this->condvar->signal(this->condvar);
+
+	if (!this->job)
+	{
+		DBG1(DBG_CFG, "received heartbeat, reenabling watchdog");
+		start_watchdog(this);
+	}
+}
+
+/**
+ * Send a status message with our active segments
+ */
+static job_requeue_t send_status(private_ha_segments_t *this)
+{
+	ha_message_t *message;
+	int i;
+
+	message = ha_message_create(HA_STATUS);
+
+	for (i = 1; i <= this->count; i++)
+	{
+		if (this->active & SEGMENTS_BIT(i))
+		{
+			message->add_attribute(message, HA_SEGMENT, i);
+		}
+	}
+
+	this->socket->push(this->socket, message);
+
+	/* schedule next invocation */
+	charon->scheduler->schedule_job_ms(charon->scheduler, (job_t*)
+									callback_job_create((callback_job_cb_t)
+										send_status, this, NULL, NULL),
+									HEARTBEAT_DELAY);
+
+	return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Implementation of ha_segments_t.destroy.
+ */
+static void destroy(private_ha_segments_t *this)
+{
+	if (this->job)
+	{
+		this->job->cancel(this->job);
+	}
+	this->mutex->destroy(this->mutex);
+	this->condvar->destroy(this->condvar);
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
+								  ha_tunnel_t *tunnel, u_int count, u_int node,
+								  bool monitor, bool sync)
+{
+	private_ha_segments_t *this = malloc_thing(private_ha_segments_t);
+
+	memset(&this->public.listener, 0, sizeof(listener_t));
+	this->public.listener.alert = (bool(*)(listener_t*, ike_sa_t *, alert_t, va_list))alert_hook;
+	this->public.activate = (void(*)(ha_segments_t*, u_int segment,bool))activate;
+	this->public.deactivate = (void(*)(ha_segments_t*, u_int segment,bool))deactivate;
+	this->public.resync = (void(*)(ha_segments_t*, u_int segment))resync;
+	this->public.handle_status = (void(*)(ha_segments_t*, segment_mask_t mask))handle_status;
+	this->public.destroy = (void(*)(ha_segments_t*))destroy;
+
+	this->socket = socket;
+	this->tunnel = tunnel;
+	this->kernel = kernel;
+	this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+	this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+	this->count = count;
+	this->node = node;
+	this->job = NULL;
+
+	/* initially all segments are deactivated */
+	this->active = 0;
+
+	if (monitor)
+	{
+		send_status(this);
+		start_watchdog(this);
+	}
+
+	if (sync)
+	{
+		/* request a resync as soon as we are up */
+		charon->processor->queue_job(charon->processor, (job_t*)
+						callback_job_create((callback_job_cb_t)request_resync,
+											this, NULL, NULL));
+	}
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h
new file mode 100644
index 000000000..6d1cd5441
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_segments.h
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_segments ha_segments
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_SEGMENTS_H_
+#define HA_SEGMENTS_H_
+
+#include <daemon.h>
+
+typedef struct ha_segments_t ha_segments_t;
+
+typedef u_int16_t segment_mask_t;
+
+/**
+ * maximum number of segments
+ */
+#define SEGMENTS_MAX (sizeof(segment_mask_t)*8)
+
+/**
+ * Get the bit in the mask of a segment
+ */
+#define SEGMENTS_BIT(segment) (0x01 << (segment - 1))
+
+#include "ha_socket.h"
+#include "ha_tunnel.h"
+#include "ha_kernel.h"
+
+/**
+ * Segmentation of peers into active and passive.
+ */
+struct ha_segments_t {
+
+	/**
+	 * Implements listener interface to catch daemon shutdown.
+	 */
+	listener_t listener;
+
+	/**
+	 * Activate a set of IKE_SAs identified by a segment.
+	 *
+	 * @param segment	numerical segment to takeover, 0 for all
+	 * @param notify	wheter to notify other nodes about activation
+	 */
+	void (*activate)(ha_segments_t *this, u_int segment, bool notify);
+
+	/**
+	 * Deactivate a set of IKE_SAs identified by a segment.
+	 *
+	 * @param segment	numerical segment to takeover, 0 for all
+	 * @param notify	wheter to notify other nodes about deactivation
+	 */
+	void (*deactivate)(ha_segments_t *this, u_int segment, bool notify);
+
+	/**
+	 * Resync an active segment.
+	 *
+	 * To reintegrade a node into the cluster, resynchronization is reqired.
+	 * IKE_SAs and CHILD_SAs are synced automatically during rekeying. A call
+	 * to this method enforces a rekeying immediately sync all state of a
+	 * segment.
+	 *
+	 * @param segment	segment to resync
+	 */
+	void (*resync)(ha_segments_t *this, u_int segment);
+
+	/**
+	 * Handle a status message from the remote node.
+	 *
+	 * @param mask		segments the remote node is serving actively
+	 */
+	void (*handle_status)(ha_segments_t *this, segment_mask_t mask);
+
+	/**
+	 * Destroy a ha_segments_t.
+	 */
+	void (*destroy)(ha_segments_t *this);
+};
+
+/**
+ * Create a ha_segments instance.
+ *
+ * @param socket		socket to communicate segment (de-)activation
+ * @param kernel		interface to control segments at kernel level
+ * @param tunnel		HA tunnel
+ * @param count			number of segments the cluster uses
+ * @param node			node, currently 1 or 0
+ * @param monitor		should we use monitoring functionality
+ * @param resync		request a complete resync on startup
+ * @return				segment object
+ */
+ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
+								  ha_tunnel_t *tunnel, u_int count, u_int node,
+								  bool monitor, bool resync);
+
+#endif /* HA_SEGMENTS_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_socket.c b/src/libcharon/plugins/ha/ha_socket.c
new file mode 100644
index 000000000..b84b02868
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_socket.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright (C) 2008-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_socket.h"
+#include "ha_plugin.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <errno.h>
+#include <unistd.h>
+#include <pthread.h>
+
+#include <daemon.h>
+#include <utils/host.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_ha_socket_t private_ha_socket_t;
+
+/**
+ * Private data of an ha_socket_t object.
+ */
+struct private_ha_socket_t {
+
+	/**
+	 * Public ha_socket_t interface.
+	 */
+	ha_socket_t public;
+
+	/**
+	 * UDP communication socket fd
+	 */
+	int fd;
+
+	/**
+	 * local host to receive/send from
+	 */
+	host_t *local;
+
+	/**
+	 * remote host to receive/send to
+	 */
+	host_t *remote;
+};
+
+/**
+ * Data to pass to the send_message() callback job
+ */
+typedef struct {
+	ha_message_t *message;
+	private_ha_socket_t *this;
+} job_data_t;
+
+/**
+ * Cleanup job data
+ */
+static void job_data_destroy(job_data_t *this)
+{
+	this->message->destroy(this->message);
+	free(this);
+}
+
+/**
+ * Callback to asynchronously send messages
+ */
+static job_requeue_t send_message(job_data_t *data)
+{
+	private_ha_socket_t *this;
+	chunk_t chunk;
+
+	this = data->this;
+	chunk = data->message->get_encoding(data->message);
+	if (send(this->fd, chunk.ptr, chunk.len, 0) < chunk.len)
+	{
+		DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno));
+	}
+	return JOB_REQUEUE_NONE;
+}
+
+/**
+ * Implementation of ha_socket_t.push
+ */
+static void push(private_ha_socket_t *this, ha_message_t *message)
+{
+	chunk_t chunk;
+
+	/* Try to send synchronously, but non-blocking. */
+	chunk = message->get_encoding(message);
+	if (send(this->fd, chunk.ptr, chunk.len, MSG_DONTWAIT) < chunk.len)
+	{
+		if (errno == EAGAIN)
+		{
+			callback_job_t *job;
+			job_data_t *data;
+
+			/* Fallback to asynchronous transmission. This is required, as sendto()
+			 * is a blocking call if it acquires a policy. We could end up in a
+			 * deadlock, as we own an IKE_SA. */
+			data = malloc_thing(job_data_t);
+			data->message = message;
+			data->this = this;
+
+			job = callback_job_create((callback_job_cb_t)send_message,
+									  data, (void*)job_data_destroy, NULL);
+			charon->processor->queue_job(charon->processor, (job_t*)job);
+			return;
+		}
+		DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno));
+	}
+	message->destroy(message);
+}
+
+/**
+ * Implementation of ha_socket_t.pull
+ */
+static ha_message_t *pull(private_ha_socket_t *this)
+{
+	while (TRUE)
+	{
+		ha_message_t *message;
+		char buf[1024];
+		int oldstate;
+		ssize_t len;
+
+		pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate);
+		len = recv(this->fd, buf, sizeof(buf), 0);
+		pthread_setcancelstate(oldstate, NULL);
+		if (len <= 0)
+		{
+			switch (errno)
+			{
+				case ECONNREFUSED:
+				case EINTR:
+					continue;
+				default:
+					DBG1(DBG_CFG, "pulling HA message failed: %s",
+						 strerror(errno));
+					sleep(1);
+			}
+		}
+		message = ha_message_parse(chunk_create(buf, len));
+		if (message)
+		{
+			return message;
+		}
+	}
+}
+
+/**
+ * Open and connect the HA socket
+ */
+static bool open_socket(private_ha_socket_t *this)
+{
+	this->fd = socket(this->local->get_family(this->local), SOCK_DGRAM, 0);
+	if (this->fd == -1)
+	{
+		DBG1(DBG_CFG, "opening HA socket failed: %s", strerror(errno));
+		return FALSE;
+	}
+
+	if (bind(this->fd, this->local->get_sockaddr(this->local),
+			 *this->local->get_sockaddr_len(this->local)) == -1)
+	{
+		DBG1(DBG_CFG, "binding HA socket failed: %s", strerror(errno));
+		close(this->fd);
+		this->fd = -1;
+		return FALSE;
+	}
+	if (connect(this->fd, this->remote->get_sockaddr(this->remote),
+				*this->remote->get_sockaddr_len(this->remote)) == -1)
+	{
+		DBG1(DBG_CFG, "connecting HA socket failed: %s", strerror(errno));
+		close(this->fd);
+		this->fd = -1;
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+/**
+ * Implementation of ha_socket_t.destroy.
+ */
+static void destroy(private_ha_socket_t *this)
+{
+	if (this->fd != -1)
+	{
+		close(this->fd);
+	}
+	DESTROY_IF(this->local);
+	DESTROY_IF(this->remote);
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_socket_t *ha_socket_create(char *local, char *remote)
+{
+	private_ha_socket_t *this = malloc_thing(private_ha_socket_t);
+
+	this->public.push = (void(*)(ha_socket_t*, ha_message_t*))push;
+	this->public.pull = (ha_message_t*(*)(ha_socket_t*))pull;
+	this->public.destroy = (void(*)(ha_socket_t*))destroy;
+
+	this->local = host_create_from_dns(local, 0, HA_PORT);
+	this->remote = host_create_from_dns(remote, 0, HA_PORT);
+	this->fd = -1;
+
+	if (!this->local || !this->remote)
+	{
+		DBG1(DBG_CFG, "invalid local/remote HA address");
+		destroy(this);
+		return NULL;
+	}
+	if (!open_socket(this))
+	{
+		destroy(this);
+		return NULL;
+	}
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_socket.h b/src/libcharon/plugins/ha/ha_socket.h
new file mode 100644
index 000000000..8d398e22b
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_socket.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_socket ha_socket
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_SOCKET_H_
+#define HA_SOCKET_H_
+
+#include "ha_message.h"
+
+#include <sa/ike_sa.h>
+
+typedef struct ha_socket_t ha_socket_t;
+
+/**
+ * Socket to send/received SA synchronization data
+ */
+struct ha_socket_t {
+
+	/**
+	 * Push synchronization information to the responsible node.
+	 *
+	 * @param message	message to send, gets destroyed by push()
+	 */
+	void (*push)(ha_socket_t *this, ha_message_t *message);
+
+	/**
+	 * Pull synchronization information from a peer we are responsible.
+	 *
+	 * @return			received message
+	 */
+	ha_message_t *(*pull)(ha_socket_t *this);
+
+	/**
+	 * Destroy a ha_socket_t.
+	 */
+	void (*destroy)(ha_socket_t *this);
+};
+
+/**
+ * Create a ha_socket instance.
+ */
+ha_socket_t *ha_socket_create(char *local, char *remote);
+
+#endif /* HA_SOCKET_ @}*/
diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c
new file mode 100644
index 000000000..b3511e5f0
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_tunnel.c
@@ -0,0 +1,298 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ha_tunnel.h"
+#include "ha_plugin.h"
+
+#include <daemon.h>
+#include <utils/identification.h>
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_ha_tunnel_t private_ha_tunnel_t;
+typedef struct ha_backend_t ha_backend_t;
+typedef struct ha_creds_t ha_creds_t;
+
+/**
+ * Serves credentials for the HA SA
+ */
+struct ha_creds_t {
+
+	/**
+	 * Implements credential_set_t
+	 */
+	credential_set_t public;
+
+	/**
+	 * own identity
+	 */
+	identification_t *local;
+
+	/**
+	 * peer identity
+	 */
+	identification_t *remote;
+
+	/**
+	 * Shared key to serve
+	 */
+	shared_key_t *key;
+};
+
+/**
+ * Serves configurations for the HA SA
+ */
+struct ha_backend_t {
+
+	/**
+	 * Implements backend_t
+	 */
+	backend_t public;
+
+	/**
+	 * peer config we serve
+	 */
+	peer_cfg_t *cfg;
+};
+
+/**
+ * Private data of an ha_tunnel_t object.
+ */
+struct private_ha_tunnel_t {
+
+	/**
+	 * Public ha_tunnel_t interface.
+	 */
+	ha_tunnel_t public;
+
+	/**
+	 * Reqid of installed trap
+	 */
+	u_int32_t trap;
+
+	/**
+	 * backend for HA SA
+	 */
+	ha_backend_t backend;
+
+	/**
+	 * credential set for HA SA
+	 */
+	ha_creds_t creds;
+};
+
+/**
+ * Implementation of ha_tunnel_t.is_sa
+ */
+static bool is_sa(private_ha_tunnel_t *this, ike_sa_t *ike_sa)
+{
+	peer_cfg_t *cfg = this->backend.cfg;
+
+	return cfg && ike_sa->get_ike_cfg(ike_sa) == cfg->get_ike_cfg(cfg);
+}
+
+/**
+ * Enumerator over HA shared_key
+ */
+typedef struct {
+	/** Implements enumerator_t */
+	enumerator_t public;
+	/** a single secret we serve */
+	shared_key_t *key;
+} shared_enum_t;
+
+/**
+ * Implementation of shared_enum_t.enumerate
+ */
+static bool shared_enumerate(shared_enum_t *this, shared_key_t **key,
+							 id_match_t *me, id_match_t *other)
+{
+	if (this->key)
+	{
+		if (me)
+		{
+			*me = ID_MATCH_PERFECT;
+		}
+		if (other)
+		{
+			*other = ID_MATCH_PERFECT;
+		}
+		*key = this->key;
+		this->key = NULL;
+		return TRUE;
+	}
+	return FALSE;
+}
+
+/**
+ * Implements ha_creds_t.create_shared_enumerator
+ */
+static enumerator_t* create_shared_enumerator(ha_creds_t *this,
+							shared_key_type_t type, identification_t *me,
+							identification_t *other)
+{
+	shared_enum_t *enumerator;
+
+	if (type != SHARED_IKE && type != SHARED_ANY)
+	{
+		return NULL;
+	}
+	if (me && !me->equals(me, this->local))
+	{
+		return NULL;
+	}
+	if (other && !other->equals(other, this->remote))
+	{
+		return NULL;
+	}
+
+	enumerator = malloc_thing(shared_enum_t);
+	enumerator->public.enumerate = (void*)shared_enumerate;
+	enumerator->public.destroy = (void*)free;
+	enumerator->key = this->key;
+
+	return &enumerator->public;
+}
+
+/**
+ * Implementation of backend_t.create_peer_cfg_enumerator.
+ */
+static enumerator_t* create_peer_cfg_enumerator(ha_backend_t *this,
+								identification_t *me, identification_t *other)
+{
+	return enumerator_create_single(this->cfg, NULL);
+}
+
+/**
+ * Implementation of backend_t.create_ike_cfg_enumerator.
+ */
+static enumerator_t* create_ike_cfg_enumerator(ha_backend_t *this,
+											   host_t *me, host_t *other)
+{
+	return enumerator_create_single(this->cfg->get_ike_cfg(this->cfg), NULL);
+}
+
+/**
+ * Install configs and a a trap for secured HA message exchange
+ */
+static void setup_tunnel(private_ha_tunnel_t *this,
+						 char *local, char *remote, char *secret)
+{
+	peer_cfg_t *peer_cfg;
+	ike_cfg_t *ike_cfg;
+	auth_cfg_t *auth_cfg;
+	child_cfg_t *child_cfg;
+	traffic_selector_t *ts;
+	lifetime_cfg_t lifetime = {
+		.time = {
+			.life = 21600, .rekey = 20400, .jitter = 400,
+		},
+	};
+
+	/* setup credentials */
+	this->creds.local = identification_create_from_string(local);
+	this->creds.remote = identification_create_from_string(remote);
+	this->creds.key = shared_key_create(SHARED_IKE,
+							chunk_clone(chunk_create(secret, strlen(secret))));
+	this->creds.public.create_private_enumerator = (void*)return_null;
+	this->creds.public.create_cert_enumerator = (void*)return_null;
+	this->creds.public.create_shared_enumerator = (void*)create_shared_enumerator;
+	this->creds.public.create_cdp_enumerator = (void*)return_null;
+	this->creds.public.cache_cert = (void*)nop;
+
+	charon->credentials->add_set(charon->credentials, &this->creds.public);
+
+	/* create config and backend */
+	ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT,
+							 remote, IKEV2_UDP_PORT);
+	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+	peer_cfg = peer_cfg_create("ha", 2, ike_cfg, CERT_NEVER_SEND,
+						UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30,
+						NULL, NULL, FALSE, NULL, NULL);
+
+	auth_cfg = auth_cfg_create();
+	auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+	auth_cfg->add(auth_cfg, AUTH_RULE_IDENTITY,
+				  identification_create_from_string(local));
+	peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, TRUE);
+
+	auth_cfg = auth_cfg_create();
+	auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
+	auth_cfg->add(auth_cfg, AUTH_RULE_IDENTITY,
+				  identification_create_from_string(remote));
+	peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE);
+
+	child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE,
+						MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE, 0);
+	ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
+	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+	ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
+	child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+	ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT);
+	child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+	ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
+	child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+	child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
+	peer_cfg->add_child_cfg(peer_cfg, child_cfg);
+
+	this->backend.cfg = peer_cfg;
+	this->backend.public.create_peer_cfg_enumerator = (void*)create_peer_cfg_enumerator;
+	this->backend.public.create_ike_cfg_enumerator = (void*)create_ike_cfg_enumerator;
+	this->backend.public.get_peer_cfg_by_name = (void*)return_null;
+
+	charon->backends->add_backend(charon->backends, &this->backend.public);
+
+	/* install an acquiring trap */
+	this->trap = charon->traps->install(charon->traps, peer_cfg, child_cfg);
+}
+
+/**
+ * Implementation of ha_tunnel_t.destroy.
+ */
+static void destroy(private_ha_tunnel_t *this)
+{
+	if (this->backend.cfg)
+	{
+		charon->backends->remove_backend(charon->backends, &this->backend.public);
+		this->backend.cfg->destroy(this->backend.cfg);
+	}
+	if (this->creds.key)
+	{
+		charon->credentials->remove_set(charon->credentials, &this->creds.public);
+		this->creds.key->destroy(this->creds.key);
+	}
+	this->creds.local->destroy(this->creds.local);
+	this->creds.remote->destroy(this->creds.remote);
+	if (this->trap)
+	{
+		charon->traps->uninstall(charon->traps, this->trap);
+	}
+	free(this);
+}
+
+/**
+ * See header
+ */
+ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret)
+{
+	private_ha_tunnel_t *this = malloc_thing(private_ha_tunnel_t);
+
+	this->public.is_sa = (bool(*)(ha_tunnel_t*, ike_sa_t *ike_sa))is_sa;
+	this->public.destroy = (void(*)(ha_tunnel_t*))destroy;
+
+	setup_tunnel(this, local, remote, secret);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/ha/ha_tunnel.h b/src/libcharon/plugins/ha/ha_tunnel.h
new file mode 100644
index 000000000..085fb6122
--- /dev/null
+++ b/src/libcharon/plugins/ha/ha_tunnel.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ha_ ha_tunnel
+ * @{ @ingroup ha
+ */
+
+#ifndef HA_TUNNEL_H_
+#define HA_TUNNEL_H_
+
+#include <sa/ike_sa.h>
+
+typedef struct ha_tunnel_t ha_tunnel_t;
+
+/**
+ * Socket to send/received SA synchronization data
+ */
+struct ha_tunnel_t {
+
+	/**
+	 * Check if an IKE_SA is used for exchanging HA messages.
+	 *
+	 * @param ike_Sa	ike_sa to check
+	 * @return			TRUE if IKE_SA is used to secure HA messages
+	 */
+	bool (*is_sa)(ha_tunnel_t *this, ike_sa_t *ike_sa);
+
+	/**
+	 * Destroy a ha_tunnel_t.
+	 */
+	void (*destroy)(ha_tunnel_t *this);
+};
+
+/**
+ * Create a ha_tunnel instance.
+ *
+ * @param local		local address of HA tunnel
+ * @param remote	remote address of HA tunnel
+ * @param secret	PSK tunnel authentication secret
+ * @return			HA tunnel instance
+ */
+ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret);
+
+#endif /* HA_TUNNEL_H_ @}*/
diff --git a/src/libcharon/plugins/kernel_klips/Makefile.am b/src/libcharon/plugins/kernel_klips/Makefile.am
new file mode 100644
index 000000000..540bbe106
--- /dev/null
+++ b/src/libcharon/plugins/kernel_klips/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-klips.la
+else
+plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
+endif
+
+libstrongswan_kernel_klips_la_SOURCES = \
+	kernel_klips_plugin.h kernel_klips_plugin.c \
+	kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
+
+libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_klips/Makefile.in b/src/libcharon/plugins/kernel_klips/Makefile.in
index bf194ae16..f0d112a0f 100644
--- a/src/charon/plugins/kernel_klips/Makefile.in
+++ b/src/libcharon/plugins/kernel_klips/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/kernel_klips
+subdir = src/libcharon/plugins/kernel_klips
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_kernel_klips_la_LIBADD =
 am_libstrongswan_kernel_klips_la_OBJECTS = kernel_klips_plugin.lo \
 	kernel_klips_ipsec.lo
@@ -82,6 +82,9 @@ libstrongswan_kernel_klips_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_kernel_klips_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_klips_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_klips_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
-libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-klips.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-klips.la
+libstrongswan_kernel_klips_la_SOURCES = \
+	kernel_klips_plugin.h kernel_klips_plugin.c \
 	kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h
 
 libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_klips/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_klips/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-kernel-klips.la: $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_DEPENDENCIES) 
-	$(libstrongswan_kernel_klips_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS)
+	$(libstrongswan_kernel_klips_la_LINK) $(am_libstrongswan_kernel_klips_la_rpath) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +498,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
index fea1b83a1..01df4f71a 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -1532,13 +1532,9 @@ static void schedule_expire(private_kernel_klips_ipsec_t *this,
 	charon->scheduler->schedule_job(charon->scheduler, (job_t*)job, time);
 }
 
-/**
- * Implementation of kernel_interface_t.get_spi.
- */
-static status_t get_spi(private_kernel_klips_ipsec_t *this,
-						host_t *src, host_t *dst,
-						protocol_id_t protocol, u_int32_t reqid,
-						u_int32_t *spi)
+METHOD(kernel_ipsec_t, get_spi, status_t,
+	private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+	protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
 {
 	/* we cannot use SADB_GETSPI because KLIPS does not allow us to set the
 	 * NAT-T type in an SADB_UPDATE which we would have to use to update the
@@ -1573,12 +1569,9 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.get_cpi.
- */
-static status_t get_cpi(private_kernel_klips_ipsec_t *this,
-						host_t *src, host_t *dst,
-						u_int32_t reqid, u_int16_t *cpi)
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+	private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t reqid, u_int16_t *cpi)
 {
 	return FAILED;
 }
@@ -1695,18 +1688,12 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.add_sa.
- */
-static status_t add_sa(private_kernel_klips_ipsec_t *this,
-					   host_t *src, host_t *dst, u_int32_t spi,
-					   protocol_id_t protocol, u_int32_t reqid,
-					   lifetime_cfg_t *lifetime,
-					   u_int16_t enc_alg, chunk_t enc_key,
-					   u_int16_t int_alg, chunk_t int_key,
-					   ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-					   bool encap, bool inbound, traffic_selector_t *src_ts,
-					   traffic_selector_t *dst_ts)
+METHOD(kernel_ipsec_t, add_sa, status_t,
+	private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
+	protocol_id_t protocol, u_int32_t reqid, lifetime_cfg_t *lifetime,
+	u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key,
+	ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
+	bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1859,14 +1846,10 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.update_sa.
- */
-static status_t update_sa(private_kernel_klips_ipsec_t *this,
-						  u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
-						  host_t *src, host_t *dst,
-						  host_t *new_src, host_t *new_dst,
-						  bool encap, bool new_encap)
+METHOD(kernel_ipsec_t, update_sa, status_t,
+	private_kernel_klips_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+	u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+	bool encap, bool new_encap)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1935,22 +1918,16 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.query_sa.
- */
-static status_t query_sa(private_kernel_klips_ipsec_t *this, host_t *src,
-						 host_t *dst, u_int32_t spi, protocol_id_t protocol,
-						 u_int64_t *bytes)
+METHOD(kernel_ipsec_t, query_sa, status_t,
+	private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
 {
 	return NOT_SUPPORTED;  /* TODO */
 }
 
-/**
- * Implementation of kernel_interface_t.del_sa.
- */
-static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src,
-					   host_t *dst, u_int32_t spi, protocol_id_t protocol,
-					   u_int16_t cpi)
+METHOD(kernel_ipsec_t, del_sa, status_t,
+	private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -2011,17 +1988,12 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.add_policy.
- */
-static status_t add_policy(private_kernel_klips_ipsec_t *this,
-						   host_t *src, host_t *dst,
-						   traffic_selector_t *src_ts,
-						   traffic_selector_t *dst_ts,
-						   policy_dir_t direction, u_int32_t spi,
-						   protocol_id_t protocol, u_int32_t reqid,
-						   ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						   bool routed)
+METHOD(kernel_ipsec_t, add_policy, status_t,
+	private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+	policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+	u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+	bool routed)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -2236,13 +2208,9 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.query_policy.
- */
-static status_t query_policy(private_kernel_klips_ipsec_t *this,
-							 traffic_selector_t *src_ts,
-							 traffic_selector_t *dst_ts,
-							 policy_dir_t direction, u_int32_t *use_time)
+METHOD(kernel_ipsec_t, query_policy, status_t,
+	private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
 {
 	#define IDLE_PREFIX "idle="
 	static const char *path_eroute = "/proc/net/ipsec_eroute";
@@ -2395,13 +2363,9 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this,
 	return status;
 }
 
-/**
- * Implementation of kernel_interface_t.del_policy.
- */
-static status_t del_policy(private_kernel_klips_ipsec_t *this,
-						   traffic_selector_t *src_ts,
-						   traffic_selector_t *dst_ts,
-						   policy_dir_t direction, bool unrouted)
+METHOD(kernel_ipsec_t, del_policy, status_t,
+	private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg = (struct sadb_msg*)request, *out;
@@ -2592,14 +2556,28 @@ static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_klips_ipsec_t *this)
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+	private_kernel_klips_ipsec_t *this, int fd, int family)
 {
-	this->job->cancel(this->job);
-	close(this->socket);
-	close(this->socket_events);
+	/* KLIPS does not need a bypass policy for IKE */
+	return TRUE;
+}
+
+METHOD(kernel_ipsec_t, destroy, void,
+	private_kernel_klips_ipsec_t *this)
+{
+	if (this->job)
+	{
+		this->job->cancel(this->job);
+	}
+	if (this->socket > 0)
+	{
+		close(this->socket);
+	}
+	if (this->socket_evnets > 0)
+	{
+		close(this->socket_events);
+	}
 	this->mutex_pfkey->destroy(this->mutex_pfkey);
 	this->mutex->destroy(this->mutex);
 	this->ipsec_devices->destroy_function(this->ipsec_devices, (void*)ipsec_dev_destroy);
@@ -2614,30 +2592,31 @@ static void destroy(private_kernel_klips_ipsec_t *this)
  */
 kernel_klips_ipsec_t *kernel_klips_ipsec_create()
 {
-	private_kernel_klips_ipsec_t *this = malloc_thing(private_kernel_klips_ipsec_t);
-
-	/* public functions */
-	this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
-	this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
-	this->public.interface.add_sa  = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
-	this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
-	this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
-	this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
-	this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
-	this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
-	this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-
-	this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
-
-	/* private members */
-	this->policies = linked_list_create();
-	this->allocated_spis = linked_list_create();
-	this->installed_sas = linked_list_create();
-	this->ipsec_devices = linked_list_create();
-	this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
-	this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT);
-	this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE);
-	this->seq = 0;
+	private_kernel_klips_ipsec_t *this;
+
+	INIT(this,
+		.public.interface = {
+			.get_spi = _get_spi,
+			.get_cpi = _get_cpi,
+			.add_sa  = _add_sa,
+			.update_sa = _update_sa,
+			.query_sa = _query_sa,
+			.del_sa = _del_sa,
+			.add_policy = _add_policy,
+			.query_policy = _query_policy,
+			.del_policy = _del_policy,
+			.bypass_socket = _bypass_socket,
+			.destroy = _destroy,
+		},
+		.policies = linked_list_create(),
+		.allocated_spis = linked_list_create(),
+		.installed_sas = linked_list_create(),
+		.ipsec_devices = linked_list_create(),
+		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+		.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
+		.install_routes = lib->settings->get_bool(lib->settings,
+												"charon.install_routes", TRUE),
+	);
 
 	/* initialize ipsec devices */
 	init_ipsec_devices(this);
@@ -2646,21 +2625,27 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
 	this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
 	if (this->socket <= 0)
 	{
-		charon->kill(charon, "unable to create PF_KEY socket");
+		DBG1(DBG_KNL, "unable to create PF_KEY socket");
+		destroy(this);
+		return NULL;
 	}
 
 	/* create a PF_KEY socket for ACQUIRE & EXPIRE */
 	this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
 	if (this->socket_events <= 0)
 	{
-		charon->kill(charon, "unable to create PF_KEY event socket");
+		DBG1(DBG_KNL, "unable to create PF_KEY event socket");
+		destroy(this);
+		return NULL;
 	}
 
 	/* register the event socket */
 	if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS ||
 		register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS)
 	{
-		charon->kill(charon, "unable to register PF_KEY event socket");
+		DBG1(DBG_KNL, "unable to register PF_KEY event socket");
+		destroy(this);
+		return NULL;
 	}
 
 	this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -2669,3 +2654,4 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
 
 	return &this->public;
 }
+
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h
index 306ec0ada..306ec0ada 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c
index b0117c10c..fa5e9eb29 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_kernel_klips_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *kernel_klips_plugin_create()
 {
 	private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t);
 
diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h
index 123550bf5..6086217ad 100644
--- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h
+++ b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h
@@ -39,9 +39,4 @@ struct kernel_klips_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a kernel_klips_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** KERNEL_KLIPS_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_klips/pfkeyv2.h b/src/libcharon/plugins/kernel_klips/pfkeyv2.h
index 20d1c298d..20d1c298d 100644
--- a/src/charon/plugins/kernel_klips/pfkeyv2.h
+++ b/src/libcharon/plugins/kernel_klips/pfkeyv2.h
diff --git a/src/charon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am
index 31d9c6d5c..2bb00ec0d 100644
--- a/src/charon/plugins/kernel_netlink/Makefile.am
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.am
@@ -1,13 +1,20 @@
 
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic \
 -DROUTING_TABLE=${routing_table} \
 -DROUTING_TABLE_PRIO=${routing_table_prio}
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la
+else
 plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
+endif
 
-libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \
+libstrongswan_kernel_netlink_la_SOURCES = \
+	kernel_netlink_plugin.h kernel_netlink_plugin.c \
 	kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \
 	kernel_netlink_shared.h kernel_netlink_shared.c
+
 libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 09be50587..8c9965467 100644
--- a/src/charon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/kernel_netlink
+subdir = src/libcharon/plugins/kernel_netlink
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_kernel_netlink_la_LIBADD =
 am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \
 	kernel_netlink_ipsec.lo kernel_netlink_net.lo \
@@ -83,6 +83,9 @@ libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_kernel_netlink_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_netlink_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_netlink_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,13 +259,17 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic \
 -DROUTING_TABLE=${routing_table} \
 -DROUTING_TABLE_PRIO=${routing_table_prio}
 
-plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
-libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la
+libstrongswan_kernel_netlink_la_SOURCES = \
+	kernel_netlink_plugin.h kernel_netlink_plugin.c \
 	kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \
 	kernel_netlink_shared.h kernel_netlink_shared.c
 
@@ -279,9 +287,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -300,6 +308,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -332,7 +349,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-kernel-netlink.la: $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_DEPENDENCIES) 
-	$(libstrongswan_kernel_netlink_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS)
+	$(libstrongswan_kernel_netlink_la_LINK) $(am_libstrongswan_kernel_netlink_la_rpath) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -488,8 +505,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -560,18 +577,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 850876b9d..1b8c1b879 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -181,7 +181,7 @@ static kernel_algorithm_t encryption_algs[] = {
 	{ENCR_AES_GCM_ICV8,			"rfc4106(gcm(aes))"	},
 	{ENCR_AES_GCM_ICV12,		"rfc4106(gcm(aes))"	},
 	{ENCR_AES_GCM_ICV16,		"rfc4106(gcm(aes))"	},
-/*	{ENCR_NULL_AUTH_AES_GMAC,	"***"				}, */
+	{ENCR_NULL_AUTH_AES_GMAC,	"rfc4543(gcm(aes))"	},
 	{ENCR_CAMELLIA_CBC,			"cbc(camellia)"		},
 /*	{ENCR_CAMELLIA_CTR,			"***"				}, */
 /*	{ENCR_CAMELLIA_CCM_ICV8,	"***"				}, */
@@ -875,13 +875,9 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.get_spi.
- */
-static status_t get_spi(private_kernel_netlink_ipsec_t *this,
-						host_t *src, host_t *dst,
-						protocol_id_t protocol, u_int32_t reqid,
-						u_int32_t *spi)
+METHOD(kernel_ipsec_t, get_spi, status_t,
+	private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+	protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
 {
 	DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid);
 
@@ -897,12 +893,9 @@ static status_t get_spi(private_kernel_netlink_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.get_cpi.
- */
-static status_t get_cpi(private_kernel_netlink_ipsec_t *this,
-						host_t *src, host_t *dst,
-						u_int32_t reqid, u_int16_t *cpi)
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+	private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t reqid, u_int16_t *cpi)
 {
 	u_int32_t received_spi = 0;
 
@@ -922,18 +915,13 @@ static status_t get_cpi(private_kernel_netlink_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.add_sa.
- */
-static status_t add_sa(private_kernel_netlink_ipsec_t *this,
-					   host_t *src, host_t *dst, u_int32_t spi,
-					   protocol_id_t protocol, u_int32_t reqid,
-					   lifetime_cfg_t *lifetime,
-					   u_int16_t enc_alg, chunk_t enc_key,
-					   u_int16_t int_alg, chunk_t int_key,
-					   ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-					   bool encap, bool inbound,
-					   traffic_selector_t* src_ts, traffic_selector_t* dst_ts)
+METHOD(kernel_ipsec_t, add_sa, status_t,
+	private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int32_t reqid,
+	lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key,
+	u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp,
+	u_int16_t cpi, bool encap, bool inbound, traffic_selector_t* src_ts,
+	traffic_selector_t* dst_ts)
 {
 	netlink_buf_t request;
 	char *alg_name;
@@ -1007,6 +995,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this,
 			break;
 		case ENCR_AES_CCM_ICV16:
 		case ENCR_AES_GCM_ICV16:
+		case ENCR_NULL_AUTH_AES_GMAC:
 		case ENCR_CAMELLIA_CCM_ICV16:
 			icv_size += 32;
 			/* FALL */
@@ -1284,12 +1273,9 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this,
 	return FAILED;
 }
 
-/**
- * Implementation of kernel_interface_t.query_sa.
- */
-static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
-						 host_t *dst, u_int32_t spi, protocol_id_t protocol,
-						 u_int64_t *bytes)
+METHOD(kernel_ipsec_t, query_sa, status_t,
+	private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
 {
 	netlink_buf_t request;
 	struct nlmsghdr *out = NULL, *hdr;
@@ -1352,12 +1338,10 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
 	free(out);
 	return SUCCESS;
 }
-/**
- * Implementation of kernel_interface_t.del_sa.
- */
-static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
-					   host_t *dst, u_int32_t spi, protocol_id_t protocol,
-					   u_int16_t cpi)
+
+METHOD(kernel_ipsec_t, del_sa, status_t,
+	private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
 {
 	netlink_buf_t request;
 	struct nlmsghdr *hdr;
@@ -1393,14 +1377,10 @@ static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.update_sa.
- */
-static status_t update_sa(private_kernel_netlink_ipsec_t *this,
-						  u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
-						  host_t *src, host_t *dst,
-						  host_t *new_src, host_t *new_dst,
-						  bool old_encap, bool new_encap)
+METHOD(kernel_ipsec_t, update_sa, status_t,
+	private_kernel_netlink_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+	u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+	bool old_encap, bool new_encap)
 {
 	netlink_buf_t request;
 	u_char *pos;
@@ -1574,17 +1554,12 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.add_policy.
- */
-static status_t add_policy(private_kernel_netlink_ipsec_t *this,
-						   host_t *src, host_t *dst,
-						   traffic_selector_t *src_ts,
-						   traffic_selector_t *dst_ts,
-						   policy_dir_t direction, u_int32_t spi,
-						   protocol_id_t protocol, u_int32_t reqid,
-						   ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						   bool routed)
+METHOD(kernel_ipsec_t, add_policy, status_t,
+	private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+	policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+	u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+	bool routed)
 {
 	policy_entry_t *current, *policy;
 	bool found = FALSE;
@@ -1764,13 +1739,9 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.query_policy.
- */
-static status_t query_policy(private_kernel_netlink_ipsec_t *this,
-							 traffic_selector_t *src_ts,
-							 traffic_selector_t *dst_ts,
-							 policy_dir_t direction, u_int32_t *use_time)
+METHOD(kernel_ipsec_t, query_policy, status_t,
+	private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
 {
 	netlink_buf_t request;
 	struct nlmsghdr *out = NULL, *hdr;
@@ -1843,13 +1814,9 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.del_policy.
- */
-static status_t del_policy(private_kernel_netlink_ipsec_t *this,
-						   traffic_selector_t *src_ts,
-						   traffic_selector_t *dst_ts,
-						   policy_dir_t direction, bool unrouted)
+METHOD(kernel_ipsec_t, del_policy, status_t,
+	private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
 {
 	policy_entry_t *current, policy, *to_delete = NULL;
 	route_entry_t *route;
@@ -1925,17 +1892,62 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_netlink_ipsec_t *this)
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+	private_kernel_netlink_ipsec_t *this, int fd, int family)
+{
+	struct xfrm_userpolicy_info policy;
+	u_int sol, ipsec_policy;
+
+	switch (family)
+	{
+		case AF_INET:
+			sol = SOL_IP;
+			ipsec_policy = IP_XFRM_POLICY;
+			break;
+		case AF_INET6:
+			sol = SOL_IPV6;
+			ipsec_policy = IPV6_XFRM_POLICY;
+			break;
+		default:
+			return FALSE;
+	}
+
+	memset(&policy, 0, sizeof(policy));
+	policy.action = XFRM_POLICY_ALLOW;
+	policy.sel.family = family;
+
+	policy.dir = XFRM_POLICY_OUT;
+	if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+	{
+		DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+			 strerror(errno));
+		return FALSE;
+	}
+	policy.dir = XFRM_POLICY_IN;
+	if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+	{
+		DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+			 strerror(errno));
+		return FALSE;
+	}
+	return TRUE;
+}
+
+METHOD(kernel_ipsec_t, destroy, void,
+	private_kernel_netlink_ipsec_t *this)
 {
 	enumerator_t *enumerator;
 	policy_entry_t *policy;
 
-	this->job->cancel(this->job);
-	close(this->socket_xfrm_events);
-	this->socket_xfrm->destroy(this->socket_xfrm);
+	if (this->job)
+	{
+		this->job->cancel(this->job);
+	}
+	if (this->socket_xfrm_events > 0)
+	{
+		close(this->socket_xfrm_events);
+	}
+	DESTROY_IF(this->socket_xfrm);
 	enumerator = this->policies->create_enumerator(this->policies);
 	while (enumerator->enumerate(enumerator, &policy, &policy))
 	{
@@ -1947,87 +1959,35 @@ static void destroy(private_kernel_netlink_ipsec_t *this)
 	free(this);
 }
 
-/**
- * Add bypass policies for IKE on the sockets used by charon
- */
-static bool add_bypass_policies()
-{
-	int fd, family, port;
-	enumerator_t *sockets;
-	bool status = TRUE;
-
-	sockets = charon->socket->create_enumerator(charon->socket);
-	while (sockets->enumerate(sockets, &fd, &family, &port))
-	{
-		struct xfrm_userpolicy_info policy;
-		u_int sol, ipsec_policy;
-
-		switch (family)
-		{
-			case AF_INET:
-				sol = SOL_IP;
-				ipsec_policy = IP_XFRM_POLICY;
-				break;
-			case AF_INET6:
-				sol = SOL_IPV6;
-				ipsec_policy = IPV6_XFRM_POLICY;
-				break;
-			default:
-				continue;
-		}
-
-		memset(&policy, 0, sizeof(policy));
-		policy.action = XFRM_POLICY_ALLOW;
-		policy.sel.family = family;
-
-		policy.dir = XFRM_POLICY_OUT;
-		if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
-		{
-			DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
-				 strerror(errno));
-			status = FALSE;
-			break;
-		}
-		policy.dir = XFRM_POLICY_IN;
-		if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
-		{
-			DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
-				 strerror(errno));
-			status = FALSE;
-			break;
-		}
-	}
-	sockets->destroy(sockets);
-	return status;
-}
-
 /*
  * Described in header.
  */
 kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 {
-	private_kernel_netlink_ipsec_t *this = malloc_thing(private_kernel_netlink_ipsec_t);
+	private_kernel_netlink_ipsec_t *this;
 	struct sockaddr_nl addr;
 	int fd;
 
-	/* public functions */
-	this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
-	this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
-	this->public.interface.add_sa  = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
-	this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
-	this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
-	this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
-	this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
-	this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
-	this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-	this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
-
-	/* private members */
-	this->policies = hashtable_create((hashtable_hash_t)policy_hash,
-									  (hashtable_equals_t)policy_equals, 32);
-	this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
-	this->install_routes = lib->settings->get_bool(lib->settings,
-					"charon.install_routes", TRUE);
+	INIT(this,
+		.public.interface = {
+			.get_spi = _get_spi,
+			.get_cpi = _get_cpi,
+			.add_sa  = _add_sa,
+			.update_sa = _update_sa,
+			.query_sa = _query_sa,
+			.del_sa = _del_sa,
+			.add_policy = _add_policy,
+			.query_policy = _query_policy,
+			.del_policy = _del_policy,
+			.bypass_socket = _bypass_socket,
+			.destroy = _destroy,
+		},
+		.policies = hashtable_create((hashtable_hash_t)policy_hash,
+									 (hashtable_equals_t)policy_equals, 32),
+		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+		.install_routes = lib->settings->get_bool(lib->settings,
+												"charon.install_routes", TRUE),
+	);
 
 	/* disable lifetimes for allocated SPIs in kernel */
 	fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY);
@@ -2038,6 +1998,11 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 	}
 
 	this->socket_xfrm = netlink_socket_create(NETLINK_XFRM);
+	if (!this->socket_xfrm)
+	{
+		destroy(this);
+		return NULL;
+	}
 
 	memset(&addr, 0, sizeof(addr));
 	addr.nl_family = AF_NETLINK;
@@ -2046,24 +2011,22 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 	this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM);
 	if (this->socket_xfrm_events <= 0)
 	{
-		charon->kill(charon, "unable to create XFRM event socket");
+		DBG1(DBG_KNL, "unable to create XFRM event socket");
+		destroy(this);
+		return NULL;
 	}
 	addr.nl_groups = XFRMNLGRP(ACQUIRE) | XFRMNLGRP(EXPIRE) |
 					 XFRMNLGRP(MIGRATE) | XFRMNLGRP(MAPPING);
 	if (bind(this->socket_xfrm_events, (struct sockaddr*)&addr, sizeof(addr)))
 	{
-		charon->kill(charon, "unable to bind XFRM event socket");
+		DBG1(DBG_KNL, "unable to bind XFRM event socket");
+		destroy(this);
+		return NULL;
 	}
-
-	/* add bypass policies on the sockets used by charon */
-	if (!add_bypass_policies())
-	{
-		charon->kill(charon, "unable to add bypass policies on sockets");
-	}
-
 	this->job = callback_job_create((callback_job_cb_t)receive_events,
 									this, NULL, NULL);
 	charon->processor->queue_job(charon->processor, (job_t*)this->job);
 
 	return &this->public;
 }
+
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h
index 3a45cce06..3a45cce06 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 4a9fdf69a..6750458cf 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -14,6 +14,29 @@
  * for more details.
  */
 
+/*
+ * Copyright (C) 2010 secunet Security Networks AG
+ * Copyright (C) 2010 Thomas Egerer
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
 #include <sys/socket.h>
 #include <linux/netlink.h>
 #include <linux/rtnetlink.h>
@@ -158,6 +181,11 @@ struct private_kernel_netlink_net_t {
 	 * whether to actually install virtual IPs
 	 */
 	bool install_virtual_ip;
+
+	/**
+	 * list with routing tables to be excluded from route lookup
+	 */
+	linked_list_t *rt_exclude;
 };
 
 /**
@@ -764,6 +792,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 	chunk_t chunk;
 	size_t len;
 	int best = -1;
+	enumerator_t *enumerator;
 	host_t *src = NULL, *gtw = NULL;
 
 	DBG2(DBG_KNL, "getting address to reach %H", dest);
@@ -813,6 +842,8 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 				chunk_t rta_gtw, rta_src, rta_dst;
 				u_int32_t rta_oif = 0;
 				host_t *new_src, *new_gtw;
+				bool cont = FALSE;
+				uintptr_t table;
 
 				rta_gtw = rta_src = rta_dst = chunk_empty;
 				msg = (struct rtmsg*)(NLMSG_DATA(current));
@@ -844,6 +875,20 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 				{	/* not better than a previous one */
 					continue;
 				}
+				enumerator = this->rt_exclude->create_enumerator(this->rt_exclude);
+				while (enumerator->enumerate(enumerator, &table))
+				{
+					if (table == msg->rtm_table)
+					{
+						cont = TRUE;
+						break;
+					}
+				}
+				enumerator->destroy(enumerator);
+				if (cont)
+				{
+					continue;
+				}
 				if (this->routing_table != 0 &&
 					msg->rtm_table == this->routing_table)
 				{	/* route is from our own ipsec routing table */
@@ -1336,11 +1381,17 @@ static void destroy(private_kernel_netlink_net_t *this)
 		manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table,
 					this->routing_table_prio);
 	}
-
-	this->job->cancel(this->job);
-	close(this->socket_events);
-	this->socket->destroy(this->socket);
+	if (this->job)
+	{
+		this->job->cancel(this->job);
+	}
+	if (this->socket_events > 0)
+	{
+		close(this->socket_events);
+	}
+	DESTROY_IF(this->socket);
 	this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
+	this->rt_exclude->destroy(this->rt_exclude);
 	this->condvar->destroy(this->condvar);
 	this->mutex->destroy(this->mutex);
 	free(this);
@@ -1353,6 +1404,8 @@ kernel_netlink_net_t *kernel_netlink_net_create()
 {
 	private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t);
 	struct sockaddr_nl addr;
+	enumerator_t *enumerator;
+	char *exclude;
 
 	/* public functions */
 	this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name;
@@ -1379,22 +1432,49 @@ kernel_netlink_net_t *kernel_netlink_net_create()
 	this->install_virtual_ip = lib->settings->get_bool(lib->settings,
 					"charon.install_virtual_ip", TRUE);
 
+	this->rt_exclude = linked_list_create();
+	exclude = lib->settings->get_str(lib->settings,
+					"charon.ignore_routing_tables", NULL);
+	if (exclude)
+	{
+		char *token;
+		uintptr_t table;
+
+		enumerator = enumerator_create_token(exclude, " ", " ");
+		while (enumerator->enumerate(enumerator, &token))
+		{
+			errno = 0;
+			table = strtoul(token, NULL, 10);
+
+			if (errno == 0)
+			{
+				this->rt_exclude->insert_last(this->rt_exclude, (void*)table);
+			}
+		}
+		enumerator->destroy(enumerator);
+	}
+
 	this->socket = netlink_socket_create(NETLINK_ROUTE);
+	this->job = NULL;
 
 	memset(&addr, 0, sizeof(addr));
 	addr.nl_family = AF_NETLINK;
 
 	/* create and bind RT socket for events (address/interface/route changes) */
 	this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
-	if (this->socket_events <= 0)
+	if (this->socket_events < 0)
 	{
-		charon->kill(charon, "unable to create RT event socket");
+		DBG1(DBG_KNL, "unable to create RT event socket");
+		destroy(this);
+		return NULL;
 	}
 	addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR |
 					 RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK;
 	if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr)))
 	{
-		charon->kill(charon, "unable to bind RT event socket");
+		DBG1(DBG_KNL, "unable to bind RT event socket");
+		destroy(this);
+		return NULL;
 	}
 
 	this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -1403,7 +1483,9 @@ kernel_netlink_net_t *kernel_netlink_net_create()
 
 	if (init_address_list(this) != SUCCESS)
 	{
-		charon->kill(charon, "unable to get interface list");
+		DBG1(DBG_KNL, "unable to get interface list");
+		destroy(this);
+		return NULL;
 	}
 
 	if (this->routing_table)
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h
index ff9831d3c..ff9831d3c 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
index cdf20f14a..4c61265aa 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c
@@ -46,7 +46,7 @@ static void destroy(private_kernel_netlink_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *kernel_netlink_plugin_create()
 {
 	private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t);
 
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h
index ec6036b98..74c9ae24f 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h
@@ -39,9 +39,4 @@ struct kernel_netlink_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a kernel_netlink_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** KERNEL_NETLINK_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
index b96186a3a..5ed568150 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -236,7 +236,10 @@ static status_t netlink_send_ack(private_netlink_socket_t *this, struct nlmsghdr
  */
 static void destroy(private_netlink_socket_t *this)
 {
-	close(this->socket);
+	if (this->socket > 0)
+	{
+		close(this->socket);
+	}
 	this->mutex->destroy(this->mutex);
 	free(this);
 }
@@ -244,7 +247,8 @@ static void destroy(private_netlink_socket_t *this)
 /**
  * Described in header.
  */
-netlink_socket_t *netlink_socket_create(int protocol) {
+netlink_socket_t *netlink_socket_create(int protocol)
+{
 	private_netlink_socket_t *this = malloc_thing(private_netlink_socket_t);
 	struct sockaddr_nl addr;
 
@@ -262,15 +266,19 @@ netlink_socket_t *netlink_socket_create(int protocol) {
 
 	this->protocol = protocol;
 	this->socket = socket(AF_NETLINK, SOCK_RAW, protocol);
-	if (this->socket <= 0)
+	if (this->socket < 0)
 	{
-		charon->kill(charon, "unable to create netlink socket");
+		DBG1(DBG_KNL, "unable to create netlink socket");
+		destroy(this);
+		return NULL;
 	}
 
 	addr.nl_groups = 0;
 	if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr)))
 	{
-		charon->kill(charon, "unable to bind netlink socket");
+		DBG1(DBG_KNL, "unable to bind netlink socket");
+		destroy(this);
+		return NULL;
 	}
 
 	return &this->public;
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
index dfd27a21a..dfd27a21a 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
diff --git a/src/charon/plugins/kernel_pfkey/Makefile.am b/src/libcharon/plugins/kernel_pfkey/Makefile.am
index a72c6a999..778a7f9a9 100644
--- a/src/charon/plugins/kernel_pfkey/Makefile.am
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.am
@@ -1,10 +1,17 @@
 
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+else
 plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+endif
 
-libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
+libstrongswan_kernel_pfkey_la_SOURCES = \
+	kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
 	kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c
+
 libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index 8a0961a7d..2b028ba71 100644
--- a/src/charon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/kernel_pfkey
+subdir = src/libcharon/plugins/kernel_pfkey
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_kernel_pfkey_la_LIBADD =
 am_libstrongswan_kernel_pfkey_la_OBJECTS = kernel_pfkey_plugin.lo \
 	kernel_pfkey_ipsec.lo
@@ -82,6 +82,9 @@ libstrongswan_kernel_pfkey_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_kernel_pfkey_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_pfkey_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_pfkey_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
-libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la
+libstrongswan_kernel_pfkey_la_SOURCES = \
+	kernel_pfkey_plugin.h kernel_pfkey_plugin.c \
 	kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c
 
 libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-kernel-pfkey.la: $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_DEPENDENCIES) 
-	$(libstrongswan_kernel_pfkey_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS)
+	$(libstrongswan_kernel_pfkey_la_LINK) $(am_libstrongswan_kernel_pfkey_la_rpath) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +498,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 9c50746ac..8a7883c8a 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1149,13 +1149,9 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this)
 	return JOB_REQUEUE_DIRECT;
 }
 
-/**
- * Implementation of kernel_interface_t.get_spi.
- */
-static status_t get_spi(private_kernel_pfkey_ipsec_t *this,
-						host_t *src, host_t *dst,
-						protocol_id_t protocol, u_int32_t reqid,
-						u_int32_t *spi)
+METHOD(kernel_ipsec_t, get_spi, status_t,
+	private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+	protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1212,28 +1208,19 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.get_cpi.
- */
-static status_t get_cpi(private_kernel_pfkey_ipsec_t *this,
-						host_t *src, host_t *dst,
-						u_int32_t reqid, u_int16_t *cpi)
+METHOD(kernel_ipsec_t, get_cpi, status_t,
+	private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t reqid, u_int16_t *cpi)
 {
 	return FAILED;
 }
 
-/**
- * Implementation of kernel_interface_t.add_sa.
- */
-static status_t add_sa(private_kernel_pfkey_ipsec_t *this,
-					   host_t *src, host_t *dst, u_int32_t spi,
-					   protocol_id_t protocol, u_int32_t reqid,
-					   lifetime_cfg_t *lifetime,
-					   u_int16_t enc_alg, chunk_t enc_key,
-					   u_int16_t int_alg, chunk_t int_key,
-					   ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-					   bool encap, bool inbound, traffic_selector_t *src_ts,
-					   traffic_selector_t *dst_ts)
+METHOD(kernel_ipsec_t, add_sa, status_t,
+	private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi,
+	protocol_id_t protocol, u_int32_t reqid, lifetime_cfg_t *lifetime,
+	u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key,
+	ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap,
+	bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1374,14 +1361,10 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.update_sa.
- */
-static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
-						  u_int32_t spi, protocol_id_t protocol, u_int16_t cpi,
-						  host_t *src, host_t *dst,
-						  host_t *new_src, host_t *new_dst,
-						  bool encap, bool new_encap)
+METHOD(kernel_ipsec_t, update_sa, status_t,
+	private_kernel_pfkey_ipsec_t *this, u_int32_t spi, protocol_id_t protocol,
+	u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst,
+	bool encap, bool new_encap)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1512,12 +1495,9 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.query_sa.
- */
-static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
-						 host_t *dst, u_int32_t spi, protocol_id_t protocol,
-						 u_int64_t *bytes)
+METHOD(kernel_ipsec_t, query_sa, status_t,
+	private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1571,12 +1551,9 @@ static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.del_sa.
- */
-static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
-					   host_t *dst, u_int32_t spi, protocol_id_t protocol,
-					   u_int16_t cpi)
+METHOD(kernel_ipsec_t, del_sa, status_t,
+	private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+	u_int32_t spi, protocol_id_t protocol, u_int16_t cpi)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1623,17 +1600,12 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.add_policy.
- */
-static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
-						   host_t *src, host_t *dst,
-						   traffic_selector_t *src_ts,
-						   traffic_selector_t *dst_ts,
-						   policy_dir_t direction, u_int32_t spi,
-						   protocol_id_t protocol, u_int32_t reqid,
-						   ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
-						   bool routed)
+METHOD(kernel_ipsec_t, add_policy, status_t,
+	private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst,
+	traffic_selector_t *src_ts, traffic_selector_t *dst_ts,
+	policy_dir_t direction, u_int32_t spi, protocol_id_t protocol,
+	u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi,
+	bool routed)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1828,13 +1800,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.query_policy.
- */
-static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
-							 traffic_selector_t *src_ts,
-							 traffic_selector_t *dst_ts,
-							 policy_dir_t direction, u_int32_t *use_time)
+METHOD(kernel_ipsec_t, query_policy, status_t,
+	private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -1935,13 +1903,9 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.del_policy.
- */
-static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
-						   traffic_selector_t *src_ts,
-						   traffic_selector_t *dst_ts,
-						   policy_dir_t direction, bool unrouted)
+METHOD(kernel_ipsec_t, del_policy, status_t,
+	private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts,
+	traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -2049,7 +2013,8 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
 /**
  * Register a socket for AQUIRE/EXPIRE messages
  */
-static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8_t satype)
+static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this,
+									  u_int8_t satype)
 {
 	unsigned char request[PFKEY_BUFFER_SIZE];
 	struct sadb_msg *msg, *out;
@@ -2079,77 +2044,71 @@ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8
 	return SUCCESS;
 }
 
-/**
- * Implementation of kernel_interface_t.destroy.
- */
-static void destroy(private_kernel_pfkey_ipsec_t *this)
+METHOD(kernel_ipsec_t, bypass_socket, bool,
+	private_kernel_pfkey_ipsec_t *this, int fd, int family)
 {
-	this->job->cancel(this->job);
-	close(this->socket);
-	close(this->socket_events);
-	this->policies->destroy_function(this->policies, (void*)policy_entry_destroy);
-	this->mutex->destroy(this->mutex);
-	this->mutex_pfkey->destroy(this->mutex_pfkey);
-	free(this);
-}
+	struct sadb_x_policy policy;
+	u_int sol, ipsec_policy;
 
-/**
- * Add bypass policies for IKE on the sockets of charon
- */
-static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this)
-{
-	int fd, family, port;
-	enumerator_t *sockets;
-	bool status = TRUE;
-
-	sockets = charon->socket->create_enumerator(charon->socket);
-	while (sockets->enumerate(sockets, &fd, &family, &port))
+	switch (family)
 	{
-		struct sadb_x_policy policy;
-		u_int sol, ipsec_policy;
-
-		switch (family)
-		{
-			case AF_INET:
-			{
-				sol = SOL_IP;
-				ipsec_policy = IP_IPSEC_POLICY;
-				break;
-			}
-			case AF_INET6:
-			{
-				sol = SOL_IPV6;
-				ipsec_policy = IPV6_IPSEC_POLICY;
-				break;
-			}
-			default:
-				continue;
-		}
-
-		memset(&policy, 0, sizeof(policy));
-		policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
-		policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
-		policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
-
-		policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
-		if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+		case AF_INET:
 		{
-			DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
-				 strerror(errno));
-			status = FALSE;
+			sol = SOL_IP;
+			ipsec_policy = IP_IPSEC_POLICY;
 			break;
 		}
-		policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
-		if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+		case AF_INET6:
 		{
-			DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
-				 strerror(errno));
-			status = FALSE;
+			sol = SOL_IPV6;
+			ipsec_policy = IPV6_IPSEC_POLICY;
 			break;
 		}
+		default:
+			return FALSE;
+	}
+
+	memset(&policy, 0, sizeof(policy));
+	policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t);
+	policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+	policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS;
+
+	policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND;
+	if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+	{
+		DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+			 strerror(errno));
+		return FALSE;
+	}
+	policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND;
+	if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0)
+	{
+		DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s",
+			 strerror(errno));
+		return FALSE;
 	}
-	sockets->destroy(sockets);
-	return status;
+	return TRUE;
+}
+
+METHOD(kernel_ipsec_t, destroy, void,
+	private_kernel_pfkey_ipsec_t *this)
+{
+	if (this->job)
+	{
+		this->job->cancel(this->job);
+	}
+	if (this->socket > 0)
+	{
+		close(this->socket);
+	}
+	if (this->socket_events > 0)
+	{
+		close(this->socket_events);
+	}
+	this->policies->destroy_function(this->policies, (void*)policy_entry_destroy);
+	this->mutex->destroy(this->mutex);
+	this->mutex_pfkey->destroy(this->mutex_pfkey);
+	free(this);
 }
 
 /*
@@ -2157,54 +2116,54 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this)
  */
 kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
 {
-	private_kernel_pfkey_ipsec_t *this = malloc_thing(private_kernel_pfkey_ipsec_t);
-
-	/* public functions */
-	this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi;
-	this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi;
-	this->public.interface.add_sa  = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa;
-	this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa;
-	this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa;
-	this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa;
-	this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy;
-	this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy;
-	this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy;
-
-	this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy;
-
-	/* private members */
-	this->policies = linked_list_create();
-	this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
-	this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT);
-	this->install_routes = lib->settings->get_bool(lib->settings,
-												"charon.install_routes", TRUE);
-	this->seq = 0;
+	private_kernel_pfkey_ipsec_t *this;
+
+	INIT(this,
+		.public.interface = {
+			.get_spi = _get_spi,
+			.get_cpi = _get_cpi,
+			.add_sa  = _add_sa,
+			.update_sa = _update_sa,
+			.query_sa = _query_sa,
+			.del_sa = _del_sa,
+			.add_policy = _add_policy,
+			.query_policy = _query_policy,
+			.del_policy = _del_policy,
+			.bypass_socket = _bypass_socket,
+			.destroy = _destroy,
+		},
+		.policies = linked_list_create(),
+		.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+		.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
+		.install_routes = lib->settings->get_bool(lib->settings,
+												"charon.install_routes", TRUE),
+	);
 
 	/* create a PF_KEY socket to communicate with the kernel */
 	this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
 	if (this->socket <= 0)
 	{
-		charon->kill(charon, "unable to create PF_KEY socket");
+		DBG1(DBG_KNL, "unable to create PF_KEY socket");
+		destroy(this);
+		return NULL;
 	}
 
 	/* create a PF_KEY socket for ACQUIRE & EXPIRE */
 	this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
 	if (this->socket_events <= 0)
 	{
-		charon->kill(charon, "unable to create PF_KEY event socket");
-	}
-
-	/* add bypass policies on the sockets used by charon */
-	if (!add_bypass_policies(this))
-	{
-		charon->kill(charon, "unable to add bypass policies on sockets");
+		DBG1(DBG_KNL, "unable to create PF_KEY event socket");
+		destroy(this);
+		return NULL;
 	}
 
 	/* register the event socket */
 	if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS ||
 		register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS)
 	{
-		charon->kill(charon, "unable to register PF_KEY event socket");
+		DBG1(DBG_KNL, "unable to register PF_KEY event socket");
+		destroy(this);
+		return NULL;
 	}
 
 	this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -2213,3 +2172,4 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
 
 	return &this->public;
 }
+
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
index 649f93733..649f93733 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
index 3380c328c..b84ccf150 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_kernel_pfkey_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *kernel_pfkey_plugin_create()
 {
 	private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t);
 
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
index 2f168aa9c..ecccc6303 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h
@@ -39,9 +39,4 @@ struct kernel_pfkey_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a kernel_pfkey_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** KERNEL_PFKEY_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/kernel_pfroute/Makefile.am b/src/libcharon/plugins/kernel_pfroute/Makefile.am
index 0065d9b0a..83db48160 100644
--- a/src/charon/plugins/kernel_pfroute/Makefile.am
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.am
@@ -1,10 +1,17 @@
 
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+else
 plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+endif
 
-libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
+libstrongswan_kernel_pfroute_la_SOURCES = \
+	kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
 	kernel_pfroute_net.h kernel_pfroute_net.c
+
 libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index da8c7585f..3a4d2c3b5 100644
--- a/src/charon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/kernel_pfroute
+subdir = src/libcharon/plugins/kernel_pfroute
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_kernel_pfroute_la_LIBADD =
 am_libstrongswan_kernel_pfroute_la_OBJECTS = kernel_pfroute_plugin.lo \
 	kernel_pfroute_net.lo
@@ -82,6 +82,9 @@ libstrongswan_kernel_pfroute_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_kernel_pfroute_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_kernel_pfroute_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_kernel_pfroute_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
-libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la
+libstrongswan_kernel_pfroute_la_SOURCES = \
+	kernel_pfroute_plugin.h kernel_pfroute_plugin.c \
 	kernel_pfroute_net.h kernel_pfroute_net.c
 
 libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-kernel-pfroute.la: $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_DEPENDENCIES) 
-	$(libstrongswan_kernel_pfroute_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS)
+	$(libstrongswan_kernel_pfroute_la_LINK) $(am_libstrongswan_kernel_pfroute_la_rpath) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +498,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
index 9f1baf5b5..97c019b58 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -650,9 +650,18 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this)
  */
 static void destroy(private_kernel_pfroute_net_t *this)
 {
-	this->job->cancel(this->job);
-	close(this->socket);
-	close(this->socket_events);
+	if (this->job)
+	{
+		this->job->cancel(this->job);
+	}
+	if (this->socket > 0)
+	{
+		close(this->socket);
+	}
+	if (this->socket_events)
+	{
+		close(this->socket_events);
+	}
 	this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy);
 	this->mutex->destroy(this->mutex);
 	this->mutex_pfroute->destroy(this->mutex_pfroute);
@@ -684,19 +693,25 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
 	this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT);
 
 	this->seq = 0;
+	this->socket_events = 0;
+	this->job = NULL;
 
 	/* create a PF_ROUTE socket to communicate with the kernel */
 	this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
-	if (this->socket <= 0)
+	if (this->socket < 0)
 	{
-		charon->kill(charon, "unable to create PF_ROUTE socket");
+		DBG1(DBG_KNL, "unable to create PF_ROUTE socket");
+		destroy(this);
+		return NULL;
 	}
 
 	/* create a PF_ROUTE socket to receive events */
 	this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
-	if (this->socket_events <= 0)
+	if (this->socket_events < 0)
 	{
-		charon->kill(charon, "unable to create PF_ROUTE event socket");
+		DBG1(DBG_KNL, "unable to create PF_ROUTE event socket");
+		destroy(this);
+		return NULL;
 	}
 
 	this->job = callback_job_create((callback_job_cb_t)receive_events,
@@ -705,7 +720,9 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
 
 	if (init_address_list(this) != SUCCESS)
 	{
-		charon->kill(charon, "unable to get interface list");
+		DBG1(DBG_KNL, "unable to get interface list");
+		destroy(this);
+		return NULL;
 	}
 
 	return &this->public;
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h
index 10c3c9eb7..10c3c9eb7 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.h
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
index e73cbeafb..97139fb56 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c
@@ -45,7 +45,7 @@ static void destroy(private_kernel_pfroute_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *kernel_pfroute_plugin_create()
 {
 	private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t);
 
diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
index 6caf097c6..50642a572 100644
--- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
+++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h
@@ -39,9 +39,4 @@ struct kernel_pfroute_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a kernel_pfroute_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** KERNEL_PFROUTE_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/load_tester/Makefile.am b/src/libcharon/plugins/load_tester/Makefile.am
new file mode 100644
index 000000000..cdd0445a9
--- /dev/null
+++ b/src/libcharon/plugins/load_tester/Makefile.am
@@ -0,0 +1,21 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-load-tester.la
+else
+plugin_LTLIBRARIES = libstrongswan-load-tester.la
+endif
+
+libstrongswan_load_tester_la_SOURCES = \
+	load_tester_plugin.c load_tester_plugin.h \
+	load_tester_config.c load_tester_config.h \
+	load_tester_creds.c load_tester_creds.h \
+	load_tester_ipsec.c load_tester_ipsec.h \
+	load_tester_listener.c load_tester_listener.h \
+	load_tester_diffie_hellman.c load_tester_diffie_hellman.h
+
+libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 70c7d3c99..8965aff78 100644
--- a/src/charon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/load_tester
+subdir = src/libcharon/plugins/load_tester
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_load_tester_la_LIBADD =
 am_libstrongswan_load_tester_la_OBJECTS = load_tester_plugin.lo \
 	load_tester_config.lo load_tester_creds.lo \
@@ -84,6 +84,9 @@ libstrongswan_load_tester_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_load_tester_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_load_tester_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_load_tester_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -222,6 +225,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -256,16 +260,19 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-load-tester.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-load-tester.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-load-tester.la
 libstrongswan_load_tester_la_SOURCES = \
-  load_tester_plugin.c load_tester_plugin.h \
-  load_tester_config.c load_tester_config.h \
-  load_tester_creds.c load_tester_creds.h \
-  load_tester_ipsec.c load_tester_ipsec.h \
-  load_tester_listener.c load_tester_listener.h \
-  load_tester_diffie_hellman.c load_tester_diffie_hellman.h
+	load_tester_plugin.c load_tester_plugin.h \
+	load_tester_config.c load_tester_config.h \
+	load_tester_creds.c load_tester_creds.h \
+	load_tester_ipsec.c load_tester_ipsec.h \
+	load_tester_listener.c load_tester_listener.h \
+	load_tester_diffie_hellman.c load_tester_diffie_hellman.h
 
 libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -281,9 +288,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -302,6 +309,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -334,7 +350,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-load-tester.la: $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_DEPENDENCIES) 
-	$(libstrongswan_load_tester_la_LINK) -rpath $(plugindir) $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_LIBADD) $(LIBS)
+	$(libstrongswan_load_tester_la_LINK) $(am_libstrongswan_load_tester_la_rpath) $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -492,8 +508,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -564,18 +580,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c
index 82f408d45..c1f98f2fe 100644
--- a/src/charon/plugins/load_tester/load_tester_config.c
+++ b/src/libcharon/plugins/load_tester/load_tester_config.c
@@ -78,6 +78,11 @@ struct private_load_tester_config_t {
 	 * incremental numbering of generated configs
 	 */
 	u_int num;
+
+	/**
+	 * Dynamic source port, if used
+	 */
+	u_int16_t port;
 };
 
 /**
@@ -189,7 +194,16 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
 		}
 	};
 
-	ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote);
+	if (this->port && num)
+	{
+		ike_cfg = ike_cfg_create(FALSE, FALSE,
+				"0.0.0.0", this->port + num - 1, this->remote, IKEV2_NATT_PORT);
+	}
+	else
+	{
+		ike_cfg = ike_cfg_create(FALSE, FALSE,
+				"0.0.0.0", IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT);
+	}
 	ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
 	peer_cfg = peer_cfg_create("load-test", 2, ike_cfg,
 							   CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
@@ -308,6 +322,9 @@ load_tester_config_t *load_tester_config_create()
 	this->responder_auth = lib->settings->get_str(lib->settings,
 				"charon.plugins.load-tester.responder_auth", "pubkey");
 
+	this->port = lib->settings->get_int(lib->settings,
+				"charon.plugins.load-tester.dynamic_port", 0);
+
 	this->num = 1;
 	this->peer_cfg = generate_config(this, 0);
 
diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/libcharon/plugins/load_tester/load_tester_config.h
index c22387743..c22387743 100644
--- a/src/charon/plugins/load_tester/load_tester_config.h
+++ b/src/libcharon/plugins/load_tester/load_tester_config.h
diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c
index 890703c1a..890703c1a 100644
--- a/src/charon/plugins/load_tester/load_tester_creds.c
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.c
diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/libcharon/plugins/load_tester/load_tester_creds.h
index fb3541164..fb3541164 100644
--- a/src/charon/plugins/load_tester/load_tester_creds.h
+++ b/src/libcharon/plugins/load_tester/load_tester_creds.h
diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
index d5ec3599b..d5ec3599b 100644
--- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c
+++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h
index 672157fb8..672157fb8 100644
--- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h
+++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h
diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
index 1218443cc..1218443cc 100644
--- a/src/charon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.h b/src/libcharon/plugins/load_tester/load_tester_ipsec.h
index 1e1bff84a..1e1bff84a 100644
--- a/src/charon/plugins/load_tester/load_tester_ipsec.h
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.h
diff --git a/src/charon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c
index 96b0cf1ec..96b0cf1ec 100644
--- a/src/charon/plugins/load_tester/load_tester_listener.c
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.c
diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/libcharon/plugins/load_tester/load_tester_listener.h
index b9599294c..b9599294c 100644
--- a/src/charon/plugins/load_tester/load_tester_listener.h
+++ b/src/libcharon/plugins/load_tester/load_tester_listener.h
diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index e25f97423..46145b803 100644
--- a/src/charon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -173,7 +173,7 @@ static void destroy(private_load_tester_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *load_tester_plugin_create()
 {
 	private_load_tester_plugin_t *this;
 	u_int i, shutdown_on = 0;
diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/libcharon/plugins/load_tester/load_tester_plugin.h
index e33f06ac7..15f2d1127 100644
--- a/src/charon/plugins/load_tester/load_tester_plugin.h
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.h
@@ -41,9 +41,4 @@ struct load_tester_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a load_tester_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** LOAD_TESTER_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/medcli/Makefile.am b/src/libcharon/plugins/medcli/Makefile.am
new file mode 100644
index 000000000..cdff8d854
--- /dev/null
+++ b/src/libcharon/plugins/medcli/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-medcli.la
+else
+plugin_LTLIBRARIES = libstrongswan-medcli.la
+endif
+
+libstrongswan_medcli_la_SOURCES = \
+	medcli_plugin.h medcli_plugin.c \
+	medcli_creds.h medcli_creds.c \
+	medcli_config.h medcli_config.c \
+	medcli_listener.h medcli_listener.c
+
+libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 47eeecd5b..539890ec3 100644
--- a/src/charon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/medcli
+subdir = src/libcharon/plugins/medcli
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_medcli_la_LIBADD =
 am_libstrongswan_medcli_la_OBJECTS = medcli_plugin.lo medcli_creds.lo \
 	medcli_config.lo medcli_listener.lo
@@ -81,6 +81,9 @@ libstrongswan_medcli_la_OBJECTS =  \
 libstrongswan_medcli_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_medcli_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_medcli_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_medcli_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,13 +257,17 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-medcli.la
-libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \
-			      medcli_creds.h medcli_creds.c \
-			      medcli_config.h medcli_config.c \
-			      medcli_listener.h medcli_listener.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-medcli.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-medcli.la
+libstrongswan_medcli_la_SOURCES = \
+	medcli_plugin.h medcli_plugin.c \
+	medcli_creds.h medcli_creds.c \
+	medcli_config.h medcli_config.c \
+	medcli_listener.h medcli_listener.c
 
 libstrongswan_medcli_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -275,9 +283,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -296,6 +304,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +345,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-medcli.la: $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_DEPENDENCIES) 
-	$(libstrongswan_medcli_la_LINK) -rpath $(plugindir) $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_LIBADD) $(LIBS)
+	$(libstrongswan_medcli_la_LINK) $(am_libstrongswan_medcli_la_rpath) $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -484,8 +501,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -556,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index 2e49ebbf7..e355d55f7 100644
--- a/src/charon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -120,7 +120,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
 		DESTROY_IF(e);
 		return NULL;
 	}
-	ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address);
+	ike_cfg = ike_cfg_create(FALSE, FALSE,
+						"0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT);
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 	med_cfg = peer_cfg_create(
 		"mediation", 2, ike_cfg,
@@ -395,7 +396,8 @@ medcli_config_t *medcli_config_create(database_t *db)
 	this->db = db;
 	this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200);
 	this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300);
-	this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+	this->ike = ike_cfg_create(FALSE, FALSE,
+						"0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
 	this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
 	schedule_autoinit(this);
diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/libcharon/plugins/medcli/medcli_config.h
index 36c20adf7..36c20adf7 100644
--- a/src/charon/plugins/medcli/medcli_config.h
+++ b/src/libcharon/plugins/medcli/medcli_config.h
diff --git a/src/charon/plugins/medcli/medcli_creds.c b/src/libcharon/plugins/medcli/medcli_creds.c
index 9729df3f5..9729df3f5 100644
--- a/src/charon/plugins/medcli/medcli_creds.c
+++ b/src/libcharon/plugins/medcli/medcli_creds.c
diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/libcharon/plugins/medcli/medcli_creds.h
index 4b5402653..4b5402653 100644
--- a/src/charon/plugins/medcli/medcli_creds.h
+++ b/src/libcharon/plugins/medcli/medcli_creds.h
diff --git a/src/charon/plugins/medcli/medcli_listener.c b/src/libcharon/plugins/medcli/medcli_listener.c
index 142f02e6c..142f02e6c 100644
--- a/src/charon/plugins/medcli/medcli_listener.c
+++ b/src/libcharon/plugins/medcli/medcli_listener.c
diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/libcharon/plugins/medcli/medcli_listener.h
index 4768beccd..4768beccd 100644
--- a/src/charon/plugins/medcli/medcli_listener.h
+++ b/src/libcharon/plugins/medcli/medcli_listener.h
diff --git a/src/charon/plugins/medcli/medcli_plugin.c b/src/libcharon/plugins/medcli/medcli_plugin.c
index 148eded61..397168d46 100644
--- a/src/charon/plugins/medcli/medcli_plugin.c
+++ b/src/libcharon/plugins/medcli/medcli_plugin.c
@@ -72,7 +72,7 @@ static void destroy(private_medcli_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *medcli_plugin_create()
 {
 	char *uri;
 	private_medcli_plugin_t *this = malloc_thing(private_medcli_plugin_t);
diff --git a/src/charon/plugins/medcli/medcli_plugin.h b/src/libcharon/plugins/medcli/medcli_plugin.h
index 06f674b37..44e7bb525 100644
--- a/src/charon/plugins/medcli/medcli_plugin.h
+++ b/src/libcharon/plugins/medcli/medcli_plugin.h
@@ -39,9 +39,4 @@ struct medcli_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a medcli_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** MEDCLI_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/medsrv/Makefile.am b/src/libcharon/plugins/medsrv/Makefile.am
new file mode 100644
index 000000000..7f5c8e2b3
--- /dev/null
+++ b/src/libcharon/plugins/medsrv/Makefile.am
@@ -0,0 +1,18 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-medsrv.la
+else
+plugin_LTLIBRARIES = libstrongswan-medsrv.la
+endif
+
+libstrongswan_medsrv_la_SOURCES = \
+	medsrv_plugin.h medsrv_plugin.c \
+	medsrv_creds.h medsrv_creds.c \
+	medsrv_config.h medsrv_config.c
+
+libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index c72887889..a103a1340 100644
--- a/src/charon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/medsrv
+subdir = src/libcharon/plugins/medsrv
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_medsrv_la_LIBADD =
 am_libstrongswan_medsrv_la_OBJECTS = medsrv_plugin.lo medsrv_creds.lo \
 	medsrv_config.lo
@@ -81,6 +81,9 @@ libstrongswan_medsrv_la_OBJECTS =  \
 libstrongswan_medsrv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_medsrv_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_medsrv_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_medsrv_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,12 +257,16 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-medsrv.la
-libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \
-			      medsrv_creds.h medsrv_creds.c \
-			      medsrv_config.h medsrv_config.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-medsrv.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-medsrv.la
+libstrongswan_medsrv_la_SOURCES = \
+	medsrv_plugin.h medsrv_plugin.c \
+	medsrv_creds.h medsrv_creds.c \
+	medsrv_config.h medsrv_config.c
 
 libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -274,9 +282,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -295,6 +303,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-medsrv.la: $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_DEPENDENCIES) 
-	$(libstrongswan_medsrv_la_LINK) -rpath $(plugindir) $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_LIBADD) $(LIBS)
+	$(libstrongswan_medsrv_la_LINK) $(am_libstrongswan_medsrv_la_rpath) $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -482,8 +499,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -554,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c
index 3df720967..c23955ad0 100644
--- a/src/charon/plugins/medsrv/medsrv_config.c
+++ b/src/libcharon/plugins/medsrv/medsrv_config.c
@@ -145,7 +145,8 @@ medsrv_config_t *medsrv_config_create(database_t *db)
 	this->db = db;
 	this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200);
 	this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300);
-	this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+	this->ike = ike_cfg_create(FALSE, FALSE,
+						"0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
 	this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
 
 	return &this->public;
diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/libcharon/plugins/medsrv/medsrv_config.h
index fc8b0e972..fc8b0e972 100644
--- a/src/charon/plugins/medsrv/medsrv_config.h
+++ b/src/libcharon/plugins/medsrv/medsrv_config.h
diff --git a/src/charon/plugins/medsrv/medsrv_creds.c b/src/libcharon/plugins/medsrv/medsrv_creds.c
index 8d1643908..8d1643908 100644
--- a/src/charon/plugins/medsrv/medsrv_creds.c
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.c
diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h
index d08adf3bf..d08adf3bf 100644
--- a/src/charon/plugins/medsrv/medsrv_creds.h
+++ b/src/libcharon/plugins/medsrv/medsrv_creds.h
diff --git a/src/charon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c
index 7c533f10e..262d26d6b 100644
--- a/src/charon/plugins/medsrv/medsrv_plugin.c
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c
@@ -64,7 +64,7 @@ static void destroy(private_medsrv_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *medsrv_plugin_create()
 {
 	char *uri;
 	private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t);
diff --git a/src/charon/plugins/medsrv/medsrv_plugin.h b/src/libcharon/plugins/medsrv/medsrv_plugin.h
index 4b183994f..8736822ee 100644
--- a/src/charon/plugins/medsrv/medsrv_plugin.h
+++ b/src/libcharon/plugins/medsrv/medsrv_plugin.h
@@ -39,9 +39,4 @@ struct medsrv_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a medsrv_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** MEDSRV_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/nm/Makefile.am b/src/libcharon/plugins/nm/Makefile.am
new file mode 100644
index 000000000..8e12a72be
--- /dev/null
+++ b/src/libcharon/plugins/nm/Makefile.am
@@ -0,0 +1,21 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon ${nm_CFLAGS}
+
+AM_CFLAGS = -rdynamic \
+  -DNM_CA_DIR=\"${nm_ca_dir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-nm.la
+else
+plugin_LTLIBRARIES = libstrongswan-nm.la
+endif
+
+libstrongswan_nm_la_SOURCES = \
+	nm_plugin.h nm_plugin.c \
+	nm_service.h nm_service.c \
+	nm_creds.h nm_creds.c \
+	nm_handler.h nm_handler.c
+
+libstrongswan_nm_la_LDFLAGS = -module -avoid-version
+libstrongswan_nm_la_LIBADD  = ${nm_LIBS}
diff --git a/src/charon/plugins/nm/Makefile.in b/src/libcharon/plugins/nm/Makefile.in
index 90a50cfae..c7f288f54 100644
--- a/src/charon/plugins/nm/Makefile.in
+++ b/src/libcharon/plugins/nm/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/nm
+subdir = src/libcharon/plugins/nm
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 am__DEPENDENCIES_1 =
 libstrongswan_nm_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
 am_libstrongswan_nm_la_OBJECTS = nm_plugin.lo nm_service.lo \
@@ -81,6 +81,8 @@ libstrongswan_nm_la_OBJECTS = $(am_libstrongswan_nm_la_OBJECTS)
 libstrongswan_nm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_nm_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_nm_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_nm_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,16 +256,19 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS}
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon ${nm_CFLAGS}
+
 AM_CFLAGS = -rdynamic \
   -DNM_CA_DIR=\"${nm_ca_dir}\"
 
-plugin_LTLIBRARIES = libstrongswan-nm.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-nm.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-nm.la
 libstrongswan_nm_la_SOURCES = \
-  nm_plugin.h nm_plugin.c \
-  nm_service.h nm_service.c \
-  nm_creds.h nm_creds.c \
-  nm_handler.h nm_handler.c
+	nm_plugin.h nm_plugin.c \
+	nm_service.h nm_service.c \
+	nm_creds.h nm_creds.c \
+	nm_handler.h nm_handler.c
 
 libstrongswan_nm_la_LDFLAGS = -module -avoid-version
 libstrongswan_nm_la_LIBADD = ${nm_LIBS}
@@ -279,9 +285,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/nm/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/nm/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -300,6 +306,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -332,7 +347,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-nm.la: $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_DEPENDENCIES) 
-	$(libstrongswan_nm_la_LINK) -rpath $(plugindir) $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_LIBADD) $(LIBS)
+	$(libstrongswan_nm_la_LINK) $(am_libstrongswan_nm_la_rpath) $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -488,8 +503,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -560,18 +575,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/nm/nm_creds.c b/src/libcharon/plugins/nm/nm_creds.c
index 193838e6b..193838e6b 100644
--- a/src/charon/plugins/nm/nm_creds.c
+++ b/src/libcharon/plugins/nm/nm_creds.c
diff --git a/src/charon/plugins/nm/nm_creds.h b/src/libcharon/plugins/nm/nm_creds.h
index b55cff31e..b55cff31e 100644
--- a/src/charon/plugins/nm/nm_creds.h
+++ b/src/libcharon/plugins/nm/nm_creds.h
diff --git a/src/charon/plugins/nm/nm_handler.c b/src/libcharon/plugins/nm/nm_handler.c
index eacb54dda..eacb54dda 100644
--- a/src/charon/plugins/nm/nm_handler.c
+++ b/src/libcharon/plugins/nm/nm_handler.c
diff --git a/src/charon/plugins/nm/nm_handler.h b/src/libcharon/plugins/nm/nm_handler.h
index bb35ce767..bb35ce767 100644
--- a/src/charon/plugins/nm/nm_handler.h
+++ b/src/libcharon/plugins/nm/nm_handler.h
diff --git a/src/charon/plugins/nm/nm_plugin.c b/src/libcharon/plugins/nm/nm_plugin.c
index daf2cc660..6087f6589 100644
--- a/src/charon/plugins/nm/nm_plugin.c
+++ b/src/libcharon/plugins/nm/nm_plugin.c
@@ -18,6 +18,7 @@
 #include "nm_creds.h"
 #include "nm_handler.h"
 
+#include <hydra.h>
 #include <daemon.h>
 #include <processing/jobs/callback_job.h>
 
@@ -84,7 +85,7 @@ static void destroy(private_nm_plugin_t *this)
 		g_object_unref(this->plugin);
 	}
 	charon->credentials->remove_set(charon->credentials, &this->creds->set);
-	lib->attributes->remove_handler(lib->attributes, &this->handler->handler);
+	hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
 	this->creds->destroy(this->creds);
 	this->handler->destroy(this->handler);
 	free(this);
@@ -93,7 +94,7 @@ static void destroy(private_nm_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *nm_plugin_create()
 {
 	private_nm_plugin_t *this = malloc_thing(private_nm_plugin_t);
 
@@ -108,7 +109,7 @@ plugin_t *plugin_create()
 
 	this->creds = nm_creds_create();
 	this->handler = nm_handler_create();
-	lib->attributes->add_handler(lib->attributes, &this->handler->handler);
+	hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
 	charon->credentials->add_set(charon->credentials, &this->creds->set);
 	this->plugin = nm_strongswan_plugin_new(this->creds, this->handler);
 	if (!this->plugin)
diff --git a/src/charon/plugins/nm/nm_plugin.h b/src/libcharon/plugins/nm/nm_plugin.h
index 18d053e11..b64b3edf6 100644
--- a/src/charon/plugins/nm/nm_plugin.h
+++ b/src/libcharon/plugins/nm/nm_plugin.h
@@ -39,9 +39,4 @@ struct nm_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a nm_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** NM_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c
index b05383c2b..cdf7dc962 100644
--- a/src/charon/plugins/nm/nm_service.c
+++ b/src/libcharon/plugins/nm/nm_service.c
@@ -423,7 +423,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 	/**
 	 * Set up configurations
 	 */
-	ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
+	ike_cfg = ike_cfg_create(TRUE, encap,
+					"0.0.0.0", IKEV2_UDP_PORT, (char*)address, IKEV2_UDP_PORT);
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 	peer_cfg = peer_cfg_create(priv->name, 2, ike_cfg,
 					CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
diff --git a/src/charon/plugins/nm/nm_service.h b/src/libcharon/plugins/nm/nm_service.h
index b00000b6f..b00000b6f 100644
--- a/src/charon/plugins/nm/nm_service.h
+++ b/src/libcharon/plugins/nm/nm_service.h
diff --git a/src/charon/plugins/resolve/Makefile.am b/src/libcharon/plugins/resolve/Makefile.am
index 9d18b00b4..f8830d42e 100644
--- a/src/charon/plugins/resolve/Makefile.am
+++ b/src/libcharon/plugins/resolve/Makefile.am
@@ -1,13 +1,18 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic \
-  -DRESOLV_CONF=\"${resolv_conf}\"
+	-DRESOLV_CONF=\"${resolv_conf}\"
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-resolve.la
+else
 plugin_LTLIBRARIES = libstrongswan-resolve.la
-libstrongswan_resolve_la_SOURCES = \
-  resolve_plugin.h resolve_plugin.c \
-  resolve_handler.h resolve_handler.c
-libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
+endif
 
+libstrongswan_resolve_la_SOURCES = \
+	resolve_plugin.h resolve_plugin.c \
+	resolve_handler.h resolve_handler.c
 
+libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 478935752..92ee85539 100644
--- a/src/charon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/resolve
+subdir = src/libcharon/plugins/resolve
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_resolve_la_LIBADD =
 am_libstrongswan_resolve_la_OBJECTS = resolve_plugin.lo \
 	resolve_handler.lo
@@ -81,6 +81,9 @@ libstrongswan_resolve_la_OBJECTS =  \
 libstrongswan_resolve_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_resolve_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_resolve_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_resolve_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,14 +257,17 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic \
-  -DRESOLV_CONF=\"${resolv_conf}\"
+	-DRESOLV_CONF=\"${resolv_conf}\"
 
-plugin_LTLIBRARIES = libstrongswan-resolve.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-resolve.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-resolve.la
 libstrongswan_resolve_la_SOURCES = \
-  resolve_plugin.h resolve_plugin.c \
-  resolve_handler.h resolve_handler.c
+	resolve_plugin.h resolve_plugin.c \
+	resolve_handler.h resolve_handler.c
 
 libstrongswan_resolve_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -276,9 +283,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -297,6 +304,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -329,7 +345,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-resolve.la: $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_DEPENDENCIES) 
-	$(libstrongswan_resolve_la_LINK) -rpath $(plugindir) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
+	$(libstrongswan_resolve_la_LINK) $(am_libstrongswan_resolve_la_rpath) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -483,8 +499,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -555,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c
index 714c751a6..714c751a6 100644
--- a/src/charon/plugins/resolve/resolve_handler.c
+++ b/src/libcharon/plugins/resolve/resolve_handler.c
diff --git a/src/charon/plugins/resolve/resolve_handler.h b/src/libcharon/plugins/resolve/resolve_handler.h
index 77bf9781c..77bf9781c 100644
--- a/src/charon/plugins/resolve/resolve_handler.h
+++ b/src/libcharon/plugins/resolve/resolve_handler.h
diff --git a/src/charon/plugins/resolve/resolve_plugin.c b/src/libcharon/plugins/resolve/resolve_plugin.c
index c564981ef..502129593 100644
--- a/src/charon/plugins/resolve/resolve_plugin.c
+++ b/src/libcharon/plugins/resolve/resolve_plugin.c
@@ -16,7 +16,7 @@
 #include "resolve_plugin.h"
 #include "resolve_handler.h"
 
-#include <daemon.h>
+#include <hydra.h>
 
 typedef struct private_resolve_plugin_t private_resolve_plugin_t;
 
@@ -41,7 +41,7 @@ struct private_resolve_plugin_t {
  */
 static void destroy(private_resolve_plugin_t *this)
 {
-	lib->attributes->remove_handler(lib->attributes, &this->handler->handler);
+	hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler);
 	this->handler->destroy(this->handler);
 	free(this);
 }
@@ -49,13 +49,13 @@ static void destroy(private_resolve_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *resolve_plugin_create()
 {
 	private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t);
 
 	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
 	this->handler = resolve_handler_create();
-	lib->attributes->add_handler(lib->attributes, &this->handler->handler);
+	hydra->attributes->add_handler(hydra->attributes, &this->handler->handler);
 
 	return &this->public.plugin;
 }
diff --git a/src/charon/plugins/resolve/resolve_plugin.h b/src/libcharon/plugins/resolve/resolve_plugin.h
index d7e09f284..0148b10d7 100644
--- a/src/charon/plugins/resolve/resolve_plugin.h
+++ b/src/libcharon/plugins/resolve/resolve_plugin.h
@@ -39,9 +39,4 @@ struct resolve_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a resolve_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** RESOLVE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/smp/Makefile.am b/src/libcharon/plugins/smp/Makefile.am
index a434b388b..f17235835 100644
--- a/src/charon/plugins/smp/Makefile.am
+++ b/src/libcharon/plugins/smp/Makefile.am
@@ -1,10 +1,17 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon ${xml_CFLAGS}
 
 AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-smp.la
+else
 plugin_LTLIBRARIES = libstrongswan-smp.la
-libstrongswan_smp_la_SOURCES = smp.h smp.c
-libstrongswan_smp_la_LDFLAGS = -module -avoid-version
-libstrongswan_smp_la_LIBADD = ${xml_LIBS}
+endif
+
+libstrongswan_smp_la_SOURCES = \
+	smp.h smp.c
 
+libstrongswan_smp_la_LDFLAGS = -module -avoid-version
+libstrongswan_smp_la_LIBADD  = ${xml_LIBS}
diff --git a/src/charon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 7512cd2f7..b88283f38 100644
--- a/src/charon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/smp
+subdir = src/libcharon/plugins/smp
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 am__DEPENDENCIES_1 =
 libstrongswan_smp_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
 am_libstrongswan_smp_la_OBJECTS = smp.lo
@@ -80,6 +80,8 @@ libstrongswan_smp_la_OBJECTS = $(am_libstrongswan_smp_la_OBJECTS)
 libstrongswan_smp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_smp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_smp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_smp_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -252,10 +255,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS}
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon ${xml_CFLAGS}
+
 AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\"
-plugin_LTLIBRARIES = libstrongswan-smp.la
-libstrongswan_smp_la_SOURCES = smp.h smp.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-smp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-smp.la
+libstrongswan_smp_la_SOURCES = \
+	smp.h smp.c
+
 libstrongswan_smp_la_LDFLAGS = -module -avoid-version
 libstrongswan_smp_la_LIBADD = ${xml_LIBS}
 all: all-am
@@ -271,9 +279,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -292,6 +300,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +341,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-smp.la: $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_DEPENDENCIES) 
-	$(libstrongswan_smp_la_LINK) -rpath $(plugindir) $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_LIBADD) $(LIBS)
+	$(libstrongswan_smp_la_LINK) $(am_libstrongswan_smp_la_rpath) $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -477,8 +494,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -549,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index 21e682a0a..64820eb45 100644
--- a/src/charon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -720,7 +720,7 @@ static void destroy(private_smp_t *this)
 /*
  * Described in header file
  */
-plugin_t *plugin_create()
+plugin_t *smp_plugin_create()
 {
 	struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"};
 	private_smp_t *this = malloc_thing(private_smp_t);
diff --git a/src/charon/plugins/smp/smp.h b/src/libcharon/plugins/smp/smp.h
index 5ec9f3bf8..74c85fb5f 100644
--- a/src/charon/plugins/smp/smp.h
+++ b/src/libcharon/plugins/smp/smp.h
@@ -42,9 +42,4 @@ struct smp_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a smp plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** XML_H_ @}*/
diff --git a/src/libcharon/plugins/socket_default/Makefile.am b/src/libcharon/plugins/socket_default/Makefile.am
new file mode 100644
index 000000000..635a1c548
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-socket-default.la
+else
+plugin_LTLIBRARIES = libstrongswan-socket-default.la
+endif
+
+libstrongswan_socket_default_la_SOURCES = \
+	socket_default_socket.h socket_default_socket.c \
+	socket_default_plugin.h socket_default_plugin.c
+
+libstrongswan_socket_default_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
new file mode 100644
index 000000000..03c438acd
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/socket_default
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_socket_default_la_LIBADD =
+am_libstrongswan_socket_default_la_OBJECTS = socket_default_socket.lo \
+	socket_default_plugin.lo
+libstrongswan_socket_default_la_OBJECTS =  \
+	$(am_libstrongswan_socket_default_la_OBJECTS)
+libstrongswan_socket_default_la_LINK = $(LIBTOOL) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(AM_CFLAGS) $(CFLAGS) \
+	$(libstrongswan_socket_default_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_socket_default_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_socket_default_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_socket_default_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_socket_default_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-default.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-default.la
+libstrongswan_socket_default_la_SOURCES = \
+	socket_default_socket.h socket_default_socket.c \
+	socket_default_plugin.h socket_default_plugin.c
+
+libstrongswan_socket_default_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+	}
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libstrongswan-socket-default.la: $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_DEPENDENCIES) 
+	$(libstrongswan_socket_default_la_LINK) $(am_libstrongswan_socket_default_la_rpath) $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_default_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_default_socket.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.c b/src/libcharon/plugins/socket_default/socket_default_plugin.c
new file mode 100644
index 000000000..45390ddae
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/socket_default_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_default_plugin.h"
+
+#include "socket_default_socket.h"
+
+#include <daemon.h>
+
+typedef struct private_socket_default_plugin_t private_socket_default_plugin_t;
+
+/**
+ * Private data of socket plugin
+ */
+struct private_socket_default_plugin_t {
+
+	/**
+	 * Implements plugin interface
+	 */
+	socket_default_plugin_t public;
+
+	/**
+	 * Socket instance.
+	 */
+	socket_default_socket_t *socket;
+};
+
+METHOD(plugin_t, destroy, void,
+	private_socket_default_plugin_t *this)
+{
+	charon->socket->remove_socket(charon->socket, &this->socket->socket);
+	this->socket->destroy(this->socket);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *socket_default_plugin_create()
+{
+	private_socket_default_plugin_t *this;
+
+	INIT(this,
+		.public.plugin.destroy = _destroy,
+		.socket = socket_default_socket_create(),
+	);
+
+	if (!this->socket)
+	{
+		free(this);
+		return NULL;
+	}
+	charon->socket->add_socket(charon->socket, &this->socket->socket);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.h b/src/libcharon/plugins/socket_default/socket_default_plugin.h
new file mode 100644
index 000000000..6270d93ad
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/socket_default_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_default socket_default
+ * @ingroup cplugins
+ *
+ * @defgroup socket_default_plugin socket_default_plugin
+ * @{ @ingroup socket_default
+ */
+
+#ifndef SOCKET_DEFAULT_PLUGIN_H_
+#define SOCKET_DEFAULT_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct socket_default_plugin_t socket_default_plugin_t;
+
+/**
+ * Default socket implementation plugin.
+ */
+struct socket_default_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** SOCKET_DEFAULT_PLUGIN_H_ @}*/
diff --git a/src/charon/network/socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 81f860b15..bc998182e 100644
--- a/src/charon/network/socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (C) 2006-2009 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
- * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -23,6 +23,8 @@
 #define __EXTENSIONS__
 #endif
 
+#include "socket_default_socket.h"
+
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <string.h>
@@ -40,11 +42,12 @@
 #include <sys/sysctl.h>
 #endif
 
-#include "socket.h"
-
 #include <daemon.h>
 #include <threading/thread.h>
 
+/* Maximum size of a packet */
+#define MAX_PACKET 5000
+
 /* length of non-esp marker */
 #define MARKER_LEN sizeof(u_int32_t)
 
@@ -82,16 +85,17 @@
 static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
 #endif
 
-typedef struct private_socket_t private_socket_t;
+typedef struct private_socket_default_socket_t private_socket_default_socket_t;
 
 /**
  * Private data of an socket_t object
  */
-struct private_socket_t {
+struct private_socket_default_socket_t {
+
 	/**
 	 * public functions
 	 */
-	socket_t public;
+	socket_default_socket_t public;
 
 	/**
 	 * IPv4 socket (500)
@@ -114,10 +118,8 @@ struct private_socket_t {
 	int ipv6_natt;
 };
 
-/**
- * implementation of socket_t.receive
- */
-static status_t receiver(private_socket_t *this, packet_t **packet)
+METHOD(socket_t, receiver, status_t,
+	private_socket_default_socket_t *this, packet_t **packet)
 {
 	char buffer[MAX_PACKET];
 	chunk_t data;
@@ -304,10 +306,8 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
 	return SUCCESS;
 }
 
-/**
- * implementation of socket_t.send
- */
-status_t sender(private_socket_t *this, packet_t *packet)
+METHOD(socket_t, sender, status_t,
+	private_socket_default_socket_t *this, packet_t *packet)
 {
 	int sport, skt, family;
 	ssize_t bytes_sent;
@@ -446,7 +446,8 @@ status_t sender(private_socket_t *this, packet_t *packet)
 /**
  * open a socket to send and receive packets
  */
-static int open_socket(private_socket_t *this, int family, u_int16_t port)
+static int open_socket(private_socket_default_socket_t *this,
+					   int family, u_int16_t port)
 {
 	int on = TRUE;
 	struct sockaddr_storage addr;
@@ -520,6 +521,12 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port)
 		}
 	}
 
+	if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+												 skt, family))
+	{
+		DBG1(DBG_NET, "installing IKE bypass policy failed");
+	}
+
 #ifndef __APPLE__
 	{
 		/* enable UDP decapsulation globally, only for one socket needed */
@@ -534,68 +541,8 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port)
 	return skt;
 }
 
-/**
- * enumerator for underlying sockets
- */
-typedef struct {
-	/** implements enumerator_t */
-	enumerator_t public;
-	/** sockets we enumerate */
-	private_socket_t *socket;
-	/** counter */
-	int index;
-} socket_enumerator_t;
-
-/**
- * enumerate function for socket_enumerator_t
- */
-static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
-{
-	static const struct {
-		int fd_offset;
-		int family;
-		int port;
-	} sockets[] = {
-		{ offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT },
-		{ offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT },
-		{ offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT },
-		{ offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT }
-	};
-
-	while(++this->index < countof(sockets))
-	{
-		int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
-		if (!sock)
-		{
-			continue;
-		}
-		*fd = sock;
-		*family = sockets[this->index].family;
-		*port = sockets[this->index].port;
-		return TRUE;
-	}
-	return FALSE;
-}
-
-/**
- * implementation of socket_t.create_enumerator
- */
-static enumerator_t *create_enumerator(private_socket_t *this)
-{
-	socket_enumerator_t *enumerator;
-
-	enumerator = malloc_thing(socket_enumerator_t);
-	enumerator->index = -1;
-	enumerator->socket = this;
-	enumerator->public.enumerate = (void*)enumerate;
-	enumerator->public.destroy = (void*)free;
-	return &enumerator->public;
-}
-
-/**
- * implementation of socket_t.destroy
- */
-static void destroy(private_socket_t *this)
+METHOD(socket_default_socket_t, destroy, void,
+	private_socket_default_socket_t *this)
 {
 	if (this->ipv4)
 	{
@@ -619,20 +566,19 @@ static void destroy(private_socket_t *this)
 /*
  * See header for description
  */
-socket_t *socket_create()
+socket_default_socket_t *socket_default_socket_create()
 {
-	private_socket_t *this = malloc_thing(private_socket_t);
-
-	/* public functions */
-	this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
-	this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
-	this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
-	this->public.destroy = (void(*)(socket_t*)) destroy;
-
-	this->ipv4 = 0;
-	this->ipv6 = 0;
-	this->ipv4_natt = 0;
-	this->ipv6_natt = 0;
+	private_socket_default_socket_t *this;
+
+	INIT(this,
+		.public = {
+			.socket = {
+				.send = _sender,
+				.receive = _receiver,
+			},
+			.destroy = _destroy,
+		},
+	);
 
 #ifdef __APPLE__
 	{
@@ -678,8 +624,8 @@ socket_t *socket_create()
 	{
 		DBG1(DBG_NET, "could not create any sockets");
 		destroy(this);
-		charon->kill(charon, "socket initialization failed");
+		return NULL;
 	}
-	return (socket_t*)this;
+	return &this->public;
 }
 
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.h b/src/libcharon/plugins/socket_default/socket_default_socket.h
new file mode 100644
index 000000000..755016662
--- /dev/null
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_default_socket socket_default_socket
+ * @{ @ingroup socket_default
+ */
+
+#ifndef SOCKET_DEFAULT_SOCKET_H_
+#define SOCKET_DEFAULT_SOCKET_H_
+
+typedef struct socket_default_socket_t socket_default_socket_t;
+
+#include <network/socket.h>
+
+/**
+ * Default socket, binds to port 500/4500 using any IPv4/IPv6 address.
+ */
+struct socket_default_socket_t {
+
+	/**
+	 * Implements the socket_t interface.
+	 */
+	socket_t socket;
+
+	/**
+	 * Destroy a socket_default_socket_t.
+	 */
+	void (*destroy)(socket_default_socket_t *this);
+};
+
+/**
+ * Create a socket_default_socket instance.
+ */
+socket_default_socket_t *socket_default_socket_create();
+
+#endif /** SOCKET_DEFAULT_SOCKET_H_ @}*/
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.am b/src/libcharon/plugins/socket_dynamic/Makefile.am
new file mode 100644
index 000000000..914945535
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la
+else
+plugin_LTLIBRARIES = libstrongswan-socket-dynamic.la
+endif
+
+libstrongswan_socket_dynamic_la_SOURCES = \
+	socket_dynamic_plugin.h socket_dynamic_plugin.c \
+	socket_dynamic_socket.h socket_dynamic_socket.c
+
+libstrongswan_socket_dynamic_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
new file mode 100644
index 000000000..3a5fb3778
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/socket_dynamic
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_socket_dynamic_la_LIBADD =
+am_libstrongswan_socket_dynamic_la_OBJECTS = socket_dynamic_plugin.lo \
+	socket_dynamic_socket.lo
+libstrongswan_socket_dynamic_la_OBJECTS =  \
+	$(am_libstrongswan_socket_dynamic_la_OBJECTS)
+libstrongswan_socket_dynamic_la_LINK = $(LIBTOOL) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(AM_CFLAGS) $(CFLAGS) \
+	$(libstrongswan_socket_dynamic_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_socket_dynamic_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_socket_dynamic_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-dynamic.la
+libstrongswan_socket_dynamic_la_SOURCES = \
+	socket_dynamic_plugin.h socket_dynamic_plugin.c \
+	socket_dynamic_socket.h socket_dynamic_socket.c
+
+libstrongswan_socket_dynamic_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+	}
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libstrongswan-socket-dynamic.la: $(libstrongswan_socket_dynamic_la_OBJECTS) $(libstrongswan_socket_dynamic_la_DEPENDENCIES) 
+	$(libstrongswan_socket_dynamic_la_LINK) $(am_libstrongswan_socket_dynamic_la_rpath) $(libstrongswan_socket_dynamic_la_OBJECTS) $(libstrongswan_socket_dynamic_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_dynamic_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_dynamic_socket.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c
new file mode 100644
index 000000000..3410fc7a4
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_dynamic_plugin.h"
+
+#include "socket_dynamic_socket.h"
+
+#include <daemon.h>
+
+typedef struct private_socket_dynamic_plugin_t private_socket_dynamic_plugin_t;
+
+/**
+ * Private data of socket plugin
+ */
+struct private_socket_dynamic_plugin_t {
+
+	/**
+	 * Implements plugin interface
+	 */
+	socket_dynamic_plugin_t public;
+
+	/**
+	 * Socket instance.
+	 */
+	socket_dynamic_socket_t *socket;
+};
+
+METHOD(plugin_t, destroy, void,
+	private_socket_dynamic_plugin_t *this)
+{
+	charon->socket->remove_socket(charon->socket, &this->socket->socket);
+	this->socket->destroy(this->socket);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *socket_dynamic_plugin_create()
+{
+	private_socket_dynamic_plugin_t *this;
+
+	INIT(this,
+		.public.plugin.destroy = _destroy,
+		.socket = socket_dynamic_socket_create(),
+	);
+
+	if (!this->socket)
+	{
+		free(this);
+		return NULL;
+	}
+	charon->socket->add_socket(charon->socket, &this->socket->socket);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h
new file mode 100644
index 000000000..8d870795f
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_dynamic socket_dynamic
+ * @ingroup cplugins
+ *
+ * @defgroup socket_dynamic_plugin socket_dynamic_plugin
+ * @{ @ingroup socket_dynamic
+ */
+
+#ifndef SOCKET_DYNAMIC_PLUGIN_H_
+#define SOCKET_DYNAMIC_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct socket_dynamic_plugin_t socket_dynamic_plugin_t;
+
+/**
+ * Plugin providing a socket that binds ports dynamically.
+ */
+struct socket_dynamic_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** SOCKET_DYNAMIC_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
new file mode 100644
index 000000000..a7db59ce5
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c
@@ -0,0 +1,620 @@
+/*
+ * Copyright (C) 2006-2009 Tobias Brunner
+ * Copyright (C) 2006 Daniel Roethlisberger
+ * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/* for struct in6_pktinfo */
+#define _GNU_SOURCE
+
+#include "socket_dynamic_socket.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <netinet/in_systm.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
+#include <netinet/udp.h>
+#include <net/if.h>
+
+#include <daemon.h>
+#include <threading/thread.h>
+#include <threading/rwlock.h>
+#include <utils/hashtable.h>
+
+/* Maximum size of a packet */
+#define MAX_PACKET 5000
+
+/* length of non-esp marker */
+#define MARKER_LEN sizeof(u_int32_t)
+
+/* from linux/udp.h */
+#ifndef UDP_ENCAP
+#define UDP_ENCAP 100
+#endif /*UDP_ENCAP*/
+
+#ifndef UDP_ENCAP_ESPINUDP
+#define UDP_ENCAP_ESPINUDP 2
+#endif /*UDP_ENCAP_ESPINUDP*/
+
+/* these are not defined on some platforms */
+#ifndef SOL_IP
+#define SOL_IP IPPROTO_IP
+#endif
+#ifndef SOL_IPV6
+#define SOL_IPV6 IPPROTO_IPV6
+#endif
+#ifndef SOL_UDP
+#define SOL_UDP IPPROTO_UDP
+#endif
+
+/* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
+ * previously defined IPV6_PKTINFO */
+#ifndef IPV6_RECVPKTINFO
+#define IPV6_RECVPKTINFO IPV6_PKTINFO
+#endif
+
+typedef struct private_socket_dynamic_socket_t private_socket_dynamic_socket_t;
+typedef struct dynsock_t dynsock_t;
+
+/**
+ * Private data of an socket_t object
+ */
+struct private_socket_dynamic_socket_t {
+
+	/**
+	 * public functions
+	 */
+	socket_dynamic_socket_t public;
+
+	/**
+	 * Hashtable of bound sockets
+	 */
+	hashtable_t *sockets;
+
+	/**
+	 * Lock for sockets hashtable
+	 */
+	rwlock_t *lock;
+
+	/**
+	 * Notification pipe to signal receiver
+	 */
+	int notify[2];
+};
+
+/**
+ * Struct for a dynamically allocated socket
+ */
+struct dynsock_t {
+
+	/**
+	 * File descriptor of socket
+	 */
+	int fd;
+
+	/**
+	 * Address family
+	 */
+	int family;
+
+	/**
+	 * Bound source port
+	 */
+	u_int16_t port;
+};
+
+/**
+ * Hash function for hashtable
+ */
+static u_int hash(dynsock_t *key)
+{
+	return (key->family << 16) | key->port;
+}
+
+/**
+ * Equals function for hashtable
+ */
+static bool equals(dynsock_t *a, dynsock_t *b)
+{
+	return a->family == b->family && a->port == b->port;
+}
+
+/**
+ * Create a fd_set from all bound sockets
+ */
+static int build_fds(private_socket_dynamic_socket_t *this, fd_set *fds)
+{
+	enumerator_t *enumerator;
+	dynsock_t *key, *value;
+	int maxfd;
+
+	FD_ZERO(fds);
+	FD_SET(this->notify[0], fds);
+	maxfd = this->notify[0];
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->sockets->create_enumerator(this->sockets);
+	while (enumerator->enumerate(enumerator, &key, &value))
+	{
+		FD_SET(value->fd, fds);
+		maxfd = max(maxfd, value->fd);
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+
+	return maxfd + 1;
+}
+
+/**
+ * Find the socket select()ed
+ */
+static dynsock_t* scan_fds(private_socket_dynamic_socket_t *this, fd_set *fds)
+{
+	enumerator_t *enumerator;
+	dynsock_t *key, *value, *selected = NULL;
+
+	this->lock->read_lock(this->lock);
+	enumerator = this->sockets->create_enumerator(this->sockets);
+	while (enumerator->enumerate(enumerator, &key, &value))
+	{
+		if (FD_ISSET(value->fd, fds))
+		{
+			selected = value;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+
+	return selected;
+}
+
+/**
+ * Receive a packet from a given socket fd
+ */
+static packet_t *receive_packet(private_socket_dynamic_socket_t *this,
+								dynsock_t *skt)
+{
+	host_t *source = NULL, *dest = NULL;
+	ssize_t len;
+	char buffer[MAX_PACKET];
+	chunk_t data;
+	packet_t *packet;
+	struct msghdr msg;
+	struct cmsghdr *cmsgptr;
+	struct iovec iov;
+	char ancillary[64];
+	union {
+		struct sockaddr_in in4;
+		struct sockaddr_in6 in6;
+	} src;
+
+	msg.msg_name = &src;
+	msg.msg_namelen = sizeof(src);
+	iov.iov_base = buffer;
+	iov.iov_len = sizeof(buffer);
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_control = ancillary;
+	msg.msg_controllen = sizeof(ancillary);
+	msg.msg_flags = 0;
+	len = recvmsg(skt->fd, &msg, 0);
+	if (len < 0)
+	{
+		DBG1(DBG_NET, "error reading socket: %s", strerror(errno));
+		return NULL;
+	}
+	DBG3(DBG_NET, "received packet %b", buffer, len);
+
+	if (len < MARKER_LEN)
+	{
+		DBG3(DBG_NET, "received packet too short (%d bytes)", len);
+		return NULL;
+	}
+
+	/* read ancillary data to get destination address */
+	for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL;
+		 cmsgptr = CMSG_NXTHDR(&msg, cmsgptr))
+	{
+		if (cmsgptr->cmsg_len == 0)
+		{
+			DBG1(DBG_NET, "error reading ancillary data");
+			return NULL;
+		}
+
+		if (cmsgptr->cmsg_level == SOL_IPV6 &&
+			cmsgptr->cmsg_type == IPV6_PKTINFO)
+		{
+			struct in6_pktinfo *pktinfo;
+			struct sockaddr_in6 dst;
+
+			pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr);
+			memset(&dst, 0, sizeof(dst));
+			memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr));
+			dst.sin6_family = AF_INET6;
+			dst.sin6_port = htons(skt->port);
+			dest = host_create_from_sockaddr((sockaddr_t*)&dst);
+		}
+		if (cmsgptr->cmsg_level == SOL_IP &&
+			cmsgptr->cmsg_type == IP_PKTINFO)
+		{
+			struct in_pktinfo *pktinfo;
+			struct sockaddr_in dst;
+
+			pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr);
+			memset(&dst, 0, sizeof(dst));
+			memcpy(&dst.sin_addr, &pktinfo->ipi_addr, sizeof(dst.sin_addr));
+
+			dst.sin_family = AF_INET;
+			dst.sin_port = htons(skt->port);
+			dest = host_create_from_sockaddr((sockaddr_t*)&dst);
+		}
+		if (dest)
+		{
+			break;
+		}
+	}
+	if (dest == NULL)
+	{
+		DBG1(DBG_NET, "error reading IP header");
+		return NULL;
+	}
+	source = host_create_from_sockaddr((sockaddr_t*)&src);
+	DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest);
+	data = chunk_create(buffer, len);
+
+	packet = packet_create();
+	packet->set_source(packet, source);
+	packet->set_destination(packet, dest);
+	/* we assume a non-ESP marker if none of the ports is on 500 */
+	if (dest->get_port(dest) != IKEV2_UDP_PORT &&
+		source->get_port(source) != IKEV2_UDP_PORT)
+	{
+		data = chunk_skip(data, MARKER_LEN);
+	}
+	packet->set_data(packet, chunk_clone(data));
+	return packet;
+}
+
+METHOD(socket_t, receiver, status_t,
+	private_socket_dynamic_socket_t *this, packet_t **packet)
+{
+	dynsock_t *selected;
+	packet_t *pkt;
+	bool oldstate;
+	fd_set fds;
+	int maxfd;
+
+	while (TRUE)
+	{
+		maxfd = build_fds(this, &fds);
+
+		DBG2(DBG_NET, "waiting for data on sockets");
+		oldstate = thread_cancelability(TRUE);
+		if (select(maxfd, &fds, NULL, NULL, NULL) <= 0)
+		{
+			thread_cancelability(oldstate);
+			return FAILED;
+		}
+		thread_cancelability(oldstate);
+
+		if (FD_ISSET(this->notify[0], &fds))
+		{	/* got notified, read garbage, rebuild fdset */
+			char buf[1];
+
+			ignore_result(read(this->notify[0], buf, sizeof(buf)));
+			DBG2(DBG_NET, "rebuilding fdset due to newly bound ports");
+			continue;
+		}
+		selected = scan_fds(this, &fds);
+		if (selected)
+		{
+			break;
+		}
+	}
+	pkt = receive_packet(this, selected);
+	if (pkt)
+	{
+		*packet = pkt;
+		return SUCCESS;
+	}
+	return FAILED;
+}
+
+/**
+ * open a socket to send and receive packets
+ */
+static int open_socket(private_socket_dynamic_socket_t *this,
+					   int family, u_int16_t port)
+{
+	int on = TRUE, type = UDP_ENCAP_ESPINUDP;
+	struct sockaddr_storage addr;
+	socklen_t addrlen;
+	u_int sol, pktinfo = 0;
+	int fd;
+
+	memset(&addr, 0, sizeof(addr));
+	/* precalculate constants depending on address family */
+	switch (family)
+	{
+		case AF_INET:
+		{
+			struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
+			sin->sin_family = AF_INET;
+			sin->sin_addr.s_addr = INADDR_ANY;
+			sin->sin_port = htons(port);
+			addrlen = sizeof(struct sockaddr_in);
+			sol = SOL_IP;
+			pktinfo = IP_PKTINFO;
+			break;
+		}
+		case AF_INET6:
+		{
+			struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
+			sin6->sin6_family = AF_INET6;
+			memset(&sin6->sin6_addr, 0, sizeof(sin6->sin6_addr));
+			sin6->sin6_port = htons(port);
+			addrlen = sizeof(struct sockaddr_in6);
+			sol = SOL_IPV6;
+			pktinfo = IPV6_RECVPKTINFO;
+			break;
+		}
+		default:
+			return 0;
+	}
+
+	fd = socket(family, SOCK_DGRAM, IPPROTO_UDP);
+	if (fd < 0)
+	{
+		DBG1(DBG_NET, "could not open socket: %s", strerror(errno));
+		return 0;
+	}
+	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0)
+	{
+		DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno));
+		close(fd);
+		return 0;
+	}
+
+	/* bind the socket */
+	if (bind(fd, (struct sockaddr *)&addr, addrlen) < 0)
+	{
+		DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
+		close(fd);
+		return 0;
+	}
+
+	/* get additional packet info on receive */
+	if (setsockopt(fd, sol, pktinfo, &on, sizeof(on)) < 0)
+	{
+		DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno));
+		close(fd);
+		return 0;
+	}
+
+	if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+												 fd, family))
+	{
+		DBG1(DBG_NET, "installing IKE bypass policy failed");
+	}
+
+	/* enable UDP decapsulation on each socket */
+	if (setsockopt(fd, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0)
+	{
+		DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno));
+	}
+	return fd;
+}
+
+/**
+ * Find/Create a socket to send from host
+ */
+static dynsock_t *find_socket(private_socket_dynamic_socket_t *this,
+							  int family, u_int16_t port)
+{
+	dynsock_t *skt, lookup = {
+		.family = family,
+		.port = port,
+	};
+	char buf[] = {0x01};
+	int fd;
+
+	this->lock->read_lock(this->lock);
+	skt = this->sockets->get(this->sockets, &lookup);
+	this->lock->unlock(this->lock);
+	if (skt)
+	{
+		return skt;
+	}
+	fd = open_socket(this, family, port);
+	if (!fd)
+	{
+		return NULL;
+	}
+	INIT(skt,
+		.family = family,
+		.port = port,
+		.fd = fd,
+	);
+	this->lock->write_lock(this->lock);
+	this->sockets->put(this->sockets, skt, skt);
+	this->lock->unlock(this->lock);
+	/* notify receiver thread to reread socket list */
+	ignore_result(write(this->notify[1], buf, sizeof(buf)));
+
+	return skt;
+}
+
+METHOD(socket_t, sender, status_t,
+	private_socket_dynamic_socket_t *this, packet_t *packet)
+{
+	dynsock_t *skt;
+	host_t *src, *dst;
+	int port, family;
+	ssize_t len;
+	chunk_t data, marked;
+	struct msghdr msg;
+	struct cmsghdr *cmsg;
+	struct iovec iov;
+
+	src = packet->get_source(packet);
+	dst = packet->get_destination(packet);
+	family = src->get_family(src);
+	port = src->get_port(src);
+	skt = find_socket(this, family, port);
+	if (!skt)
+	{
+		return FAILED;
+	}
+
+	data = packet->get_data(packet);
+	DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst);
+
+	/* use non-ESP marker if none of the ports is 500, not for keep alives */
+	if (port != IKEV2_UDP_PORT && dst->get_port(dst) != IKEV2_UDP_PORT &&
+		!(data.len == 1 && data.ptr[0] == 0xFF))
+	{
+		/* add non esp marker to packet */
+		if (data.len > MAX_PACKET - MARKER_LEN)
+		{
+			DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)",
+				 data.len);
+			return FAILED;
+		}
+		marked = chunk_alloc(data.len + MARKER_LEN);
+		memset(marked.ptr, 0, MARKER_LEN);
+		memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len);
+		/* let the packet do the clean up for us */
+		packet->set_data(packet, marked);
+		data = marked;
+	}
+
+	memset(&msg, 0, sizeof(struct msghdr));
+	msg.msg_name = dst->get_sockaddr(dst);;
+	msg.msg_namelen = *dst->get_sockaddr_len(dst);
+	iov.iov_base = data.ptr;
+	iov.iov_len = data.len;
+	msg.msg_iov = &iov;
+	msg.msg_iovlen = 1;
+	msg.msg_flags = 0;
+
+	if (!src->is_anyaddr(src))
+	{
+		if (family == AF_INET)
+		{
+			struct in_addr *addr;
+			struct sockaddr_in *sin;
+			char buf[CMSG_SPACE(sizeof(struct in_pktinfo))];
+			struct in_pktinfo *pktinfo;
+
+			msg.msg_control = buf;
+			msg.msg_controllen = sizeof(buf);
+			cmsg = CMSG_FIRSTHDR(&msg);
+			cmsg->cmsg_level = SOL_IP;
+			cmsg->cmsg_type = IP_PKTINFO;
+			cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+			pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg);
+			memset(pktinfo, 0, sizeof(struct in_pktinfo));
+			addr = &pktinfo->ipi_spec_dst;
+			sin = (struct sockaddr_in*)src->get_sockaddr(src);
+			memcpy(addr, &sin->sin_addr, sizeof(struct in_addr));
+		}
+		else
+		{
+			char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+			struct in6_pktinfo *pktinfo;
+			struct sockaddr_in6 *sin;
+
+			msg.msg_control = buf;
+			msg.msg_controllen = sizeof(buf);
+			cmsg = CMSG_FIRSTHDR(&msg);
+			cmsg->cmsg_level = SOL_IPV6;
+			cmsg->cmsg_type = IPV6_PKTINFO;
+			cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+			pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg);
+			memset(pktinfo, 0, sizeof(struct in6_pktinfo));
+			sin = (struct sockaddr_in6*)src->get_sockaddr(src);
+			memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr));
+		}
+	}
+
+	len = sendmsg(skt->fd, &msg, 0);
+	if (len != data.len)
+	{
+		DBG1(DBG_NET, "error writing to socket: %s", strerror(errno));
+		return FAILED;
+	}
+	return SUCCESS;
+}
+
+METHOD(socket_dynamic_socket_t, destroy, void,
+	private_socket_dynamic_socket_t *this)
+{
+	enumerator_t *enumerator;
+	dynsock_t *key, *value;
+
+	enumerator = this->sockets->create_enumerator(this->sockets);
+	while (enumerator->enumerate(enumerator, &key, &value))
+	{
+		close(value->fd);
+		free(value);
+	}
+	enumerator->destroy(enumerator);
+	this->sockets->destroy(this->sockets);
+	this->lock->destroy(this->lock);
+
+	close(this->notify[0]);
+	close(this->notify[1]);
+	free(this);
+}
+
+/*
+ * See header for description
+ */
+socket_dynamic_socket_t *socket_dynamic_socket_create()
+{
+	private_socket_dynamic_socket_t *this;
+
+	INIT(this,
+		.public = {
+			.socket = {
+				.send = _sender,
+				.receive = _receiver,
+			},
+			.destroy = _destroy,
+		},
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	if (pipe(this->notify) != 0)
+	{
+		DBG1(DBG_NET, "creating notify pipe for dynamic socket failed");
+		free(this);
+		return NULL;
+	}
+
+	this->sockets = hashtable_create((void*)hash, (void*)equals, 8);
+
+	return &this->public;
+}
+
diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h
new file mode 100644
index 000000000..72551e545
--- /dev/null
+++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_dynamic_socket socket_dynamic_socket
+ * @{ @ingroup socket_dynamic
+ */
+
+#ifndef SOCKET_DYNAMIC_SOCKET_H_
+#define SOCKET_DYNAMIC_SOCKET_H_
+
+typedef struct socket_dynamic_socket_t socket_dynamic_socket_t;
+
+#include <network/socket.h>
+
+/**
+ * A socket implementation binding to ports on demand as required.
+ */
+struct socket_dynamic_socket_t {
+
+	/**
+	 * Implements the socket_t interface.
+	 */
+	socket_t socket;
+
+	/**
+	 * Destroy a socket_dynamic_socket_t.
+	 */
+	void (*destroy)(socket_dynamic_socket_t *this);
+};
+
+/**
+ * Create a socket_dynamic_socket instance.
+ */
+socket_dynamic_socket_t *socket_dynamic_socket_create();
+
+#endif /** SOCKET_DYNAMIC_SOCKET_H_ @}*/
diff --git a/src/libcharon/plugins/socket_raw/Makefile.am b/src/libcharon/plugins/socket_raw/Makefile.am
new file mode 100644
index 000000000..2109ae5f3
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-socket-raw.la
+else
+plugin_LTLIBRARIES = libstrongswan-socket-raw.la
+endif
+
+libstrongswan_socket_raw_la_SOURCES = \
+	socket_raw_plugin.h socket_raw_plugin.c \
+	socket_raw_socket.h socket_raw_socket.c
+
+libstrongswan_socket_raw_la_LDFLAGS = -module -avoid-version
diff --git a/src/libcharon/plugins/socket_raw/Makefile.in b/src/libcharon/plugins/socket_raw/Makefile.in
new file mode 100644
index 000000000..65ad6a7a9
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/Makefile.in
@@ -0,0 +1,590 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libcharon/plugins/socket_raw
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_socket_raw_la_LIBADD =
+am_libstrongswan_socket_raw_la_OBJECTS = socket_raw_plugin.lo \
+	socket_raw_socket.lo
+libstrongswan_socket_raw_la_OBJECTS =  \
+	$(am_libstrongswan_socket_raw_la_OBJECTS)
+libstrongswan_socket_raw_la_LINK = $(LIBTOOL) --tag=CC \
+	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_socket_raw_la_LDFLAGS) \
+	$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_socket_raw_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_socket_raw_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_socket_raw_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_socket_raw_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \
+	-I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-raw.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-raw.la
+libstrongswan_socket_raw_la_SOURCES = \
+	socket_raw_plugin.h socket_raw_plugin.c \
+	socket_raw_socket.h socket_raw_socket.c
+
+libstrongswan_socket_raw_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_raw/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/socket_raw/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+	}
+
+uninstall-pluginLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+	done
+
+clean-pluginLTLIBRARIES:
+	-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+	@list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libstrongswan-socket-raw.la: $(libstrongswan_socket_raw_la_OBJECTS) $(libstrongswan_socket_raw_la_DEPENDENCIES) 
+	$(libstrongswan_socket_raw_la_LINK) $(am_libstrongswan_socket_raw_la_rpath) $(libstrongswan_socket_raw_la_OBJECTS) $(libstrongswan_socket_raw_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_raw_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_raw_socket.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+	for dir in "$(DESTDIR)$(plugindir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_plugin.c b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c
new file mode 100644
index 000000000..5b011abcf
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "socket_raw_plugin.h"
+
+#include "socket_raw_socket.h"
+
+#include <daemon.h>
+
+typedef struct private_socket_raw_plugin_t private_socket_raw_plugin_t;
+
+/**
+ * Private data of socket plugin
+ */
+struct private_socket_raw_plugin_t {
+
+	/**
+	 * Implements plugin interface
+	 */
+	socket_raw_plugin_t public;
+
+	/**
+	 * Raw socket instance.
+	 */
+	socket_raw_socket_t *socket;
+};
+
+METHOD(plugin_t, destroy, void,
+	private_socket_raw_plugin_t *this)
+{
+	charon->socket->remove_socket(charon->socket, &this->socket->socket);
+	this->socket->destroy(this->socket);
+	free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *socket_raw_plugin_create()
+{
+	private_socket_raw_plugin_t *this;
+
+	INIT(this,
+		.public.plugin.destroy = _destroy,
+		.socket = socket_raw_socket_create(),
+	);
+
+	if (!this->socket)
+	{
+		free(this);
+		return NULL;
+	}
+	charon->socket->add_socket(charon->socket, &this->socket->socket);
+
+	return &this->public.plugin;
+}
+
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_plugin.h b/src/libcharon/plugins/socket_raw/socket_raw_plugin.h
new file mode 100644
index 000000000..a692b7594
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/socket_raw_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_raw socket_raw
+ * @ingroup cplugins
+ *
+ * @defgroup socket_raw_plugin socket_raw_plugin
+ * @{ @ingroup socket_raw
+ */
+
+#ifndef SOCKET_RAW_PLUGIN_H_
+#define SOCKET_RAW_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct socket_raw_plugin_t socket_raw_plugin_t;
+
+/**
+ * RAW socket implementation plugin.
+ */
+struct socket_raw_plugin_t {
+
+	/**
+	 * implements plugin interface
+	 */
+	plugin_t plugin;
+};
+
+#endif /** SOCKET_RAW_PLUGIN_H_ @}*/
diff --git a/src/charon/network/socket-raw.c b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
index 6cc0463b2..e0155fa87 100644
--- a/src/charon/network/socket-raw.c
+++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -18,6 +18,8 @@
 /* for struct in6_pktinfo */
 #define _GNU_SOURCE
 
+#include "socket_raw_socket.h"
+
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <string.h>
@@ -34,11 +36,12 @@
 #include <linux/filter.h>
 #include <net/if.h>
 
-#include "socket.h"
-
 #include <daemon.h>
 #include <threading/thread.h>
 
+/* Maximum size of a packet */
+#define MAX_PACKET 5000
+
 /* constants for packet handling */
 #define IP_LEN sizeof(struct iphdr)
 #define IP6_LEN sizeof(struct ip6_hdr)
@@ -65,62 +68,61 @@
 #define IPV6_2292PKTINFO 2
 #endif /*IPV6_2292PKTINFO*/
 
-typedef struct private_socket_t private_socket_t;
+typedef struct private_socket_raw_socket_t private_socket_raw_socket_t;
 
 /**
  * Private data of an socket_t object
  */
-struct private_socket_t{
+struct private_socket_raw_socket_t {
+
 	/**
 	 * public functions
 	 */
-	 socket_t public;
-
-	 /**
-	  * regular port
-	  */
-	 int port;
-
-	 /**
-	  * port used for nat-t
-	  */
-	 int natt_port;
-
-	 /**
-	  * raw receiver socket for IPv4
-	  */
-	 int recv4;
-
-	 /**
-	  * raw receiver socket for IPv6
-	  */
-	 int recv6;
-
-	 /**
-	  * send socket on regular port for IPv4
-	  */
-	 int send4;
-
-	 /**
-	  * send socket on regular port for IPv6
-	  */
-	 int send6;
-
-	 /**
-	  * send socket on nat-t port for IPv4
-	  */
-	 int send4_natt;
-
-	 /**
-	  * send socket on nat-t port for IPv6
-	  */
-	 int send6_natt;
+	 socket_raw_socket_t public;
+
+	/**
+	 * regular port
+	 */
+	int port;
+
+	/**
+	 * port used for nat-t
+	 */
+	int natt_port;
+
+	/**
+	 * raw receiver socket for IPv4
+	 */
+	int recv4;
+
+	/**
+	 * raw receiver socket for IPv6
+	 */
+	int recv6;
+
+	/**
+	 * send socket on regular port for IPv4
+	 */
+	int send4;
+
+	/**
+	 * send socket on regular port for IPv6
+	 */
+	int send6;
+
+	/**
+	 * send socket on nat-t port for IPv4
+	 */
+	int send4_natt;
+
+	/**
+	 * send socket on nat-t port for IPv6
+	 */
+	int send6_natt;
 };
 
-/**
- * implementation of socket_t.receive
- */
-static status_t receiver(private_socket_t *this, packet_t **packet)
+METHOD(socket_t, receiver, status_t,
+	private_socket_raw_socket_t *this, packet_t **packet)
 {
 	char buffer[MAX_PACKET];
 	chunk_t data;
@@ -296,10 +298,8 @@ static status_t receiver(private_socket_t *this, packet_t **packet)
 	return SUCCESS;
 }
 
-/**
- * implementation of socket_t.send
- */
-status_t sender(private_socket_t *this, packet_t *packet)
+METHOD(socket_t, sender, status_t,
+	private_socket_raw_socket_t *this, packet_t *packet)
 {
 	int sport, skt, family;
 	ssize_t bytes_sent;
@@ -423,7 +423,8 @@ status_t sender(private_socket_t *this, packet_t *packet)
 /**
  * open a socket to send packets
  */
-static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
+static int open_send_socket(private_socket_raw_socket_t *this,
+							int family, u_int16_t port)
 {
 	int on = TRUE;
 	int type = UDP_ENCAP_ESPINUDP;
@@ -491,13 +492,19 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port)
 		}
 	}
 
+	if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+												 skt, family))
+	{
+		DBG1(DBG_NET, "installing bypass policy on send socket failed");
+	}
+
 	return skt;
 }
 
 /**
  * open a socket to receive packets
  */
-static int open_recv_socket(private_socket_t *this, int family)
+static int open_recv_socket(private_socket_raw_socket_t *this, int family)
 {
 	int skt;
 	int on = TRUE;
@@ -589,73 +596,17 @@ static int open_recv_socket(private_socket_t *this, int family)
 		return 0;
 	}
 
-	return skt;
-}
-
-/**
- * enumerator for underlying sockets
- */
-typedef struct {
-	/** implements enumerator_t */
-	enumerator_t public;
-	/** sockets we enumerate */
-	private_socket_t *socket;
-	/** counter */
-	int index;
-} socket_enumerator_t;
-
-/**
- * enumerate function for socket_enumerator_t
- */
-static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port)
-{
-	static const struct {
-		int fd_offset;
-		int family;
-		int port;
-	} sockets[] = {
-		{ offsetof(private_socket_t, recv4), AF_INET, IKEV2_UDP_PORT },
-		{ offsetof(private_socket_t, recv6), AF_INET6, IKEV2_UDP_PORT },
-		{ offsetof(private_socket_t, send4), AF_INET, IKEV2_UDP_PORT },
-		{ offsetof(private_socket_t, send6), AF_INET6, IKEV2_UDP_PORT },
-		{ offsetof(private_socket_t, send4_natt), AF_INET, IKEV2_NATT_PORT },
-		{ offsetof(private_socket_t, send6_natt), AF_INET6, IKEV2_NATT_PORT }
-	};
-
-	while(++this->index < countof(sockets))
+	if (!charon->kernel_interface->bypass_socket(charon->kernel_interface,
+												 skt, family))
 	{
-		int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset);
-		if (!sock)
-		{
-			continue;
-		}
-		*fd = sock;
-		*family = sockets[this->index].family;
-		*port = sockets[this->index].port;
-		return TRUE;
+		DBG1(DBG_NET, "installing bypass policy on receive socket failed");
 	}
-	return FALSE;
-}
 
-/**
- * implementation of socket_t.create_enumerator
- */
-static enumerator_t *create_enumerator(private_socket_t *this)
-{
-	socket_enumerator_t *enumerator;
-
-	enumerator = malloc_thing(socket_enumerator_t);
-	enumerator->index = -1;
-	enumerator->socket = this;
-	enumerator->public.enumerate = (void*)enumerate;
-	enumerator->public.destroy = (void*)free;
-	return &enumerator->public;
+	return skt;
 }
 
-/**
- * implementation of socket_t.destroy
- */
-static void destroy(private_socket_t *this)
+METHOD(socket_raw_socket_t, destroy, void,
+	private_socket_raw_socket_t *this)
 {
 	if (this->recv4)
 	{
@@ -687,22 +638,19 @@ static void destroy(private_socket_t *this)
 /*
  * See header for description
  */
-socket_t *socket_create()
+socket_raw_socket_t *socket_raw_socket_create()
 {
-	private_socket_t *this = malloc_thing(private_socket_t);
-
-	/* public functions */
-	this->public.send = (status_t(*)(socket_t*, packet_t*))sender;
-	this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver;
-	this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator;
-	this->public.destroy = (void(*)(socket_t*)) destroy;
-
-	this->recv4 = 0;
-	this->recv6 = 0;
-	this->send4 = 0;
-	this->send6 = 0;
-	this->send4_natt = 0;
-	this->send6_natt = 0;
+	private_socket_raw_socket_t *this;
+
+	INIT(this,
+		.public = {
+			.socket = {
+				.send = _sender,
+				.receive = _receiver,
+			},
+			.destroy = _destroy,
+		},
+	);
 
 	this->recv4 = open_recv_socket(this, AF_INET);
 	if (this->recv4 == 0)
@@ -754,8 +702,8 @@ socket_t *socket_create()
 	{
 		DBG1(DBG_NET, "could not create any sockets");
 		destroy(this);
-		charon->kill(charon, "socket initialization failed");
+		return NULL;
 	}
 
-	return (socket_t*)this;
+	return &this->public;
 }
diff --git a/src/libcharon/plugins/socket_raw/socket_raw_socket.h b/src/libcharon/plugins/socket_raw/socket_raw_socket.h
new file mode 100644
index 000000000..94cf666e8
--- /dev/null
+++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup socket_raw_socket socket_raw_socket
+ * @{ @ingroup socket_raw
+ */
+
+#ifndef SOCKET_RAW_SOCKET_H_
+#define SOCKET_RAW_SOCKET_H_
+
+typedef struct socket_raw_socket_t socket_raw_socket_t;
+
+#include <network/socket.h>
+
+/**
+ * Raw socket, binds to port 500/4500 using any IPv4/IPv6 address.
+ *
+ * This imeplementation uses raw sockets to allow binding of other daemons
+ * (pluto) to UDP/500/4500. An installed "Linux socket filter" filters out
+ * all non-IKEv2 traffic and handles just IKEv2 messages. An other daemon
+ * must handle all traffic separately, e.g. ignore IKEv2 traffic, since charon
+ * handles that.
+ */
+struct socket_raw_socket_t {
+
+	/**
+	 * Implements the socket_t interface.
+	 */
+	socket_t socket;
+
+	/**
+	 * Destroy a socket_raw_socket_t.
+	 */
+	void (*destroy)(socket_raw_socket_t *this);
+};
+
+/**
+ * Create a socket_raw_socket instance.
+ */
+socket_raw_socket_t *socket_raw_socket_create();
+
+#endif /** SOCKET_RAW_SOCKET_H_ @}*/
diff --git a/src/charon/plugins/sql/Makefile.am b/src/libcharon/plugins/sql/Makefile.am
index 60135bf08..68b7e8cb2 100644
--- a/src/charon/plugins/sql/Makefile.am
+++ b/src/libcharon/plugins/sql/Makefile.am
@@ -1,12 +1,18 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic \
   -DPLUGINS=\""${libstrongswan_plugins}\""
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sql.la
+else
 plugin_LTLIBRARIES = libstrongswan-sql.la
+endif
+
 libstrongswan_sql_la_SOURCES = \
-  sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
-  sql_cred.h sql_cred.c sql_logger.h sql_logger.c
-libstrongswan_sql_la_LDFLAGS = -module -avoid-version
+	sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
+	sql_cred.h sql_cred.c sql_logger.h sql_logger.c
 
+libstrongswan_sql_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index ef9c33a1c..5803dc898 100644
--- a/src/charon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/sql
+subdir = src/libcharon/plugins/sql
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_sql_la_LIBADD =
 am_libstrongswan_sql_la_OBJECTS = sql_plugin.lo sql_config.lo \
 	sql_cred.lo sql_logger.lo
@@ -80,6 +80,8 @@ libstrongswan_sql_la_OBJECTS = $(am_libstrongswan_sql_la_OBJECTS)
 libstrongswan_sql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_sql_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sql_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sql_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -252,14 +255,17 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic \
   -DPLUGINS=\""${libstrongswan_plugins}\""
 
-plugin_LTLIBRARIES = libstrongswan-sql.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sql.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sql.la
 libstrongswan_sql_la_SOURCES = \
-  sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
-  sql_cred.h sql_cred.c sql_logger.h sql_logger.c
+	sql_plugin.h sql_plugin.c sql_config.h sql_config.c \
+	sql_cred.h sql_cred.c sql_logger.h sql_logger.c
 
 libstrongswan_sql_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -275,9 +281,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -296,6 +302,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-sql.la: $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_DEPENDENCIES) 
-	$(libstrongswan_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS)
+	$(libstrongswan_sql_la_LINK) $(am_libstrongswan_sql_la_rpath) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -484,8 +499,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -556,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c
index afee0896c..23366898a 100644
--- a/src/charon/plugins/sql/sql_config.c
+++ b/src/libcharon/plugins/sql/sql_config.c
@@ -182,7 +182,8 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
 	{
 		ike_cfg_t *ike_cfg;
 
-		ike_cfg = ike_cfg_create(certreq, force_encap, local, remote);
+		ike_cfg = ike_cfg_create(certreq, force_encap,
+								 local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT);
 		/* TODO: read proposal from db */
 		ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 		return ike_cfg;
diff --git a/src/charon/plugins/sql/sql_config.h b/src/libcharon/plugins/sql/sql_config.h
index 700d00a97..700d00a97 100644
--- a/src/charon/plugins/sql/sql_config.h
+++ b/src/libcharon/plugins/sql/sql_config.h
diff --git a/src/charon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c
index 12f4ab045..12f4ab045 100644
--- a/src/charon/plugins/sql/sql_cred.c
+++ b/src/libcharon/plugins/sql/sql_cred.c
diff --git a/src/charon/plugins/sql/sql_cred.h b/src/libcharon/plugins/sql/sql_cred.h
index 7f387398e..7f387398e 100644
--- a/src/charon/plugins/sql/sql_cred.h
+++ b/src/libcharon/plugins/sql/sql_cred.h
diff --git a/src/charon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c
index d350c4c3d..d350c4c3d 100644
--- a/src/charon/plugins/sql/sql_logger.c
+++ b/src/libcharon/plugins/sql/sql_logger.c
diff --git a/src/charon/plugins/sql/sql_logger.h b/src/libcharon/plugins/sql/sql_logger.h
index a933705da..a933705da 100644
--- a/src/charon/plugins/sql/sql_logger.h
+++ b/src/libcharon/plugins/sql/sql_logger.h
diff --git a/src/charon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c
index e2e410a8a..e2d2d63b3 100644
--- a/src/charon/plugins/sql/sql_plugin.c
+++ b/src/libcharon/plugins/sql/sql_plugin.c
@@ -71,7 +71,7 @@ static void destroy(private_sql_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *sql_plugin_create()
 {
 	char *uri;
 	private_sql_plugin_t *this;
diff --git a/src/charon/plugins/sql/sql_plugin.h b/src/libcharon/plugins/sql/sql_plugin.h
index 8de04a891..c6f9ba905 100644
--- a/src/charon/plugins/sql/sql_plugin.h
+++ b/src/libcharon/plugins/sql/sql_plugin.h
@@ -39,9 +39,4 @@ struct sql_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a sql_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** SQL_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am
new file mode 100644
index 000000000..40888a40b
--- /dev/null
+++ b/src/libcharon/plugins/stroke/Makefile.am
@@ -0,0 +1,27 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/stroke
+
+AM_CFLAGS = \
+-rdynamic \
+-DIPSEC_CONFDIR=\"${sysconfdir}\" \
+-DIPSEC_PIDDIR=\"${piddir}\"
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-stroke.la
+else
+plugin_LTLIBRARIES = libstrongswan-stroke.la
+endif
+
+libstrongswan_stroke_la_SOURCES = \
+	stroke_plugin.h stroke_plugin.c \
+	stroke_socket.h stroke_socket.c \
+	stroke_config.h stroke_config.c \
+	stroke_control.h stroke_control.c \
+	stroke_cred.h stroke_cred.c \
+	stroke_ca.h stroke_ca.c \
+	stroke_attribute.h stroke_attribute.c \
+	stroke_list.h stroke_list.c \
+	stroke_shared_key.h stroke_shared_key.c
+
+libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 6e6b3b813..8815ba741 100644
--- a/src/charon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/stroke
+subdir = src/libcharon/plugins/stroke
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_stroke_la_LIBADD =
 am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \
 	stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \
@@ -82,6 +82,9 @@ libstrongswan_stroke_la_OBJECTS =  \
 libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_stroke_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_stroke_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_stroke_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,22 +258,26 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/stroke
+
 AM_CFLAGS = \
 -rdynamic \
 -DIPSEC_CONFDIR=\"${sysconfdir}\" \
 -DIPSEC_PIDDIR=\"${piddir}\"
 
-plugin_LTLIBRARIES = libstrongswan-stroke.la
-libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \
-  stroke_socket.h stroke_socket.c \
-  stroke_config.h stroke_config.c \
-  stroke_control.h stroke_control.c \
-  stroke_cred.h stroke_cred.c \
-  stroke_ca.h stroke_ca.c \
-  stroke_attribute.h stroke_attribute.c \
-  stroke_list.h stroke_list.c \
-  stroke_shared_key.h stroke_shared_key.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-stroke.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-stroke.la
+libstrongswan_stroke_la_SOURCES = \
+	stroke_plugin.h stroke_plugin.c \
+	stroke_socket.h stroke_socket.c \
+	stroke_config.h stroke_config.c \
+	stroke_control.h stroke_control.c \
+	stroke_cred.h stroke_cred.c \
+	stroke_ca.h stroke_ca.c \
+	stroke_attribute.h stroke_attribute.c \
+	stroke_list.h stroke_list.c \
+	stroke_shared_key.h stroke_shared_key.c
 
 libstrongswan_stroke_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -285,9 +293,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -306,6 +314,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -338,7 +355,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-stroke.la: $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_DEPENDENCIES) 
-	$(libstrongswan_stroke_la_LINK) -rpath $(plugindir) $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_LIBADD) $(LIBS)
+	$(libstrongswan_stroke_la_LINK) $(am_libstrongswan_stroke_la_rpath) $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -499,8 +516,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -571,18 +588,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libcharon/plugins/stroke/stroke_attribute.c b/src/libcharon/plugins/stroke/stroke_attribute.c
new file mode 100644
index 000000000..1e4615e12
--- /dev/null
+++ b/src/libcharon/plugins/stroke/stroke_attribute.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "stroke_attribute.h"
+
+#include <daemon.h>
+#include <attributes/mem_pool.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_stroke_attribute_t private_stroke_attribute_t;
+
+/**
+ * private data of stroke_attribute
+ */
+struct private_stroke_attribute_t {
+
+	/**
+	 * public functions
+	 */
+	stroke_attribute_t public;
+
+	/**
+	 * list of pools, contains mem_pool_t
+	 */
+	linked_list_t *pools;
+
+	/**
+	 * rwlock to lock access to pools
+	 */
+	rwlock_t *lock;
+};
+
+/**
+ * find a pool by name
+ */
+static mem_pool_t *find_pool(private_stroke_attribute_t *this, char *name)
+{
+	enumerator_t *enumerator;
+	mem_pool_t *current, *found = NULL;
+
+	enumerator = this->pools->create_enumerator(this->pools);
+	while (enumerator->enumerate(enumerator, &current))
+	{
+		if (streq(name, current->get_name(current)))
+		{
+			found = current;
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	return found;
+}
+
+METHOD(attribute_provider_t, acquire_address, host_t*,
+	   private_stroke_attribute_t *this, char *name, identification_t *id,
+	   host_t *requested)
+{
+	mem_pool_t *pool;
+	host_t *addr = NULL;
+	this->lock->read_lock(this->lock);
+	pool = find_pool(this, name);
+	if (pool)
+	{
+		addr = pool->acquire_address(pool, id, requested);
+	}
+	this->lock->unlock(this->lock);
+	return addr;
+}
+
+METHOD(attribute_provider_t, release_address, bool,
+	   private_stroke_attribute_t *this, char *name, host_t *address,
+	   identification_t *id)
+{
+	mem_pool_t *pool;
+	bool found = FALSE;
+	this->lock->read_lock(this->lock);
+	pool = find_pool(this, name);
+	if (pool)
+	{
+		found = pool->release_address(pool, address, id);
+	}
+	this->lock->unlock(this->lock);
+	return found;
+}
+
+METHOD(stroke_attribute_t, add_pool, void,
+	   private_stroke_attribute_t *this, stroke_msg_t *msg)
+{
+	if (msg->add_conn.other.sourceip_mask)
+	{
+		mem_pool_t *pool;
+		host_t *base = NULL;
+		u_int32_t bits = 0;
+
+		/* if %config, add an empty pool, otherwise */
+		if (msg->add_conn.other.sourceip)
+		{
+			DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d",
+				 msg->add_conn.name, msg->add_conn.other.sourceip,
+				 msg->add_conn.other.sourceip_mask);
+			base = host_create_from_string(msg->add_conn.other.sourceip, 0);
+			if (!base)
+			{
+				DBG1(DBG_CFG, "virtual IP address invalid, discarded");
+				return;
+			}
+			bits = msg->add_conn.other.sourceip_mask;
+		}
+		pool = mem_pool_create(msg->add_conn.name, base, bits);
+		DESTROY_IF(base);
+
+		this->lock->write_lock(this->lock);
+		this->pools->insert_last(this->pools, pool);
+		this->lock->unlock(this->lock);
+	}
+}
+
+METHOD(stroke_attribute_t, del_pool, void,
+	   private_stroke_attribute_t *this, stroke_msg_t *msg)
+{
+	enumerator_t *enumerator;
+	mem_pool_t *pool;
+
+	this->lock->write_lock(this->lock);
+	enumerator = this->pools->create_enumerator(this->pools);
+	while (enumerator->enumerate(enumerator, &pool))
+	{
+		if (streq(msg->del_conn.name, pool->get_name(pool)))
+		{
+			this->pools->remove_at(this->pools, enumerator);
+			pool->destroy(pool);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+}
+
+/**
+ * Pool enumerator filter function, converts pool_t to name, size, ...
+ */
+static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name,
+						void *d1, u_int *size, void *d2, u_int *online,
+						void *d3, u_int *offline)
+{
+	mem_pool_t *pool = *poolp;
+	*name = pool->get_name(pool);
+	*size = pool->get_size(pool);
+	*online = pool->get_online(pool);
+	*offline = pool->get_offline(pool);
+	return TRUE;
+}
+
+METHOD(stroke_attribute_t, create_pool_enumerator, enumerator_t*,
+	   private_stroke_attribute_t *this)
+{
+	this->lock->read_lock(this->lock);
+	return enumerator_create_filter(this->pools->create_enumerator(this->pools),
+									(void*)pool_filter,
+									this->lock, (void*)this->lock->unlock);
+}
+
+METHOD(stroke_attribute_t, create_lease_enumerator, enumerator_t*,
+	   private_stroke_attribute_t *this, char *name)
+{
+	mem_pool_t *pool;
+	this->lock->read_lock(this->lock);
+	pool = find_pool(this, name);
+	if (!pool)
+	{
+		this->lock->unlock(this->lock);
+		return NULL;
+	}
+	return enumerator_create_cleaner(pool->create_lease_enumerator(pool),
+									 (void*)this->lock->unlock, this->lock);
+}
+
+METHOD(stroke_attribute_t, destroy, void,
+	   private_stroke_attribute_t *this)
+{
+	this->lock->destroy(this->lock);
+	this->pools->destroy_offset(this->pools, offsetof(mem_pool_t, destroy));
+	free(this);
+}
+
+/*
+ * see header file
+ */
+stroke_attribute_t *stroke_attribute_create()
+{
+	private_stroke_attribute_t *this;
+
+	INIT(this,
+		.public = {
+			.provider = {
+				.acquire_address = _acquire_address,
+				.release_address = _release_address,
+				.create_attribute_enumerator = enumerator_create_empty,
+			},
+			.add_pool = _add_pool,
+			.del_pool = _del_pool,
+			.create_pool_enumerator = _create_pool_enumerator,
+			.create_lease_enumerator = _create_lease_enumerator,
+			.destroy = _destroy,
+		},
+		.pools = linked_list_create(),
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	return &this->public;
+}
+
diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/libcharon/plugins/stroke/stroke_attribute.h
index cf6c950a6..249a9899b 100644
--- a/src/charon/plugins/stroke/stroke_attribute.h
+++ b/src/libcharon/plugins/stroke/stroke_attribute.h
@@ -37,15 +37,14 @@ struct stroke_attribute_t {
 	attribute_provider_t provider;
 
 	/**
-	 * Add a virtual IP address.
+	 * Add a virtual IP address pool.
 	 *
 	 * @param msg		stroke message
-	 * @param end		end of stroke message that contains virtual IP.
 	 */
 	void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg);
 
 	/**
-	 * Remove a virtual IP address.
+	 * Remove a virtual IP address pool.
 	 *
 	 * @param msg		stroke message
 	 */
@@ -68,10 +67,11 @@ struct stroke_attribute_t {
 	 * identification_t *id, host_t *address, bool online
 	 *
 	 * @param pool		name of the pool to enumerate
-	 * @return 			enumerator, NULL if pool not found
+	 * @return			enumerator, NULL if pool not found
 	 */
 	enumerator_t* (*create_lease_enumerator)(stroke_attribute_t *this,
 											 char *pool);
+
 	/**
 	 * Destroy a stroke_attribute instance.
 	 */
diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c
index 49146f18b..49146f18b 100644
--- a/src/charon/plugins/stroke/stroke_ca.c
+++ b/src/libcharon/plugins/stroke/stroke_ca.c
diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/libcharon/plugins/stroke/stroke_ca.h
index 21af912ea..21af912ea 100644
--- a/src/charon/plugins/stroke/stroke_ca.h
+++ b/src/libcharon/plugins/stroke/stroke_ca.h
diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
index 0752f3c93..bbc1e7a31 100644
--- a/src/charon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@@ -232,9 +232,9 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
 		}
 	}
 	ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
-							 msg->add_conn.force_encap,
-							 msg->add_conn.me.address,
-							 msg->add_conn.other.address);
+					msg->add_conn.force_encap,
+					msg->add_conn.me.address, msg->add_conn.me.ikeport,
+					msg->add_conn.other.address, msg->add_conn.other.ikeport);
 	add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
 	return ike_cfg;
 }
@@ -697,7 +697,7 @@ static void add_ts(private_stroke_config_t *this,
 
 		if (!end->subnets)
 		{
-			net = host_create_from_string(end->address, IKEV2_UDP_PORT);
+			net = host_create_from_string(end->address, 0);
 			if (net)
 			{
 				ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
@@ -726,7 +726,7 @@ static void add_ts(private_stroke_config_t *this,
 					intbits = atoi(bits + 1);
 				}
 
-				net = host_create_from_string(start, IKEV2_UDP_PORT);
+				net = host_create_from_string(start, 0);
 				if (net)
 				{
 					ts = traffic_selector_create_from_subnet(net, intbits,
diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/libcharon/plugins/stroke/stroke_config.h
index 05e4665ca..05e4665ca 100644
--- a/src/charon/plugins/stroke/stroke_config.h
+++ b/src/libcharon/plugins/stroke/stroke_config.h
diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index a03aef697..a03aef697 100644
--- a/src/charon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h
index 9b49bdc31..9b49bdc31 100644
--- a/src/charon/plugins/stroke/stroke_control.h
+++ b/src/libcharon/plugins/stroke/stroke_control.h
diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index bc0b2f6fc..e0a5210a9 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -993,6 +993,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level,
 		}
 		else if ((match("PSK", &token) && (type = SHARED_IKE)) ||
 				 (match("EAP", &token) && (type = SHARED_EAP)) ||
+				 (match("NTLM", &token) && (type = SHARED_NT_HASH)) ||
 				 (match("XAUTH", &token) && (type = SHARED_EAP)))
 		{
 			stroke_shared_key_t *shared_key;
diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/libcharon/plugins/stroke/stroke_cred.h
index ccee7d87c..ccee7d87c 100644
--- a/src/charon/plugins/stroke/stroke_cred.h
+++ b/src/libcharon/plugins/stroke/stroke_cred.h
diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index c2a98da33..c2a98da33 100644
--- a/src/charon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/libcharon/plugins/stroke/stroke_list.h
index b5bedc6c2..b5bedc6c2 100644
--- a/src/charon/plugins/stroke/stroke_list.h
+++ b/src/libcharon/plugins/stroke/stroke_list.h
diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 61ae10953..4361e5050 100644
--- a/src/charon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -48,7 +48,7 @@ static void destroy(private_stroke_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *stroke_plugin_create()
 {
 	private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t);
 
diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/libcharon/plugins/stroke/stroke_plugin.h
index 3a1e81df6..464979910 100644
--- a/src/charon/plugins/stroke/stroke_plugin.h
+++ b/src/libcharon/plugins/stroke/stroke_plugin.h
@@ -42,9 +42,4 @@ struct stroke_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Instanciate stroke plugin.
- */
-plugin_t *plugin_create();
-
 #endif /** STROKE_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/libcharon/plugins/stroke/stroke_shared_key.c
index 4f716e83a..4f716e83a 100644
--- a/src/charon/plugins/stroke/stroke_shared_key.c
+++ b/src/libcharon/plugins/stroke/stroke_shared_key.c
diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/libcharon/plugins/stroke/stroke_shared_key.h
index 05ad55083..05ad55083 100644
--- a/src/charon/plugins/stroke/stroke_shared_key.h
+++ b/src/libcharon/plugins/stroke/stroke_shared_key.h
diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index 820e097f1..56c18da38 100644
--- a/src/charon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -25,6 +25,7 @@
 #include <errno.h>
 
 #include <processing/jobs/callback_job.h>
+#include <hydra.h>
 #include <daemon.h>
 #include <threading/thread.h>
 
@@ -624,7 +625,7 @@ static void destroy(private_stroke_socket_t *this)
 	charon->credentials->remove_set(charon->credentials, &this->ca->set);
 	charon->credentials->remove_set(charon->credentials, &this->cred->set);
 	charon->backends->remove_backend(charon->backends, &this->config->backend);
-	lib->attributes->remove_provider(lib->attributes, &this->attribute->provider);
+	hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider);
 	this->cred->destroy(this->cred);
 	this->ca->destroy(this->ca);
 	this->config->destroy(this->config);
@@ -659,7 +660,7 @@ stroke_socket_t *stroke_socket_create()
 	charon->credentials->add_set(charon->credentials, &this->ca->set);
 	charon->credentials->add_set(charon->credentials, &this->cred->set);
 	charon->backends->add_backend(charon->backends, &this->config->backend);
-	lib->attributes->add_provider(lib->attributes, &this->attribute->provider);
+	hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider);
 
 	this->job = callback_job_create((callback_job_cb_t)receive,
 									this, NULL, NULL);
diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/libcharon/plugins/stroke/stroke_socket.h
index 2aac8be9b..2aac8be9b 100644
--- a/src/charon/plugins/stroke/stroke_socket.h
+++ b/src/libcharon/plugins/stroke/stroke_socket.h
diff --git a/src/libcharon/plugins/uci/Makefile.am b/src/libcharon/plugins/uci/Makefile.am
new file mode 100644
index 000000000..6decdb9da
--- /dev/null
+++ b/src/libcharon/plugins/uci/Makefile.am
@@ -0,0 +1,19 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-uci.la
+else
+plugin_LTLIBRARIES = libstrongswan-uci.la
+endif
+
+libstrongswan_uci_la_SOURCES = \
+	uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
+	uci_config.h uci_config.c uci_creds.h uci_creds.c \
+	uci_control.h uci_control.c
+
+libstrongswan_uci_la_LDFLAGS = -module -avoid-version
+libstrongswan_uci_la_LIBADD  = -luci
diff --git a/src/charon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index 00436f509..c10829bb3 100644
--- a/src/charon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/uci
+subdir = src/libcharon/plugins/uci
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_uci_la_DEPENDENCIES =
 am_libstrongswan_uci_la_OBJECTS = uci_plugin.lo uci_parser.lo \
 	uci_config.lo uci_creds.lo uci_control.lo
@@ -80,6 +80,8 @@ libstrongswan_uci_la_OBJECTS = $(am_libstrongswan_uci_la_OBJECTS)
 libstrongswan_uci_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_uci_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_uci_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_uci_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -252,13 +255,16 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-uci.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-uci.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-uci.la
 libstrongswan_uci_la_SOURCES = \
-  uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
-  uci_config.h uci_config.c uci_creds.h uci_creds.c \
-  uci_control.h uci_control.c
+	uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \
+	uci_config.h uci_config.c uci_creds.h uci_creds.c \
+	uci_control.h uci_control.c
 
 libstrongswan_uci_la_LDFLAGS = -module -avoid-version
 libstrongswan_uci_la_LIBADD = -luci
@@ -275,9 +281,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -296,6 +302,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-uci.la: $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_DEPENDENCIES) 
-	$(libstrongswan_uci_la_LINK) -rpath $(plugindir) $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_LIBADD) $(LIBS)
+	$(libstrongswan_uci_la_LINK) $(am_libstrongswan_uci_la_rpath) $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -485,8 +500,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -557,18 +572,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c
index a6ee970ad..bd58afbf0 100644
--- a/src/charon/plugins/uci/uci_config.c
+++ b/src/libcharon/plugins/uci/uci_config.c
@@ -170,7 +170,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
 			&ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
 	{
 		DESTROY_IF(this->peer_cfg);
-		ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+		ike_cfg = ike_cfg_create(FALSE, FALSE,
+					local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT);
 		ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
 		this->peer_cfg = peer_cfg_create(
 					name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
@@ -268,7 +269,8 @@ static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg)
 							   &local_addr, &remote_addr, &ike_proposal))
 	{
 		DESTROY_IF(this->ike_cfg);
-		this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+		this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT,
+										remote_addr, IKEV2_UDP_PORT);
 		this->ike_cfg->add_proposal(this->ike_cfg,
 									create_proposal(ike_proposal, PROTO_IKE));
 
diff --git a/src/charon/plugins/uci/uci_config.h b/src/libcharon/plugins/uci/uci_config.h
index 130f15d85..130f15d85 100644
--- a/src/charon/plugins/uci/uci_config.h
+++ b/src/libcharon/plugins/uci/uci_config.h
diff --git a/src/charon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c
index 3c4928be4..3c4928be4 100644
--- a/src/charon/plugins/uci/uci_control.c
+++ b/src/libcharon/plugins/uci/uci_control.c
diff --git a/src/charon/plugins/uci/uci_control.h b/src/libcharon/plugins/uci/uci_control.h
index 794220aa1..794220aa1 100644
--- a/src/charon/plugins/uci/uci_control.h
+++ b/src/libcharon/plugins/uci/uci_control.h
diff --git a/src/charon/plugins/uci/uci_creds.c b/src/libcharon/plugins/uci/uci_creds.c
index 4d664feb2..4d664feb2 100644
--- a/src/charon/plugins/uci/uci_creds.c
+++ b/src/libcharon/plugins/uci/uci_creds.c
diff --git a/src/charon/plugins/uci/uci_creds.h b/src/libcharon/plugins/uci/uci_creds.h
index a283ed9f5..a283ed9f5 100644
--- a/src/charon/plugins/uci/uci_creds.h
+++ b/src/libcharon/plugins/uci/uci_creds.h
diff --git a/src/charon/plugins/uci/uci_parser.c b/src/libcharon/plugins/uci/uci_parser.c
index 6de55d218..6de55d218 100644
--- a/src/charon/plugins/uci/uci_parser.c
+++ b/src/libcharon/plugins/uci/uci_parser.c
diff --git a/src/charon/plugins/uci/uci_parser.h b/src/libcharon/plugins/uci/uci_parser.h
index 7217e507a..7217e507a 100644
--- a/src/charon/plugins/uci/uci_parser.h
+++ b/src/libcharon/plugins/uci/uci_parser.h
diff --git a/src/charon/plugins/uci/uci_plugin.c b/src/libcharon/plugins/uci/uci_plugin.c
index 2a79b9109..742fcf4d0 100644
--- a/src/charon/plugins/uci/uci_plugin.c
+++ b/src/libcharon/plugins/uci/uci_plugin.c
@@ -75,7 +75,7 @@ static void destroy(private_uci_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *uci_plugin_create()
 {
 	private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t);
 
diff --git a/src/charon/plugins/uci/uci_plugin.h b/src/libcharon/plugins/uci/uci_plugin.h
index e7743227c..980ab26fd 100644
--- a/src/charon/plugins/uci/uci_plugin.h
+++ b/src/libcharon/plugins/uci/uci_plugin.h
@@ -40,9 +40,4 @@ struct uci_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a uci_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** UCI_PLUGIN_H_ @}*/
diff --git a/src/libcharon/plugins/unit_tester/Makefile.am b/src/libcharon/plugins/unit_tester/Makefile.am
new file mode 100644
index 000000000..e27d1f859
--- /dev/null
+++ b/src/libcharon/plugins/unit_tester/Makefile.am
@@ -0,0 +1,29 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-unit-tester.la
+else
+plugin_LTLIBRARIES = libstrongswan-unit-tester.la
+endif
+
+libstrongswan_unit_tester_la_SOURCES = \
+	unit_tester.c unit_tester.h tests.h \
+	tests/test_enumerator.c \
+	tests/test_auth_info.c \
+	tests/test_curl.c \
+	tests/test_mysql.c \
+	tests/test_sqlite.c \
+	tests/test_mutex.c \
+	tests/test_rsa_gen.c \
+	tests/test_cert.c \
+	tests/test_med_db.c \
+	tests/test_chunk.c \
+	tests/test_pool.c \
+	tests/test_agent.c \
+	tests/test_id.c
+
+libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in
index 9926c43e8..6ca43a38f 100644
--- a/src/charon/plugins/unit_tester/Makefile.in
+++ b/src/libcharon/plugins/unit_tester/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/unit_tester
+subdir = src/libcharon/plugins/unit_tester
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_unit_tester_la_LIBADD =
 am_libstrongswan_unit_tester_la_OBJECTS = unit_tester.lo \
 	test_enumerator.lo test_auth_info.lo test_curl.lo \
@@ -85,6 +85,9 @@ libstrongswan_unit_tester_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_unit_tester_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_unit_tester_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_unit_tester_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -223,6 +226,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -257,23 +261,27 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-unit-tester.la
-libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \
-  tests/test_enumerator.c \
-  tests/test_auth_info.c \
-  tests/test_curl.c \
-  tests/test_mysql.c \
-  tests/test_sqlite.c \
-  tests/test_mutex.c \
-  tests/test_rsa_gen.c \
-  tests/test_cert.c \
-  tests/test_med_db.c \
-  tests/test_chunk.c \
-  tests/test_pool.c \
-  tests/test_agent.c \
-  tests/test_id.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-unit-tester.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-unit-tester.la
+libstrongswan_unit_tester_la_SOURCES = \
+	unit_tester.c unit_tester.h tests.h \
+	tests/test_enumerator.c \
+	tests/test_auth_info.c \
+	tests/test_curl.c \
+	tests/test_mysql.c \
+	tests/test_sqlite.c \
+	tests/test_mutex.c \
+	tests/test_rsa_gen.c \
+	tests/test_cert.c \
+	tests/test_med_db.c \
+	tests/test_chunk.c \
+	tests/test_pool.c \
+	tests/test_agent.c \
+	tests/test_id.c
 
 libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -289,9 +297,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/unit_tester/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/unit_tester/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -310,6 +318,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -342,7 +359,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-unit-tester.la: $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_DEPENDENCIES) 
-	$(libstrongswan_unit_tester_la_LINK) -rpath $(plugindir) $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_LIBADD) $(LIBS)
+	$(libstrongswan_unit_tester_la_LINK) $(am_libstrongswan_unit_tester_la_rpath) $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -599,8 +616,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -671,18 +688,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/unit_tester/tests.h b/src/libcharon/plugins/unit_tester/tests.h
index 96313d390..96313d390 100644
--- a/src/charon/plugins/unit_tester/tests.h
+++ b/src/libcharon/plugins/unit_tester/tests.h
diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/libcharon/plugins/unit_tester/tests/test_agent.c
index baab629be..baab629be 100644
--- a/src/charon/plugins/unit_tester/tests/test_agent.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_agent.c
diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c
index d6abe7a05..d6abe7a05 100644
--- a/src/charon/plugins/unit_tester/tests/test_auth_info.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c
diff --git a/src/charon/plugins/unit_tester/tests/test_cert.c b/src/libcharon/plugins/unit_tester/tests/test_cert.c
index 3b00421f8..3b00421f8 100644
--- a/src/charon/plugins/unit_tester/tests/test_cert.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_cert.c
diff --git a/src/charon/plugins/unit_tester/tests/test_chunk.c b/src/libcharon/plugins/unit_tester/tests/test_chunk.c
index 2e0905b2c..2e0905b2c 100644
--- a/src/charon/plugins/unit_tester/tests/test_chunk.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_chunk.c
diff --git a/src/charon/plugins/unit_tester/tests/test_curl.c b/src/libcharon/plugins/unit_tester/tests/test_curl.c
index 21656a94e..21656a94e 100644
--- a/src/charon/plugins/unit_tester/tests/test_curl.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_curl.c
diff --git a/src/charon/plugins/unit_tester/tests/test_enumerator.c b/src/libcharon/plugins/unit_tester/tests/test_enumerator.c
index edbf0f5bb..edbf0f5bb 100644
--- a/src/charon/plugins/unit_tester/tests/test_enumerator.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_enumerator.c
diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/libcharon/plugins/unit_tester/tests/test_id.c
index 868a2ca8b..868a2ca8b 100644
--- a/src/charon/plugins/unit_tester/tests/test_id.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_id.c
diff --git a/src/charon/plugins/unit_tester/tests/test_med_db.c b/src/libcharon/plugins/unit_tester/tests/test_med_db.c
index 7fd78b0bc..7fd78b0bc 100644
--- a/src/charon/plugins/unit_tester/tests/test_med_db.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_med_db.c
diff --git a/src/charon/plugins/unit_tester/tests/test_mutex.c b/src/libcharon/plugins/unit_tester/tests/test_mutex.c
index 77085cb2f..77085cb2f 100644
--- a/src/charon/plugins/unit_tester/tests/test_mutex.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_mutex.c
diff --git a/src/charon/plugins/unit_tester/tests/test_mysql.c b/src/libcharon/plugins/unit_tester/tests/test_mysql.c
index 252441ef8..252441ef8 100644
--- a/src/charon/plugins/unit_tester/tests/test_mysql.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_mysql.c
diff --git a/src/charon/plugins/unit_tester/tests/test_pool.c b/src/libcharon/plugins/unit_tester/tests/test_pool.c
index 109c06fda..a68246fff 100644
--- a/src/charon/plugins/unit_tester/tests/test_pool.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_pool.c
@@ -14,9 +14,10 @@
  */
 
 #include <time.h>
-#include <pthread.h>
 
 #include <library.h>
+#include <threading/thread.h>
+#include <hydra.h>
 
 #define ALLOCS 1000
 #define THREADS 20
@@ -39,8 +40,8 @@ static void* testing(void *thread)
 	/* allocate addresses */
 	for (i = 0; i < ALLOCS; i++)
 	{
-		addr[i] = lib->attributes->acquire_address(lib->attributes,
-												   "test", id[i], NULL);
+		addr[i] = hydra->attributes->acquire_address(hydra->attributes,
+													 "test", id[i], NULL);
 		if (!addr[i])
 		{
 			return (void*)FALSE;
@@ -50,8 +51,8 @@ static void* testing(void *thread)
 	/* release addresses */
 	for (i = 0; i < ALLOCS; i++)
 	{
-		lib->attributes->release_address(lib->attributes,
-										 "test", addr[i], id[i]);
+		hydra->attributes->release_address(hydra->attributes,
+										   "test", addr[i], id[i]);
 	}
 
 	/* cleanup */
@@ -69,21 +70,20 @@ static void* testing(void *thread)
  ******************************************************************************/
 bool test_pool()
 {
+	thread_t *threads[THREADS];
 	uintptr_t i;
-	void *res;
-	pthread_t thread[THREADS];
 
 	for (i = 0; i < THREADS; i++)
 	{
-		if (pthread_create(&thread[i], NULL, (void*)testing, (void*)i) < 0)
+		if (!(threads[i] = thread_create((thread_main_t)testing, (void*)i)))
 		{
 			return FALSE;
 		}
 	}
 	for (i = 0; i < THREADS; i++)
 	{
-		pthread_join(thread[i], &res);
-		if (res == NULL)
+		bool *res = threads[i]->join(threads[i]);
+		if (!res)
 		{
 			return FALSE;
 		}
diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
index 59da15644..59da15644 100644
--- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
diff --git a/src/charon/plugins/unit_tester/tests/test_sqlite.c b/src/libcharon/plugins/unit_tester/tests/test_sqlite.c
index dd8d1955e..dd8d1955e 100644
--- a/src/charon/plugins/unit_tester/tests/test_sqlite.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_sqlite.c
diff --git a/src/charon/plugins/unit_tester/unit_tester.c b/src/libcharon/plugins/unit_tester/unit_tester.c
index 3c39688c6..5f6f94e03 100644
--- a/src/charon/plugins/unit_tester/unit_tester.c
+++ b/src/libcharon/plugins/unit_tester/unit_tester.c
@@ -103,7 +103,7 @@ static void destroy(private_unit_tester_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *unit_tester_plugin_create()
 {
 	private_unit_tester_t *this = malloc_thing(private_unit_tester_t);
 
diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/libcharon/plugins/unit_tester/unit_tester.h
index 79d5bc021..08784f6f4 100644
--- a/src/charon/plugins/unit_tester/unit_tester.h
+++ b/src/libcharon/plugins/unit_tester/unit_tester.h
@@ -41,9 +41,4 @@ struct unit_tester_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a unit_tester plugin.
- */
-plugin_t *plugin_create();
-
 #endif /** UNIT_TESTER_H_ @}*/
diff --git a/src/charon/plugins/updown/Makefile.am b/src/libcharon/plugins/updown/Makefile.am
index 6cad02a96..312c8d7e8 100644
--- a/src/charon/plugins/updown/Makefile.am
+++ b/src/libcharon/plugins/updown/Makefile.am
@@ -1,12 +1,17 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-updown.la
+else
 plugin_LTLIBRARIES = libstrongswan-updown.la
-libstrongswan_updown_la_SOURCES = \
-  updown_plugin.h updown_plugin.c \
-  updown_listener.h updown_listener.c
-libstrongswan_updown_la_LDFLAGS = -module -avoid-version
+endif
 
+libstrongswan_updown_la_SOURCES = \
+	updown_plugin.h updown_plugin.c \
+	updown_listener.h updown_listener.c
 
+libstrongswan_updown_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 78ba19d65..d3c509a32 100644
--- a/src/charon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/updown
+subdir = src/libcharon/plugins/updown
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_updown_la_LIBADD =
 am_libstrongswan_updown_la_OBJECTS = updown_plugin.lo \
 	updown_listener.lo
@@ -81,6 +81,9 @@ libstrongswan_updown_la_OBJECTS =  \
 libstrongswan_updown_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_updown_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_updown_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_updown_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,12 +257,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-updown.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-updown.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-updown.la
 libstrongswan_updown_la_SOURCES = \
-  updown_plugin.h updown_plugin.c \
-  updown_listener.h updown_listener.c
+	updown_plugin.h updown_plugin.c \
+	updown_listener.h updown_listener.c
 
 libstrongswan_updown_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -274,9 +281,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile
+	  $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -295,6 +302,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +343,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-updown.la: $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_DEPENDENCIES) 
-	$(libstrongswan_updown_la_LINK) -rpath $(plugindir) $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_LIBADD) $(LIBS)
+	$(libstrongswan_updown_la_LINK) $(am_libstrongswan_updown_la_rpath) $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +497,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c
index 5a6746f92..5a6746f92 100644
--- a/src/charon/plugins/updown/updown_listener.c
+++ b/src/libcharon/plugins/updown/updown_listener.c
diff --git a/src/charon/plugins/updown/updown_listener.h b/src/libcharon/plugins/updown/updown_listener.h
index 5b866c4e5..5b866c4e5 100644
--- a/src/charon/plugins/updown/updown_listener.h
+++ b/src/libcharon/plugins/updown/updown_listener.h
diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c
index 6cb0efdcd..9d0591e62 100644
--- a/src/charon/plugins/updown/updown_plugin.c
+++ b/src/libcharon/plugins/updown/updown_plugin.c
@@ -49,7 +49,7 @@ static void destroy(private_updown_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *updown_plugin_create()
 {
 	private_updown_plugin_t *this = malloc_thing(private_updown_plugin_t);
 
diff --git a/src/charon/plugins/updown/updown_plugin.h b/src/libcharon/plugins/updown/updown_plugin.h
index 2873b499d..abcb953a0 100644
--- a/src/charon/plugins/updown/updown_plugin.h
+++ b/src/libcharon/plugins/updown/updown_plugin.h
@@ -39,9 +39,4 @@ struct updown_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a updown_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** UPDOWN_PLUGIN_H_ @}*/
diff --git a/src/charon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c
index 45ace9312..45ace9312 100644
--- a/src/charon/processing/jobs/acquire_job.c
+++ b/src/libcharon/processing/jobs/acquire_job.c
diff --git a/src/charon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h
index eff79a9b0..eff79a9b0 100644
--- a/src/charon/processing/jobs/acquire_job.h
+++ b/src/libcharon/processing/jobs/acquire_job.h
diff --git a/src/charon/processing/jobs/callback_job.c b/src/libcharon/processing/jobs/callback_job.c
index 7e35dcdcb..45e49112e 100644
--- a/src/charon/processing/jobs/callback_job.c
+++ b/src/libcharon/processing/jobs/callback_job.c
@@ -182,7 +182,7 @@ static void cancel(private_callback_job_t *this)
  */
 static void execute(private_callback_job_t *this)
 {
-	bool cleanup = FALSE;
+	bool cleanup = FALSE, requeue = FALSE;
 
 	thread_cleanup_push((thread_cleanup_t)destroy, this);
 
@@ -206,8 +206,7 @@ static void execute(private_callback_job_t *this)
 				continue;
 			case JOB_REQUEUE_FAIR:
 			{
-				charon->processor->queue_job(charon->processor,
-											 &this->public.job_interface);
+				requeue = TRUE;
 				break;
 			}
 			case JOB_REQUEUE_NONE:
@@ -225,6 +224,11 @@ static void execute(private_callback_job_t *this)
 	/* manually create a cancellation point to avoid that a cancelled thread
 	 * goes back into the thread pool */
 	thread_cancellation_point();
+	if (requeue)
+	{
+		charon->processor->queue_job(charon->processor,
+									 &this->public.job_interface);
+	}
 	thread_cleanup_pop(cleanup);
 }
 
diff --git a/src/charon/processing/jobs/callback_job.h b/src/libcharon/processing/jobs/callback_job.h
index 62da1edd1..62da1edd1 100644
--- a/src/charon/processing/jobs/callback_job.h
+++ b/src/libcharon/processing/jobs/callback_job.h
diff --git a/src/charon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c
index ca55721f2..ca55721f2 100644
--- a/src/charon/processing/jobs/delete_child_sa_job.c
+++ b/src/libcharon/processing/jobs/delete_child_sa_job.c
diff --git a/src/charon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h
index 662a7b7c7..662a7b7c7 100644
--- a/src/charon/processing/jobs/delete_child_sa_job.h
+++ b/src/libcharon/processing/jobs/delete_child_sa_job.h
diff --git a/src/charon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c
index dffd08ba3..dffd08ba3 100644
--- a/src/charon/processing/jobs/delete_ike_sa_job.c
+++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c
diff --git a/src/charon/processing/jobs/delete_ike_sa_job.h b/src/libcharon/processing/jobs/delete_ike_sa_job.h
index f641deea3..f641deea3 100644
--- a/src/charon/processing/jobs/delete_ike_sa_job.h
+++ b/src/libcharon/processing/jobs/delete_ike_sa_job.h
diff --git a/src/charon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c
index 13fc5e3d0..13fc5e3d0 100644
--- a/src/charon/processing/jobs/inactivity_job.c
+++ b/src/libcharon/processing/jobs/inactivity_job.c
diff --git a/src/charon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h
index 9c9daced8..9c9daced8 100644
--- a/src/charon/processing/jobs/inactivity_job.h
+++ b/src/libcharon/processing/jobs/inactivity_job.h
diff --git a/src/charon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c
index ffe8755e2..ffe8755e2 100644
--- a/src/charon/processing/jobs/initiate_mediation_job.c
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.c
diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/libcharon/processing/jobs/initiate_mediation_job.h
index fddb1dd7b..fddb1dd7b 100644
--- a/src/charon/processing/jobs/initiate_mediation_job.h
+++ b/src/libcharon/processing/jobs/initiate_mediation_job.h
diff --git a/src/charon/processing/jobs/job.h b/src/libcharon/processing/jobs/job.h
index 0f1c16ebe..0f1c16ebe 100644
--- a/src/charon/processing/jobs/job.h
+++ b/src/libcharon/processing/jobs/job.h
diff --git a/src/charon/processing/jobs/mediation_job.c b/src/libcharon/processing/jobs/mediation_job.c
index b5b8af3b3..b5b8af3b3 100644
--- a/src/charon/processing/jobs/mediation_job.c
+++ b/src/libcharon/processing/jobs/mediation_job.c
diff --git a/src/charon/processing/jobs/mediation_job.h b/src/libcharon/processing/jobs/mediation_job.h
index 0574c65eb..0574c65eb 100644
--- a/src/charon/processing/jobs/mediation_job.h
+++ b/src/libcharon/processing/jobs/mediation_job.h
diff --git a/src/charon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c
index 05f47340c..05f47340c 100644
--- a/src/charon/processing/jobs/migrate_job.c
+++ b/src/libcharon/processing/jobs/migrate_job.c
diff --git a/src/charon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h
index de313d517..de313d517 100644
--- a/src/charon/processing/jobs/migrate_job.h
+++ b/src/libcharon/processing/jobs/migrate_job.h
diff --git a/src/charon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c
index a47d48e38..a47d48e38 100644
--- a/src/charon/processing/jobs/process_message_job.c
+++ b/src/libcharon/processing/jobs/process_message_job.c
diff --git a/src/charon/processing/jobs/process_message_job.h b/src/libcharon/processing/jobs/process_message_job.h
index 5e3f44d1f..5e3f44d1f 100644
--- a/src/charon/processing/jobs/process_message_job.h
+++ b/src/libcharon/processing/jobs/process_message_job.h
diff --git a/src/charon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c
index b797d181e..b797d181e 100644
--- a/src/charon/processing/jobs/rekey_child_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c
diff --git a/src/charon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h
index 62887d6b9..62887d6b9 100644
--- a/src/charon/processing/jobs/rekey_child_sa_job.h
+++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h
diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
index 5ec0b1b88..5ec0b1b88 100644
--- a/src/charon/processing/jobs/rekey_ike_sa_job.c
+++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c
diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.h b/src/libcharon/processing/jobs/rekey_ike_sa_job.h
index a5c1028aa..a5c1028aa 100644
--- a/src/charon/processing/jobs/rekey_ike_sa_job.h
+++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.h
diff --git a/src/charon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c
index fc787f208..fc787f208 100644
--- a/src/charon/processing/jobs/retransmit_job.c
+++ b/src/libcharon/processing/jobs/retransmit_job.c
diff --git a/src/charon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h
index c8c13479b..c8c13479b 100644
--- a/src/charon/processing/jobs/retransmit_job.h
+++ b/src/libcharon/processing/jobs/retransmit_job.h
diff --git a/src/charon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c
index adc884a8a..adc884a8a 100644
--- a/src/charon/processing/jobs/roam_job.c
+++ b/src/libcharon/processing/jobs/roam_job.c
diff --git a/src/charon/processing/jobs/roam_job.h b/src/libcharon/processing/jobs/roam_job.h
index 55bdf2b28..55bdf2b28 100644
--- a/src/charon/processing/jobs/roam_job.h
+++ b/src/libcharon/processing/jobs/roam_job.h
diff --git a/src/charon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c
index 1c2da52b8..1c2da52b8 100644
--- a/src/charon/processing/jobs/send_dpd_job.c
+++ b/src/libcharon/processing/jobs/send_dpd_job.c
diff --git a/src/charon/processing/jobs/send_dpd_job.h b/src/libcharon/processing/jobs/send_dpd_job.h
index 8078a38bc..8078a38bc 100644
--- a/src/charon/processing/jobs/send_dpd_job.h
+++ b/src/libcharon/processing/jobs/send_dpd_job.h
diff --git a/src/charon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c
index 3d02cea2e..3d02cea2e 100644
--- a/src/charon/processing/jobs/send_keepalive_job.c
+++ b/src/libcharon/processing/jobs/send_keepalive_job.c
diff --git a/src/charon/processing/jobs/send_keepalive_job.h b/src/libcharon/processing/jobs/send_keepalive_job.h
index cda83cd7e..cda83cd7e 100644
--- a/src/charon/processing/jobs/send_keepalive_job.h
+++ b/src/libcharon/processing/jobs/send_keepalive_job.h
diff --git a/src/charon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c
index 17dce2548..17dce2548 100644
--- a/src/charon/processing/jobs/update_sa_job.c
+++ b/src/libcharon/processing/jobs/update_sa_job.c
diff --git a/src/charon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h
index 11d1ac9b6..11d1ac9b6 100644
--- a/src/charon/processing/jobs/update_sa_job.h
+++ b/src/libcharon/processing/jobs/update_sa_job.h
diff --git a/src/charon/processing/processor.c b/src/libcharon/processing/processor.c
index d5774af26..d5774af26 100644
--- a/src/charon/processing/processor.c
+++ b/src/libcharon/processing/processor.c
diff --git a/src/charon/processing/processor.h b/src/libcharon/processing/processor.h
index 5bf8cf573..5bf8cf573 100644
--- a/src/charon/processing/processor.h
+++ b/src/libcharon/processing/processor.h
diff --git a/src/charon/processing/scheduler.c b/src/libcharon/processing/scheduler.c
index 345af502a..345af502a 100644
--- a/src/charon/processing/scheduler.c
+++ b/src/libcharon/processing/scheduler.c
diff --git a/src/charon/processing/scheduler.h b/src/libcharon/processing/scheduler.h
index 5f5d2a563..5f5d2a563 100644
--- a/src/charon/processing/scheduler.h
+++ b/src/libcharon/processing/scheduler.h
diff --git a/src/charon/sa/authenticators/authenticator.c b/src/libcharon/sa/authenticators/authenticator.c
index 13586a23e..13586a23e 100644
--- a/src/charon/sa/authenticators/authenticator.c
+++ b/src/libcharon/sa/authenticators/authenticator.c
diff --git a/src/charon/sa/authenticators/authenticator.h b/src/libcharon/sa/authenticators/authenticator.h
index fff91ed34..fff91ed34 100644
--- a/src/charon/sa/authenticators/authenticator.h
+++ b/src/libcharon/sa/authenticators/authenticator.h
diff --git a/src/charon/sa/authenticators/eap/eap_manager.c b/src/libcharon/sa/authenticators/eap/eap_manager.c
index f795183f0..f795183f0 100644
--- a/src/charon/sa/authenticators/eap/eap_manager.c
+++ b/src/libcharon/sa/authenticators/eap/eap_manager.c
diff --git a/src/charon/sa/authenticators/eap/eap_manager.h b/src/libcharon/sa/authenticators/eap/eap_manager.h
index 0333fb6da..0333fb6da 100644
--- a/src/charon/sa/authenticators/eap/eap_manager.h
+++ b/src/libcharon/sa/authenticators/eap/eap_manager.h
diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/libcharon/sa/authenticators/eap/eap_method.c
index 91fa5305f..91fa5305f 100644
--- a/src/charon/sa/authenticators/eap/eap_method.c
+++ b/src/libcharon/sa/authenticators/eap/eap_method.c
diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h
index 4cab84535..4cab84535 100644
--- a/src/charon/sa/authenticators/eap/eap_method.h
+++ b/src/libcharon/sa/authenticators/eap/eap_method.h
diff --git a/src/charon/sa/authenticators/eap/sim_manager.c b/src/libcharon/sa/authenticators/eap/sim_manager.c
index 5060a3147..157865083 100644
--- a/src/charon/sa/authenticators/eap/sim_manager.c
+++ b/src/libcharon/sa/authenticators/eap/sim_manager.c
@@ -450,27 +450,20 @@ static void remove_hooks(private_sim_manager_t *this, sim_hooks_t *hooks)
 }
 
 /**
- * Implementation of sim_manager_t.attribute_hook
+ * Implementation of sim_manager_t.message_hook
  */
-static bool attribute_hook(private_sim_manager_t *this, eap_code_t code,
-						   eap_type_t type, u_int8_t subtype,
-						   u_int8_t attribute, chunk_t data)
+static void message_hook(private_sim_manager_t *this,
+						 simaka_message_t *message, bool inbound, bool decrypted)
 {
 	enumerator_t *enumerator;
 	sim_hooks_t *hooks;
-	bool filter = FALSE;
 
 	enumerator = this->hooks->create_enumerator(this->hooks);
 	while (enumerator->enumerate(enumerator, &hooks))
 	{
-		if (hooks->attribute(hooks, code, type, subtype, attribute, data))
-		{
-			filter = TRUE;
-			break;
-		}
+		hooks->message(hooks, message, inbound, decrypted);
 	}
 	enumerator->destroy(enumerator);
-	return filter;
 }
 
 /**
@@ -528,7 +521,7 @@ sim_manager_t *sim_manager_create()
 	this->public.provider_gen_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))provider_gen_reauth;
 	this->public.add_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))add_hooks;
 	this->public.remove_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))remove_hooks;
-	this->public.attribute_hook = (bool(*)(sim_manager_t*, eap_code_t code, eap_type_t type, u_int8_t subtype, u_int8_t attribute, chunk_t data))attribute_hook;
+	this->public.message_hook = (void(*)(sim_manager_t*, simaka_message_t *message, bool inbound, bool decrypted))message_hook;
 	this->public.key_hook = (void(*)(sim_manager_t*, chunk_t k_encr, chunk_t k_auth))key_hook;
 	this->public.destroy = (void(*)(sim_manager_t*))destroy;
 
diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/libcharon/sa/authenticators/eap/sim_manager.h
index 49d27cbaa..9aa661ac8 100644
--- a/src/charon/sa/authenticators/eap/sim_manager.h
+++ b/src/libcharon/sa/authenticators/eap/sim_manager.h
@@ -31,6 +31,9 @@ typedef struct sim_card_t sim_card_t;
 typedef struct sim_provider_t sim_provider_t;
 typedef struct sim_hooks_t sim_hooks_t;
 
+/** implemented in libsimaka, but we need it for the message hook */
+typedef struct simaka_message_t simaka_message_t;
+
 #define SIM_RAND_LEN	16
 #define SIM_SRES_LEN	 4
 #define SIM_KC_LEN		 8
@@ -245,17 +248,17 @@ struct sim_provider_t {
 struct sim_hooks_t {
 
 	/**
-	 * SIM/AKA attribute parsing hook.
+	 * SIM/AKA message parsing.
+	 *
+	 * As a SIM/AKA optionally contains encrypted attributes, the hook
+	 * might get invoked twice, once before and once after decryption.
 	 *
-	 * @param code		code of EAP message the attribute was parsed from
-	 * @param type		EAP method, SIM or AKA
-	 * @param subtye	method specific subtype
-	 * @param attribute	parsed SIM/AKA attribute type
-	 * @param data		attribute data
-	 * @return			TRUE to filter out attribute from further processing
+	 * @param message	SIM/AKA message
+	 * @param inbound	TRUE for incoming messages, FALSE for outgoing
+	 * @param decrypted	TRUE if AT_ENCR_DATA has been decrypted
 	 */
-	bool (*attribute)(sim_hooks_t *this, eap_code_t code, eap_type_t type,
-					  u_int8_t subtype, u_int8_t attribute, chunk_t data);
+	void (*message)(sim_hooks_t *this, simaka_message_t *message,
+					bool inbound, bool decrypted);
 
 	/**
 	 * SIM/AKA encryption/authentication key hooks.
@@ -478,18 +481,14 @@ struct sim_manager_t {
 	void (*remove_hooks)(sim_manager_t *this, sim_hooks_t *hooks);
 
 	/**
-	 * Invoke SIM/AKA attribute hook.
+	 * Invoke SIM/AKA message hook.
 	 *
-	 * @param code		EAP message code (Request/response/success/failed)
-	 * @param type		EAP method type, EAP-SIM or AKA
-	 * @param subtype	method specific message subtype
-	 * @param attribute	SIM/AKA attribute type
-	 * @param data		attribute data
-	 * @return			TRUE to filter out attribute from further processing
+	 * @param message	SIM message
+	 * @param inbound	TRUE for incoming messages, FALSE for outgoing
+	 * @param decrypted	TRUE if AT_ENCR_DATA has been decrypted
 	 */
-	bool (*attribute_hook)(sim_manager_t *this, eap_code_t code,
-						   eap_type_t type, u_int8_t subtype,
-						   u_int8_t attribute, chunk_t data);
+	void (*message_hook)(sim_manager_t *this, simaka_message_t *message,
+						 bool inbound, bool decrypted);
 
 	/**
 	 * Invoke SIM/AKA key hook.
diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c
index 16911050a..4617c4d8d 100644
--- a/src/charon/sa/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/authenticators/eap_authenticator.c
@@ -251,7 +251,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this,
 		case NEED_MORE:
 			return out;
 		case SUCCESS:
-			if (type == EAP_IDENTITY)
+			if (!vendor && type == EAP_IDENTITY)
 			{
 				chunk_t data;
 
diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/libcharon/sa/authenticators/eap_authenticator.h
index 41eb6a8c9..41eb6a8c9 100644
--- a/src/charon/sa/authenticators/eap_authenticator.h
+++ b/src/libcharon/sa/authenticators/eap_authenticator.h
diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c
index 67197d690..67197d690 100644
--- a/src/charon/sa/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/authenticators/psk_authenticator.c
diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/libcharon/sa/authenticators/psk_authenticator.h
index 0fab11095..0fab11095 100644
--- a/src/charon/sa/authenticators/psk_authenticator.h
+++ b/src/libcharon/sa/authenticators/psk_authenticator.h
diff --git a/src/charon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c
index f1dca2702..f1dca2702 100644
--- a/src/charon/sa/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c
diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/libcharon/sa/authenticators/pubkey_authenticator.h
index be369cb89..be369cb89 100644
--- a/src/charon/sa/authenticators/pubkey_authenticator.h
+++ b/src/libcharon/sa/authenticators/pubkey_authenticator.h
diff --git a/src/charon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 3fdfb51ad..3fdfb51ad 100644
--- a/src/charon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
diff --git a/src/charon/sa/child_sa.h b/src/libcharon/sa/child_sa.h
index d70bed664..e6c603504 100644
--- a/src/charon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@@ -322,7 +322,7 @@ struct child_sa_t {
 };
 
 /**
- * Constructor to create a new child_sa_t.
+ * Constructor to create a child SA negotiated with IKE.
  *
  * @param me				own address
  * @param other				remote address
diff --git a/src/charon/sa/connect_manager.c b/src/libcharon/sa/connect_manager.c
index b78ba070d..b78ba070d 100644
--- a/src/charon/sa/connect_manager.c
+++ b/src/libcharon/sa/connect_manager.c
diff --git a/src/charon/sa/connect_manager.h b/src/libcharon/sa/connect_manager.h
index 8fa8ff697..8fa8ff697 100644
--- a/src/charon/sa/connect_manager.h
+++ b/src/libcharon/sa/connect_manager.h
diff --git a/src/charon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 975a0904a..023f0749f 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -25,6 +25,7 @@
 
 #include <library.h>
 #include <daemon.h>
+#include <hydra.h>
 #include <utils/linked_list.h>
 #include <utils/lexparser.h>
 #include <sa/task_manager.h>
@@ -423,7 +424,7 @@ static void flush_auth_cfgs(private_ike_sa_t *this)
 {
 	auth_cfg_t *cfg;
 
-	if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", TRUE))
+	if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", FALSE))
 	{
 		while (this->my_auths->remove_last(this->my_auths,
 										   (void**)&cfg) == SUCCESS)
@@ -1117,7 +1118,7 @@ static void resolve_hosts(private_ike_sa_t *this)
 	else
 	{
 		host = host_create_from_dns(this->ike_cfg->get_other_addr(this->ike_cfg),
-									0, IKEV2_UDP_PORT);
+								0, this->ike_cfg->get_other_port(this->ike_cfg));
 	}
 	if (host)
 	{
@@ -1139,7 +1140,7 @@ static void resolve_hosts(private_ike_sa_t *this)
 			family = this->other_host->get_family(this->other_host);
 		}
 		host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg),
-									family, IKEV2_UDP_PORT);
+							family, this->ike_cfg->get_my_port(this->ike_cfg));
 
 		if (host && host->is_anyaddr(host) &&
 			!this->other_host->is_anyaddr(this->other_host))
@@ -1149,13 +1150,13 @@ static void resolve_hosts(private_ike_sa_t *this)
 							charon->kernel_interface, this->other_host, NULL);
 			if (host)
 			{
-				host->set_port(host, IKEV2_UDP_PORT);
+				host->set_port(host, this->ike_cfg->get_my_port(this->ike_cfg));
 			}
 			else
 			{	/* fallback to address family specific %any(6), if configured */
 				host = host_create_from_dns(
-									this->ike_cfg->get_my_addr(this->ike_cfg),
-									0, IKEV2_UDP_PORT);
+								this->ike_cfg->get_my_addr(this->ike_cfg),
+								0, this->ike_cfg->get_my_port(this->ike_cfg));
 			}
 		}
 	}
@@ -1191,10 +1192,10 @@ static status_t initiate(private_ike_sa_t *this,
 
 		set_condition(this, COND_ORIGINAL_INITIATOR, TRUE);
 
-		task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
-		this->task_manager->queue_task(this->task_manager, task);
 		task = (task_t*)ike_vendor_create(&this->public, TRUE);
 		this->task_manager->queue_task(this->task_manager, task);
+		task = (task_t*)ike_init_create(&this->public, TRUE, NULL);
+		this->task_manager->queue_task(this->task_manager, task);
 		task = (task_t*)ike_natd_create(&this->public, TRUE);
 		this->task_manager->queue_task(this->task_manager, task);
 		task = (task_t*)ike_cert_pre_create(&this->public, TRUE);
@@ -1408,6 +1409,38 @@ static identification_t* get_other_id(private_ike_sa_t *this)
 }
 
 /**
+ * Implementation of ike_sa_t.get_other_eap_id.
+ */
+static identification_t* get_other_eap_id(private_ike_sa_t *this)
+{
+	identification_t *id = NULL, *current;
+	enumerator_t *enumerator;
+	auth_cfg_t *cfg;
+
+	enumerator = this->other_auths->create_enumerator(this->other_auths);
+	while (enumerator->enumerate(enumerator, &cfg))
+	{
+		/* prefer EAP-Identity of last round */
+		current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
+		if (!current || current->get_type(current) == ID_ANY)
+		{
+			current = cfg->get(cfg, AUTH_RULE_IDENTITY);
+		}
+		if (current && current->get_type(current) != ID_ANY)
+		{
+			id = current;
+			continue;
+		}
+	}
+	enumerator->destroy(enumerator);
+	if (id)
+	{
+		return id;
+	}
+	return this->other_id;
+}
+
+/**
  * Implementation of ike_sa_t.set_other_id.
  */
 static void set_other_id(private_ike_sa_t *this, identification_t *other)
@@ -1528,6 +1561,7 @@ static status_t delete_(private_ike_sa_t *this)
 		default:
 			DBG1(DBG_IKE, "destroying IKE_SA in state %N "
 				"without notification", ike_sa_state_names, this->state);
+			charon->bus->ike_updown(charon->bus, &this->public, FALSE);
 			break;
 	}
 	return DESTROY_ME;
@@ -2002,8 +2036,8 @@ static void destroy(private_ike_sa_t *this)
 	while (this->attributes->remove_last(this->attributes,
 										 (void**)&entry) == SUCCESS)
 	{
-		lib->attributes->release(lib->attributes, entry->handler,
-								 this->other_id, entry->type, entry->data);
+		hydra->attributes->release(hydra->attributes, entry->handler,
+								   this->other_id, entry->type, entry->data);
 		free(entry->data.ptr);
 		free(entry);
 	}
@@ -2027,9 +2061,9 @@ static void destroy(private_ike_sa_t *this)
 	{
 		if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg))
 		{
-			lib->attributes->release_address(lib->attributes,
-									this->peer_cfg->get_pool(this->peer_cfg),
-									this->other_virtual_ip, this->other_id);
+			hydra->attributes->release_address(hydra->attributes,
+							this->peer_cfg->get_pool(this->peer_cfg),
+							this->other_virtual_ip, get_other_eap_id(this));
 		}
 		this->other_virtual_ip->destroy(this->other_virtual_ip);
 	}
@@ -2102,6 +2136,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->public.set_my_id = (void (*)(ike_sa_t*,identification_t*)) set_my_id;
 	this->public.get_other_id = (identification_t* (*)(ike_sa_t*)) get_other_id;
 	this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id;
+	this->public.get_other_eap_id = (identification_t* (*)(ike_sa_t*)) get_other_eap_id;
 	this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension;
 	this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension;
 	this->public.set_condition = (void (*)(ike_sa_t*, ike_condition_t,bool)) set_condition;
diff --git a/src/charon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 4dce1937c..c61502edf 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -31,6 +31,7 @@ typedef enum statistic_t statistic_t;
 typedef struct ike_sa_t ike_sa_t;
 
 #include <library.h>
+#include <attributes/attribute_handler.h>
 #include <encoding/message.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <encoding/payloads/configuration_attribute.h>
@@ -359,6 +360,13 @@ struct ike_sa_t {
 	identification_t* (*get_other_id) (ike_sa_t *this);
 
 	/**
+	 * Get the others peer identity, but prefer an EAP-Identity.
+	 *
+	 * @return				EAP or IKEv2 identity
+	 */
+	identification_t* (*get_other_eap_id)(ike_sa_t *this);
+
+	/**
 	 * Set the other peer's identification.
 	 *
 	 * @param other			identification
diff --git a/src/charon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c
index 94c5405f2..94c5405f2 100644
--- a/src/charon/sa/ike_sa_id.c
+++ b/src/libcharon/sa/ike_sa_id.c
diff --git a/src/charon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h
index a833aa9d6..a833aa9d6 100644
--- a/src/charon/sa/ike_sa_id.h
+++ b/src/libcharon/sa/ike_sa_id.h
diff --git a/src/charon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 3ef0f3bb0..3ef0f3bb0 100644
--- a/src/charon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
diff --git a/src/charon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h
index 38f5454e1..38f5454e1 100644
--- a/src/charon/sa/ike_sa_manager.h
+++ b/src/libcharon/sa/ike_sa_manager.h
diff --git a/src/charon/sa/keymat.c b/src/libcharon/sa/keymat.c
index e49626354..837cbe428 100644
--- a/src/charon/sa/keymat.c
+++ b/src/libcharon/sa/keymat.c
@@ -99,8 +99,8 @@ struct keylen_entry_t {
  * Keylen for encryption algos
  */
 keylen_entry_t keylen_enc[] = {
-	{ENCR_DES, 					 64},
-	{ENCR_3DES, 				192},
+	{ENCR_DES,					 64},
+	{ENCR_3DES,					192},
 	{END_OF_LIST,				  0}
 };
 
@@ -108,7 +108,7 @@ keylen_entry_t keylen_enc[] = {
  * Keylen for integrity algos
  */
 keylen_entry_t keylen_int[] = {
-	{AUTH_HMAC_MD5_96, 			128},
+	{AUTH_HMAC_MD5_96,			128},
 	{AUTH_HMAC_SHA1_96,			160},
 	{AUTH_HMAC_SHA2_256_96,		256},
 	{AUTH_HMAC_SHA2_256_128,	256},
@@ -414,7 +414,7 @@ static bool derive_child_keys(private_keymat_t *this,
 		/* to bytes */
 		enc_size /= 8;
 
-		/* CCM/GCM/CTR needs additional bytes */
+		/* CCM/GCM/CTR/GMAC needs additional bytes */
 		switch (enc_alg)
 		{
 			case ENCR_AES_CCM_ICV8:
@@ -429,6 +429,7 @@ static bool derive_child_keys(private_keymat_t *this,
 			case ENCR_AES_GCM_ICV12:
 			case ENCR_AES_GCM_ICV16:
 			case ENCR_AES_CTR:
+			case ENCR_NULL_AUTH_AES_GMAC:
 				enc_size += 4;
 				break;
 			default:
diff --git a/src/charon/sa/keymat.h b/src/libcharon/sa/keymat.h
index e51709e8d..e51709e8d 100644
--- a/src/charon/sa/keymat.h
+++ b/src/libcharon/sa/keymat.h
diff --git a/src/charon/sa/mediation_manager.c b/src/libcharon/sa/mediation_manager.c
index 035f49053..035f49053 100644
--- a/src/charon/sa/mediation_manager.c
+++ b/src/libcharon/sa/mediation_manager.c
diff --git a/src/charon/sa/mediation_manager.h b/src/libcharon/sa/mediation_manager.h
index 31a16f69c..31a16f69c 100644
--- a/src/charon/sa/mediation_manager.h
+++ b/src/libcharon/sa/mediation_manager.h
diff --git a/src/charon/sa/task_manager.c b/src/libcharon/sa/task_manager.c
index 1de0c06f0..eeda6c860 100644
--- a/src/charon/sa/task_manager.c
+++ b/src/libcharon/sa/task_manager.c
@@ -307,11 +307,11 @@ static status_t build_request(private_task_manager_t *this)
 		switch (this->ike_sa->get_state(this->ike_sa))
 		{
 			case IKE_CREATED:
+				activate_task(this, IKE_VENDOR);
 				if (activate_task(this, IKE_INIT))
 				{
 					this->initiating.mid = 0;
 					exchange = IKE_SA_INIT;
-					activate_task(this, IKE_VENDOR);
 					activate_task(this, IKE_NATD);
 					activate_task(this, IKE_CERT_PRE);
 #ifdef ME
@@ -696,10 +696,10 @@ static status_t process_request(private_task_manager_t *this,
 		{
 			case IKE_SA_INIT:
 			{
-				task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
-				this->passive_tasks->insert_last(this->passive_tasks, task);
 				task = (task_t*)ike_vendor_create(this->ike_sa, FALSE);
 				this->passive_tasks->insert_last(this->passive_tasks, task);
+				task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL);
+				this->passive_tasks->insert_last(this->passive_tasks, task);
 				task = (task_t*)ike_natd_create(this->ike_sa, FALSE);
 				this->passive_tasks->insert_last(this->passive_tasks, task);
 				task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
@@ -926,6 +926,7 @@ static status_t process_message(private_task_manager_t *this, message_t *msg)
 	{
 		if (mid == this->initiating.mid)
 		{
+			charon->bus->message(charon->bus, msg, TRUE);
 			if (process_response(this, msg) != SUCCESS)
 			{
 				flush(this);
diff --git a/src/charon/sa/task_manager.h b/src/libcharon/sa/task_manager.h
index 731ed4898..731ed4898 100644
--- a/src/charon/sa/task_manager.h
+++ b/src/libcharon/sa/task_manager.h
diff --git a/src/charon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c
index 3f002f263..bea4f73d5 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/libcharon/sa/tasks/child_create.c
@@ -329,11 +329,11 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
 			this->dh_group = group;
 			return INVALID_ARG;
 		}
-		else
-		{
-			DBG1(DBG_IKE, "no acceptable proposal found");
-			return FAILED;
-		}
+		/* the selected proposal does not use a DH group */
+		DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal");
+		DESTROY_IF(this->dh);
+		this->dh = NULL;
+		this->dh_group = MODP_NONE;
 	}
 
 	if (my_vip == NULL)
diff --git a/src/charon/sa/tasks/child_create.h b/src/libcharon/sa/tasks/child_create.h
index 5dedeb8b1..5dedeb8b1 100644
--- a/src/charon/sa/tasks/child_create.h
+++ b/src/libcharon/sa/tasks/child_create.h
diff --git a/src/charon/sa/tasks/child_delete.c b/src/libcharon/sa/tasks/child_delete.c
index d7c6b0541..d7c6b0541 100644
--- a/src/charon/sa/tasks/child_delete.c
+++ b/src/libcharon/sa/tasks/child_delete.c
diff --git a/src/charon/sa/tasks/child_delete.h b/src/libcharon/sa/tasks/child_delete.h
index 365807c68..365807c68 100644
--- a/src/charon/sa/tasks/child_delete.h
+++ b/src/libcharon/sa/tasks/child_delete.h
diff --git a/src/charon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c
index b5e4e84b4..b5e4e84b4 100644
--- a/src/charon/sa/tasks/child_rekey.c
+++ b/src/libcharon/sa/tasks/child_rekey.c
diff --git a/src/charon/sa/tasks/child_rekey.h b/src/libcharon/sa/tasks/child_rekey.h
index 9b1aea5fa..9b1aea5fa 100644
--- a/src/charon/sa/tasks/child_rekey.h
+++ b/src/libcharon/sa/tasks/child_rekey.h
diff --git a/src/charon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c
index a07f96767..a07f96767 100644
--- a/src/charon/sa/tasks/ike_auth.c
+++ b/src/libcharon/sa/tasks/ike_auth.c
diff --git a/src/charon/sa/tasks/ike_auth.h b/src/libcharon/sa/tasks/ike_auth.h
index bba46d961..bba46d961 100644
--- a/src/charon/sa/tasks/ike_auth.h
+++ b/src/libcharon/sa/tasks/ike_auth.h
diff --git a/src/charon/sa/tasks/ike_auth_lifetime.c b/src/libcharon/sa/tasks/ike_auth_lifetime.c
index 75ff35168..75ff35168 100644
--- a/src/charon/sa/tasks/ike_auth_lifetime.c
+++ b/src/libcharon/sa/tasks/ike_auth_lifetime.c
diff --git a/src/charon/sa/tasks/ike_auth_lifetime.h b/src/libcharon/sa/tasks/ike_auth_lifetime.h
index 3b129b9e3..3b129b9e3 100644
--- a/src/charon/sa/tasks/ike_auth_lifetime.h
+++ b/src/libcharon/sa/tasks/ike_auth_lifetime.h
diff --git a/src/charon/sa/tasks/ike_cert_post.c b/src/libcharon/sa/tasks/ike_cert_post.c
index c831df975..c831df975 100644
--- a/src/charon/sa/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/tasks/ike_cert_post.c
diff --git a/src/charon/sa/tasks/ike_cert_post.h b/src/libcharon/sa/tasks/ike_cert_post.h
index a21f45927..a21f45927 100644
--- a/src/charon/sa/tasks/ike_cert_post.h
+++ b/src/libcharon/sa/tasks/ike_cert_post.h
diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c
index 0805d0290..0805d0290 100644
--- a/src/charon/sa/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/tasks/ike_cert_pre.c
diff --git a/src/charon/sa/tasks/ike_cert_pre.h b/src/libcharon/sa/tasks/ike_cert_pre.h
index 1541b80e5..1541b80e5 100644
--- a/src/charon/sa/tasks/ike_cert_pre.h
+++ b/src/libcharon/sa/tasks/ike_cert_pre.h
diff --git a/src/charon/sa/tasks/ike_config.c b/src/libcharon/sa/tasks/ike_config.c
index f010439fe..58bcf0762 100644
--- a/src/charon/sa/tasks/ike_config.c
+++ b/src/libcharon/sa/tasks/ike_config.c
@@ -17,6 +17,7 @@
 #include "ike_config.h"
 
 #include <daemon.h>
+#include <hydra.h>
 #include <encoding/payloads/cp_payload.h>
 
 typedef struct private_ike_config_t private_ike_config_t;
@@ -125,7 +126,7 @@ static void handle_attribute(private_ike_config_t *this,
 	enumerator->destroy(enumerator);
 
 	/* and pass it to the handle function */
-	handler = lib->attributes->handle(lib->attributes,
+	handler = hydra->attributes->handle(hydra->attributes,
 							this->ike_sa->get_other_id(this->ike_sa), handler,
 							ca->get_type(ca), ca->get_value(ca));
 	if (handler)
@@ -252,7 +253,7 @@ static status_t build_i(private_ike_config_t *this, message_t *message)
 			cp->add_attribute(cp, build_vip(vip));
 		}
 
-		enumerator = lib->attributes->create_initiator_enumerator(lib->attributes,
+		enumerator = hydra->attributes->create_initiator_enumerator(hydra->attributes,
 								this->ike_sa->get_other_id(this->ike_sa), vip);
 		while (enumerator->enumerate(enumerator, &handler, &type, &data))
 		{
@@ -299,38 +300,6 @@ static status_t process_r(private_ike_config_t *this, message_t *message)
 }
 
 /**
- * Find a peer (EAP) identity to query provider for attributes
- */
-static identification_t *get_peer_identity(private_ike_config_t *this)
-{
-	identification_t *id = NULL, *current;
-	enumerator_t *enumerator;
-	auth_cfg_t *cfg;
-
-	enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE);
-	while (enumerator->enumerate(enumerator, &cfg))
-	{
-		/* prefer EAP-Identity of last round */
-		current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY);
-		if (!current || current->get_type(current) == ID_ANY)
-		{
-			current = cfg->get(cfg, AUTH_RULE_IDENTITY);
-		}
-		if (current && current->get_type(current) != ID_ANY)
-		{
-			id = current;
-			continue;
-		}
-	}
-	enumerator->destroy(enumerator);
-	if (!id)
-	{	/* fallback, should not happen */
-		id = this->ike_sa->get_other_id(this->ike_sa);
-	}
-	return id;
-}
-
-/**
  * Implementation of task_t.build for responder
  */
 static status_t build_r(private_ike_config_t *this, message_t *message)
@@ -345,7 +314,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
 		peer_cfg_t *config;
 		identification_t *id;
 
-		id = get_peer_identity(this);
+		id = this->ike_sa->get_other_eap_id(this->ike_sa);
 
 		config = this->ike_sa->get_peer_cfg(this->ike_sa);
 		if (config && this->virtual_ip)
@@ -353,7 +322,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
 			DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip);
 			if (config->get_pool(config))
 			{
-				vip = lib->attributes->acquire_address(lib->attributes,
+				vip = hydra->attributes->acquire_address(hydra->attributes,
 							config->get_pool(config), id, this->virtual_ip);
 			}
 			if (vip == NULL)
@@ -372,8 +341,8 @@ static status_t build_r(private_ike_config_t *this, message_t *message)
 		}
 
 		/* query registered providers for additional attributes to include */
-		enumerator = lib->attributes->create_responder_enumerator(
-													lib->attributes, id, vip);
+		enumerator = hydra->attributes->create_responder_enumerator(
+													hydra->attributes, id, vip);
 		while (enumerator->enumerate(enumerator, &type, &value))
 		{
 			if (!cp)
diff --git a/src/charon/sa/tasks/ike_config.h b/src/libcharon/sa/tasks/ike_config.h
index 8cef08697..8cef08697 100644
--- a/src/charon/sa/tasks/ike_config.h
+++ b/src/libcharon/sa/tasks/ike_config.h
diff --git a/src/charon/sa/tasks/ike_delete.c b/src/libcharon/sa/tasks/ike_delete.c
index 130948836..130948836 100644
--- a/src/charon/sa/tasks/ike_delete.c
+++ b/src/libcharon/sa/tasks/ike_delete.c
diff --git a/src/charon/sa/tasks/ike_delete.h b/src/libcharon/sa/tasks/ike_delete.h
index 82782f393..82782f393 100644
--- a/src/charon/sa/tasks/ike_delete.h
+++ b/src/libcharon/sa/tasks/ike_delete.h
diff --git a/src/charon/sa/tasks/ike_dpd.c b/src/libcharon/sa/tasks/ike_dpd.c
index 4c6ba7662..4c6ba7662 100644
--- a/src/charon/sa/tasks/ike_dpd.c
+++ b/src/libcharon/sa/tasks/ike_dpd.c
diff --git a/src/charon/sa/tasks/ike_dpd.h b/src/libcharon/sa/tasks/ike_dpd.h
index 36388d15b..36388d15b 100644
--- a/src/charon/sa/tasks/ike_dpd.h
+++ b/src/libcharon/sa/tasks/ike_dpd.h
diff --git a/src/charon/sa/tasks/ike_init.c b/src/libcharon/sa/tasks/ike_init.c
index 5eb33b540..5eb33b540 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/libcharon/sa/tasks/ike_init.c
diff --git a/src/charon/sa/tasks/ike_init.h b/src/libcharon/sa/tasks/ike_init.h
index 7bd784cff..7bd784cff 100644
--- a/src/charon/sa/tasks/ike_init.h
+++ b/src/libcharon/sa/tasks/ike_init.h
diff --git a/src/charon/sa/tasks/ike_me.c b/src/libcharon/sa/tasks/ike_me.c
index 2d2847ae0..2d2847ae0 100644
--- a/src/charon/sa/tasks/ike_me.c
+++ b/src/libcharon/sa/tasks/ike_me.c
diff --git a/src/charon/sa/tasks/ike_me.h b/src/libcharon/sa/tasks/ike_me.h
index 31285a426..31285a426 100644
--- a/src/charon/sa/tasks/ike_me.h
+++ b/src/libcharon/sa/tasks/ike_me.h
diff --git a/src/charon/sa/tasks/ike_mobike.c b/src/libcharon/sa/tasks/ike_mobike.c
index d76ba8d2b..a62886f02 100644
--- a/src/charon/sa/tasks/ike_mobike.c
+++ b/src/libcharon/sa/tasks/ike_mobike.c
@@ -269,12 +269,36 @@ static void update_children(private_ike_mobike_t *this)
 }
 
 /**
+ * Apply port of old address if it equals new, port otherwise
+ */
+static void apply_port(private_ike_mobike_t *this, host_t *host, host_t *old,
+					   u_int16_t port)
+{
+	if (host->ip_equals(host, old))
+	{
+		host->set_port(host, old->get_port(old));
+	}
+	else
+	{
+		if (port == IKEV2_UDP_PORT)
+		{
+			host->set_port(host, IKEV2_NATT_PORT);
+		}
+		else
+		{
+			host->set_port(host, port);
+		}
+	}
+}
+
+/**
  * Implementation of ike_mobike_t.transmit
  */
 static void transmit(private_ike_mobike_t *this, packet_t *packet)
 {
 	host_t *me, *other, *me_old, *other_old;
 	iterator_t *iterator;
+	ike_cfg_t *ike_cfg;
 	packet_t *copy;
 
 	if (!this->check)
@@ -284,13 +308,13 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
 
 	me_old = this->ike_sa->get_my_host(this->ike_sa);
 	other_old = this->ike_sa->get_other_host(this->ike_sa);
+	ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
 
 	me = charon->kernel_interface->get_source_addr(
 									charon->kernel_interface, other_old, NULL);
 	if (me)
 	{
-		me->set_port(me, me->ip_equals(me, me_old) ?
-					 me_old->get_port(me_old) : IKEV2_NATT_PORT);
+		apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
 		DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old);
 		copy = packet->clone(packet);
 		copy->set_source(copy, me);
@@ -310,11 +334,9 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet)
 				continue;
 			}
 			/* reuse port for an active address, 4500 otherwise */
-			me->set_port(me, me->ip_equals(me, me_old) ?
-						 me_old->get_port(me_old) : IKEV2_NATT_PORT);
+			apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg));
 			other = other->clone(other);
-			other->set_port(other, other->ip_equals(other, other_old) ?
-							other_old->get_port(other_old) : IKEV2_NATT_PORT);
+			apply_port(this, other, other_old, ike_cfg->get_other_port(ike_cfg));
 			DBG1(DBG_IKE, "checking path %#H - %#H", me, other);
 			copy = packet->clone(packet);
 			copy->set_source(copy, me);
diff --git a/src/charon/sa/tasks/ike_mobike.h b/src/libcharon/sa/tasks/ike_mobike.h
index 05b2224d1..05b2224d1 100644
--- a/src/charon/sa/tasks/ike_mobike.h
+++ b/src/libcharon/sa/tasks/ike_mobike.h
diff --git a/src/charon/sa/tasks/ike_natd.c b/src/libcharon/sa/tasks/ike_natd.c
index 9121fe2ea..9ea20ba36 100644
--- a/src/charon/sa/tasks/ike_natd.c
+++ b/src/libcharon/sa/tasks/ike_natd.c
@@ -313,6 +313,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 {
 	notify_payload_t *notify;
 	enumerator_t *enumerator;
+	ike_cfg_t *ike_cfg;
 	host_t *host;
 
 	if (this->hasher == NULL)
@@ -321,6 +322,8 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 		return NEED_MORE;
 	}
 
+	ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
 	/* destination is always set */
 	host = message->get_destination(message);
 	notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host);
@@ -343,7 +346,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 							this->ike_sa->get_other_host(this->ike_sa), NULL);
 		if (host)
 		{	/* 2. */
-			host->set_port(host, IKEV2_UDP_PORT);
+			host->set_port(host, ike_cfg->get_my_port(ike_cfg));
 			notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
 			message->add_payload(message, (payload_t*)notify);
 			host->destroy(host);
@@ -356,7 +359,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 			{
 				/* apply port 500 to host, but work on a copy */
 				host = host->clone(host);
-				host->set_port(host, IKEV2_UDP_PORT);
+				host->set_port(host, ike_cfg->get_my_port(ike_cfg));
 				notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
 				host->destroy(host);
 				message->add_payload(message, (payload_t*)notify);
diff --git a/src/charon/sa/tasks/ike_natd.h b/src/libcharon/sa/tasks/ike_natd.h
index 97b652ead..97b652ead 100644
--- a/src/charon/sa/tasks/ike_natd.h
+++ b/src/libcharon/sa/tasks/ike_natd.h
diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/libcharon/sa/tasks/ike_reauth.c
index ac89c358b..ac89c358b 100644
--- a/src/charon/sa/tasks/ike_reauth.c
+++ b/src/libcharon/sa/tasks/ike_reauth.c
diff --git a/src/charon/sa/tasks/ike_reauth.h b/src/libcharon/sa/tasks/ike_reauth.h
index 5e97b719c..5e97b719c 100644
--- a/src/charon/sa/tasks/ike_reauth.h
+++ b/src/libcharon/sa/tasks/ike_reauth.h
diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c
index a2275e796..a2275e796 100644
--- a/src/charon/sa/tasks/ike_rekey.c
+++ b/src/libcharon/sa/tasks/ike_rekey.c
diff --git a/src/charon/sa/tasks/ike_rekey.h b/src/libcharon/sa/tasks/ike_rekey.h
index 1c9550768..1c9550768 100644
--- a/src/charon/sa/tasks/ike_rekey.h
+++ b/src/libcharon/sa/tasks/ike_rekey.h
diff --git a/src/charon/sa/tasks/ike_vendor.c b/src/libcharon/sa/tasks/ike_vendor.c
index 7c435b6d1..7c435b6d1 100644
--- a/src/charon/sa/tasks/ike_vendor.c
+++ b/src/libcharon/sa/tasks/ike_vendor.c
diff --git a/src/charon/sa/tasks/ike_vendor.h b/src/libcharon/sa/tasks/ike_vendor.h
index dcdd37424..dcdd37424 100644
--- a/src/charon/sa/tasks/ike_vendor.h
+++ b/src/libcharon/sa/tasks/ike_vendor.h
diff --git a/src/charon/sa/tasks/task.c b/src/libcharon/sa/tasks/task.c
index 0d7383141..0d7383141 100644
--- a/src/charon/sa/tasks/task.c
+++ b/src/libcharon/sa/tasks/task.c
diff --git a/src/charon/sa/tasks/task.h b/src/libcharon/sa/tasks/task.h
index 4468f2ebe..4468f2ebe 100644
--- a/src/charon/sa/tasks/task.h
+++ b/src/libcharon/sa/tasks/task.h
diff --git a/src/charon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index ed758995a..878170c83 100644
--- a/src/charon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -127,14 +127,14 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer,
 	/* try to resolve addresses */
 	ike_cfg = peer->get_ike_cfg(peer);
 	other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg),
-								 0, IKEV2_UDP_PORT);
+								 0, ike_cfg->get_other_port(ike_cfg));
 	if (!other)
 	{
 		DBG1(DBG_CFG, "installing trap failed, remote address unknown");
 		return 0;
 	}
 	me = host_create_from_dns(ike_cfg->get_my_addr(ike_cfg),
-							  other->get_family(other), IKEV2_UDP_PORT);
+					other->get_family(other), ike_cfg->get_my_port(ike_cfg));
 	if (!me || me->is_anyaddr(me))
 	{
 		DESTROY_IF(me);
@@ -146,7 +146,7 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer,
 			other->destroy(other);
 			return 0;
 		}
-		me->set_port(me, IKEV2_UDP_PORT);
+		me->set_port(me, ike_cfg->get_my_port(ike_cfg));
 	}
 
 	/* create and route CHILD_SA */
diff --git a/src/charon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h
index 37b42e2b0..37b42e2b0 100644
--- a/src/charon/sa/trap_manager.h
+++ b/src/libcharon/sa/trap_manager.h
diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am
index 870dcd6f1..5a1193658 100644
--- a/src/libfast/Makefile.am
+++ b/src/libfast/Makefile.am
@@ -1,7 +1,7 @@
 lib_LTLIBRARIES = libfast.la
 
 libfast_la_SOURCES = context.h dispatcher.c request.h session.h \
-  controller.h dispatcher.h request.c session.c filter.h
+  controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h
 libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
   -lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB)
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I/usr/include/ClearSilver
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index e5ed4a289..f6d1f20a5 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -77,7 +77,7 @@ am__DEPENDENCIES_1 =
 libfast_la_DEPENDENCIES =  \
 	$(top_builddir)/src/libstrongswan/libstrongswan.la \
 	$(am__DEPENDENCIES_1)
-am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo
+am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo smtp.lo
 libfast_la_OBJECTS = $(am_libfast_la_OBJECTS)
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -217,6 +217,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,7 +254,7 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 lib_LTLIBRARIES = libfast.la
 libfast_la_SOURCES = context.h dispatcher.c request.h session.h \
-  controller.h dispatcher.h request.c session.c filter.h
+  controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h
 
 libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \
   -lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB)
@@ -337,6 +338,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dispatcher.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp.Plo@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
diff --git a/src/libfast/request.c b/src/libfast/request.c
index 3f4894c45..6bf596fd8 100644
--- a/src/libfast/request.c
+++ b/src/libfast/request.c
@@ -204,14 +204,20 @@ static char* get_query_data(private_request_t *this, char *name)
 }
 
 /**
+ * Implementation of request_t.get_base.
+ */
+static char* get_base(private_request_t *this)
+{
+	return FCGX_GetParam("SCRIPT_NAME", this->req.envp);
+}
+
+/**
  * Implementation of request_t.add_cookie.
  */
 static void add_cookie(private_request_t *this, char *name, char *value)
 {
 	thread_this->set(thread_this, this);
-	cgi_cookie_set (this->cgi, name, value,
-					FCGX_GetParam("SCRIPT_NAME", this->req.envp),
-					NULL, NULL, 0, 0);
+	cgi_cookie_set (this->cgi, name, value, get_base(this), NULL, NULL, 0, 0);
 }
 
 /**
@@ -222,8 +228,7 @@ static void redirect(private_request_t *this, char *fmt, ...)
 	va_list args;
 
 	FCGX_FPrintF(this->req.out, "Status: 303 See Other\n");
-	FCGX_FPrintF(this->req.out, "Location: %s%s",
-				 FCGX_GetParam("SCRIPT_NAME", this->req.envp),
+	FCGX_FPrintF(this->req.out, "Location: %s%s", get_base(this),
 				 *fmt == '/' ? "" : "/");
 	va_start(args, fmt);
 	FCGX_VFPrintF(this->req.out, fmt, args);
@@ -232,21 +237,30 @@ static void redirect(private_request_t *this, char *fmt, ...)
 }
 
 /**
- * Implementation of request_t.to_referer.
+ * Implementation of request_t.get_referer.
  */
-static void to_referer(private_request_t *this)
+static char* get_referer(private_request_t *this)
 {
-	FCGX_FPrintF(this->req.out, "Status: 303 See Other\n");
-	FCGX_FPrintF(this->req.out, "Location: %s\n\n",
-				 FCGX_GetParam("HTTP_REFERER", this->req.envp));
+	return FCGX_GetParam("HTTP_REFERER", this->req.envp);
 }
 
 /**
- * Implementation of request_t.get_base.
+ * Implementation of request_t.to_referer.
  */
-static char* get_base(private_request_t *this)
+static void to_referer(private_request_t *this)
 {
-	return FCGX_GetParam("SCRIPT_NAME", this->req.envp);
+	char *referer;
+
+	referer = get_referer(this);
+	if (referer)
+	{
+		FCGX_FPrintF(this->req.out, "Status: 303 See Other\n");
+		FCGX_FPrintF(this->req.out, "Location: %s\n\n", referer);
+	}
+	else
+	{
+		redirect(this, "/");
+	}
 }
 
 /**
@@ -396,6 +410,7 @@ request_t *request_create(int fd, bool debug)
 	this->public.session_closed = (bool(*)(request_t*))session_closed;
 	this->public.close_session = (void(*)(request_t*))close_session;
 	this->public.redirect = (void(*)(request_t*, char *fmt,...))redirect;
+	this->public.get_referer = (char*(*)(request_t*))get_referer;
 	this->public.to_referer = (void(*)(request_t*))to_referer;
 	this->public.render = (void(*)(request_t*,char*))render;
 	this->public.streamf = (int(*)(request_t*, char *format, ...))streamf;
diff --git a/src/libfast/request.h b/src/libfast/request.h
index 61e2d59f0..af0f8e4f5 100644
--- a/src/libfast/request.h
+++ b/src/libfast/request.h
@@ -106,7 +106,14 @@ struct request_t {
 	void (*redirect)(request_t *this, char *fmt, ...);
 
 	/**
-	 * Redirect the client to the referer.
+	 * Get the HTTP referer.
+	 *
+	 * @return			HTTP referer
+	 */
+	char* (*get_referer)(request_t *this);
+
+	/**
+	 * Redirect back to the referer.
 	 */
 	void (*to_referer)(request_t *this);
 
diff --git a/src/libfast/session.c b/src/libfast/session.c
index f03b75542..7c4548ee5 100644
--- a/src/libfast/session.c
+++ b/src/libfast/session.c
@@ -177,7 +177,9 @@ static void process(private_session_t *this, request_t *request)
 		if (this->controllers->get_first(this->controllers,
 										 (void**)&current) == SUCCESS)
 		{
-			request->redirect(request, current->get_name(current));
+			request->streamf(request,
+				"Status: 301 Moved permanently\nLocation: %s/%s\n\n",
+				request->get_base(request), current->get_name(current));
 		}
 	}
 }
diff --git a/src/libfast/smtp.c b/src/libfast/smtp.c
new file mode 100644
index 000000000..4118c74a6
--- /dev/null
+++ b/src/libfast/smtp.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "smtp.h"
+
+#include <unistd.h>
+#include <errno.h>
+
+#include <debug.h>
+
+typedef struct private_smtp_t private_smtp_t;
+
+/**
+ * Private data of an smtp_t object.
+ */
+struct private_smtp_t {
+
+	/**
+	 * Public smtp_t interface.
+	 */
+	smtp_t public;
+
+	/**
+	 * file stream to SMTP server
+	 */
+	FILE *f;
+};
+
+/**
+ * Read the response code from an SMTP server
+ */
+static int read_response(private_smtp_t *this)
+{
+	char buf[256], *end;
+	int res = 0;
+
+	while (TRUE)
+	{
+		if (!fgets(buf, sizeof(buf), this->f))
+		{
+			return 0;
+		}
+		res = strtol(buf, &end, 10);
+		switch (*end)
+		{
+			case '-':
+				continue;
+			case ' ':
+			case '\0':
+			case '\n':
+				break;
+			default:
+				return 0;
+		}
+		break;
+	}
+	return res;
+}
+
+/**
+ * write a SMTP command to the server, read response code
+ */
+static int write_cmd(private_smtp_t *this, char *fmt, ...)
+{
+	char buf[256];
+	va_list args;
+
+	va_start(args, fmt);
+	vsnprintf(buf, sizeof(buf), fmt, args);
+	va_end(args);
+
+	if (fprintf(this->f, "%s\n", buf) < 1)
+	{
+		DBG1(DBG_LIB, "sending SMTP command failed");
+		return 0;
+	}
+	return read_response(this);
+}
+
+METHOD(smtp_t, send_mail, bool,
+	private_smtp_t *this, char *from, char *to, char *subject, char *fmt, ...)
+{
+	va_list args;
+
+	if (write_cmd(this, "MAIL FROM:<%s>", from) != 250)
+	{
+		DBG1(DBG_LIB, "SMTP MAIL FROM failed");
+		return FALSE;
+	}
+	if (write_cmd(this, "RCPT TO:<%s>", to) != 250)
+	{
+		DBG1(DBG_LIB, "SMTP RCPT TO failed");
+		return FALSE;
+	}
+	if (write_cmd(this, "DATA") != 354)
+	{
+		DBG1(DBG_LIB, "SMTP DATA failed");
+		return FALSE;
+	}
+
+	fprintf(this->f, "From: %s\n", from);
+	fprintf(this->f, "To: %s\n", to);
+	fprintf(this->f, "Subject: %s\n", subject);
+	fprintf(this->f, "\n");
+	va_start(args, fmt);
+	vfprintf(this->f, fmt, args);
+	va_end(args);
+	fprintf(this->f, "\n.\n");
+	return read_response(this) == 250;
+}
+
+
+METHOD(smtp_t, destroy, void,
+	private_smtp_t *this)
+{
+	write_cmd(this, "QUIT");
+	fclose(this->f);
+	free(this);
+}
+
+/**
+ * See header
+ */
+smtp_t *smtp_create()
+{
+	private_smtp_t *this;
+	struct sockaddr_in addr;
+	int s;
+
+	INIT(this,
+		.public = {
+			.send_mail = _send_mail,
+			.destroy = _destroy,
+		},
+	);
+
+	s = socket(AF_INET, SOCK_STREAM, 0);
+	if (s < 0)
+	{
+		DBG1(DBG_LIB, "opening SMTP socket failed: %s", strerror(errno));
+		free(this);
+		return NULL;
+	}
+	addr.sin_family = AF_INET;
+	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+	addr.sin_port = htons(25);
+	if (connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0)
+	{
+		DBG1(DBG_LIB, "connecting to SMTP server failed: %s", strerror(errno));
+		close(s);
+		free(this);
+		return NULL;
+	}
+	this->f = fdopen(s, "a+");
+	if (!this->f)
+	{
+		DBG1(DBG_LIB, "opening stream to SMTP server failed: %s",
+			 strerror(errno));
+		close(s);
+		free(this);
+		return NULL;
+	}
+	if (read_response(this) != 220 ||
+		write_cmd(this, "EHLO localhost") != 250)
+	{
+		DBG1(DBG_LIB, "SMTP EHLO failed");
+		fclose(this->f);
+		free(this);
+		return NULL;
+	}
+	return &this->public;
+}
+
diff --git a/src/libfast/smtp.h b/src/libfast/smtp.h
new file mode 100644
index 000000000..910f18127
--- /dev/null
+++ b/src/libfast/smtp.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup smtp smtp
+ * @{ @ingroup libfast
+ */
+
+#ifndef SMTP_H_
+#define SMTP_H_
+
+typedef struct smtp_t smtp_t;
+
+#include <library.h>
+
+/**
+ * Ultra-minimalistic SMTP client. Works at most with Exim on localhost.
+ */
+struct smtp_t {
+
+	/**
+	 * Send an e-mail message.
+	 *
+	 * @param from		sender address
+	 * @param to		receipient address
+	 * @param subject	mail subject
+	 * @param fmt		mail body format string
+	 * @param ...		arguments for body format string
+	 */
+	bool (*send_mail)(smtp_t *this, char *from, char *to,
+					  char *subject, char *fmt, ...);
+
+	/**
+	 * Destroy a smtp_t.
+	 */
+	void (*destroy)(smtp_t *this);
+};
+
+/**
+ * Create a smtp instance.
+ */
+smtp_t *smtp_create();
+
+#endif /** SMTP_H_ @}*/
diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in
index e72759bca..e752df82d 100644
--- a/src/libfreeswan/Makefile.in
+++ b/src/libfreeswan/Makefile.in
@@ -234,6 +234,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h
index 685db1273..725997ebc 100644
--- a/src/libfreeswan/pfkeyv2.h
+++ b/src/libfreeswan/pfkeyv2.h
@@ -337,6 +337,7 @@ struct sadb_protocol {
 #define SADB_X_EALG_AES_GCM_ICV12	19
 #define SADB_X_EALG_AES_GCM_ICV16	20
 #define SADB_X_EALG_CAMELLIACBC		22
+#define SADB_X_EALG_NULL_AES_GMAC	23
 #define SADB_EALG_MAX			253 /* last EALG */
 /* private allocations should use 249-255 (RFC2407) */
 #define SADB_X_EALG_SERPENTCBC  252     /* draft-ietf-ipsec-ciph-aes-cbc-00 */
diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk
new file mode 100644
index 000000000..caad7447a
--- /dev/null
+++ b/src/libhydra/Android.mk
@@ -0,0 +1,34 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+hydra.c hydra.h \
+attributes/attributes.c attributes/attributes.h \
+attributes/attribute_provider.h attributes/attribute_handler.h \
+attributes/attribute_manager.c attributes/attribute_manager.h \
+attributes/mem_pool.c attributes/mem_pool.h
+
+# adding the plugin source files
+
+LOCAL_SRC_FILES += $(call add_plugin, attr)
+
+# build libcharon --------------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+	$(libvstr_PATH) \
+	$(strongswan_PATH)/src/include \
+	$(strongswan_PATH)/src/libstrongswan
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS)
+
+LOCAL_MODULE := libhydra
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libstrongswan
+
+include $(BUILD_SHARED_LIBRARY)
+
diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am
new file mode 100644
index 000000000..601a56e38
--- /dev/null
+++ b/src/libhydra/Makefile.am
@@ -0,0 +1,42 @@
+lib_LTLIBRARIES = libhydra.la
+
+libhydra_la_SOURCES = \
+hydra.c hydra.h \
+attributes/attributes.c attributes/attributes.h \
+attributes/attribute_provider.h attributes/attribute_handler.h \
+attributes/attribute_manager.c attributes/attribute_manager.h \
+attributes/mem_pool.c attributes/mem_pool.h
+
+libhydra_la_LIBADD =
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = \
+-DIPSEC_DIR=\"${ipsecdir}\" \
+-DPLUGINDIR=\"${plugindir}\" \
+-DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+
+EXTRA_DIST = Android.mk
+
+# build optional plugins
+########################
+
+if MONOLITHIC
+SUBDIRS =
+else
+SUBDIRS = .
+endif
+
+if USE_ATTR
+  SUBDIRS += plugins/attr
+if MONOLITHIC
+  libhydra_la_LIBADD += plugins/attr/libstrongswan-attr.la
+endif
+endif
+
+if USE_ATTR_SQL
+  SUBDIRS += plugins/attr_sql
+if MONOLITHIC
+  libhydra_la_LIBADD += plugins/attr_sql/libstrongswan-attr-sql.la
+endif
+endif
+
diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in
new file mode 100644
index 000000000..32027d1ea
--- /dev/null
+++ b/src/libhydra/Makefile.in
@@ -0,0 +1,762 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@USE_ATTR_TRUE@am__append_1 = plugins/attr
+@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_2 = plugins/attr/libstrongswan-attr.la
+@USE_ATTR_SQL_TRUE@am__append_3 = plugins/attr_sql
+@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_4 = plugins/attr_sql/libstrongswan-attr-sql.la
+subdir = src/libhydra
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+	$(top_srcdir)/m4/config/ltoptions.m4 \
+	$(top_srcdir)/m4/config/ltsugar.m4 \
+	$(top_srcdir)/m4/config/ltversion.m4 \
+	$(top_srcdir)/m4/config/lt~obsolete.m4 \
+	$(top_srcdir)/m4/macros/with.m4 \
+	$(top_srcdir)/m4/macros/enable-disable.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+libhydra_la_DEPENDENCIES = $(am__append_2) $(am__append_4)
+am_libhydra_la_OBJECTS = hydra.lo attributes.lo attribute_manager.lo \
+	mem_pool.lo
+libhydra_la_OBJECTS = $(am_libhydra_la_OBJECTS)
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libhydra_la_SOURCES)
+DIST_SOURCES = $(libhydra_la_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+	$(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+	distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = . plugins/attr plugins/attr_sql
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+  dir0=`pwd`; \
+  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+  sed_rest='s,^[^/]*/*,,'; \
+  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+  sed_butlast='s,/*[^/]*$$,,'; \
+  while test -n "$$dir1"; do \
+    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+    if test "$$first" != "."; then \
+      if test "$$first" = ".."; then \
+        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+      else \
+        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+        if test "$$first2" = "$$first"; then \
+          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+        else \
+          dir2="../$$dir2"; \
+        fi; \
+        dir0="$$dir0"/"$$first"; \
+      fi; \
+    fi; \
+    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+  done; \
+  reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
+libstrongswan_plugins = @libstrongswan_plugins@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+lib_LTLIBRARIES = libhydra.la
+libhydra_la_SOURCES = \
+hydra.c hydra.h \
+attributes/attributes.c attributes/attributes.h \
+attributes/attribute_provider.h attributes/attribute_handler.h \
+attributes/attribute_manager.c attributes/attribute_manager.h \
+attributes/mem_pool.c attributes/mem_pool.h
+
+libhydra_la_LIBADD = $(am__append_2) $(am__append_4)
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = \
+-DIPSEC_DIR=\"${ipsecdir}\" \
+-DPLUGINDIR=\"${plugindir}\" \
+-DSTRONGSWAN_CONF=\"${strongswan_conf}\"
+
+EXTRA_DIST = Android.mk
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_1) $(am__append_3)
+
+# build optional plugins
+########################
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_1) $(am__append_3)
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --gnu src/libhydra/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+	}
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+	done
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libhydra.la: $(libhydra_la_OBJECTS) $(libhydra_la_DEPENDENCIES) 
+	$(LINK) -rpath $(libdir) $(libhydra_la_OBJECTS) $(libhydra_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attributes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hydra.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mem_pool.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+attributes.lo: attributes/attributes.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attributes.lo -MD -MP -MF $(DEPDIR)/attributes.Tpo -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/attributes.Tpo $(DEPDIR)/attributes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='attributes/attributes.c' object='attributes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
+
+attribute_manager.lo: attributes/attribute_manager.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.lo -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='attributes/attribute_manager.c' object='attribute_manager.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
+
+mem_pool.lo: attributes/mem_pool.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mem_pool.lo -MD -MP -MF $(DEPDIR)/mem_pool.Tpo -c -o mem_pool.lo `test -f 'attributes/mem_pool.c' || echo '$(srcdir)/'`attributes/mem_pool.c
+@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/mem_pool.Tpo $(DEPDIR)/mem_pool.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='attributes/mem_pool.c' object='mem_pool.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mem_pool.lo `test -f 'attributes/mem_pool.c' || echo '$(srcdir)/'`attributes/mem_pool.c
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	  fi; \
+	done
+	@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+	    $(am__relativize); \
+	    new_distdir=$$reldir; \
+	    dir1=$$subdir; dir2="$(top_distdir)"; \
+	    $(am__relativize); \
+	    new_top_distdir=$$reldir; \
+	    echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+	    echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+	    ($(am__cd) $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$new_top_distdir" \
+	        distdir="$$new_distdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+		am__skip_mode_fix=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES)
+installdirs: installdirs-recursive
+installdirs-am:
+	for dir in "$(DESTDIR)$(libdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+	install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am check check-am clean clean-generic \
+	clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \
+	distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-libLTLIBRARIES install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs installdirs-am \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
+	uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/attributes/attribute_handler.h b/src/libhydra/attributes/attribute_handler.h
index d042f47ef..d042f47ef 100644
--- a/src/libstrongswan/attributes/attribute_handler.h
+++ b/src/libhydra/attributes/attribute_handler.h
diff --git a/src/libstrongswan/attributes/attribute_manager.c b/src/libhydra/attributes/attribute_manager.c
index 91fa1ebb5..3080b56eb 100644
--- a/src/libstrongswan/attributes/attribute_manager.c
+++ b/src/libhydra/attributes/attribute_manager.c
@@ -83,7 +83,7 @@ static host_t* acquire_address(private_attribute_manager_t *this,
 
 	if (!host)
 	{
-		DBG1("acquiring address from pool '%s' failed", pool);
+		DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool);
 	}
 	return host;
 }
@@ -113,7 +113,7 @@ static void release_address(private_attribute_manager_t *this,
 
 	if (!found)
 	{
-		DBG1("releasing address to pool '%s' failed", pool);
+		DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool);
 	}
 }
 
@@ -206,7 +206,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this,
 
 	if (!handled)
 	{
-		DBG1("handling %N attribute failed",
+		DBG1(DBG_CFG, "handling %N attribute failed",
 			 configuration_attribute_type_names, type);
 	}
 	return handled;
diff --git a/src/libstrongswan/attributes/attribute_manager.h b/src/libhydra/attributes/attribute_manager.h
index 642662366..642662366 100644
--- a/src/libstrongswan/attributes/attribute_manager.h
+++ b/src/libhydra/attributes/attribute_manager.h
diff --git a/src/libstrongswan/attributes/attribute_provider.h b/src/libhydra/attributes/attribute_provider.h
index f8485cc6c..f8485cc6c 100644
--- a/src/libstrongswan/attributes/attribute_provider.h
+++ b/src/libhydra/attributes/attribute_provider.h
diff --git a/src/libstrongswan/attributes/attributes.c b/src/libhydra/attributes/attributes.c
index 83feed17e..83feed17e 100644
--- a/src/libstrongswan/attributes/attributes.c
+++ b/src/libhydra/attributes/attributes.c
diff --git a/src/libstrongswan/attributes/attributes.h b/src/libhydra/attributes/attributes.h
index f4a396f21..f4a396f21 100644
--- a/src/libstrongswan/attributes/attributes.h
+++ b/src/libhydra/attributes/attributes.h
diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c
new file mode 100644
index 000000000..65018e3a9
--- /dev/null
+++ b/src/libhydra/attributes/mem_pool.c
@@ -0,0 +1,451 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "mem_pool.h"
+
+#include <debug.h>
+#include <utils/hashtable.h>
+#include <threading/rwlock.h>
+
+#define POOL_LIMIT (sizeof(uintptr_t)*8)
+
+typedef struct private_mem_pool_t private_mem_pool_t;
+
+/**
+ * private data of mem_pool_t
+ */
+struct private_mem_pool_t {
+	/**
+	 * public interface
+	 */
+	mem_pool_t public;
+
+	/**
+	 * name of the pool
+	 */
+	char *name;
+
+	/**
+	 * base address of the pool
+	 */
+	host_t *base;
+
+	/**
+	 * size of the pool
+	 */
+	u_int size;
+
+	/**
+	 * next unused address
+	 */
+	u_int unused;
+
+	/**
+	 * hashtable [identity => offset], for online leases
+	 */
+	hashtable_t *online;
+
+	/**
+	 * hashtable [identity => offset], for offline leases
+	 */
+	hashtable_t *offline;
+
+	/**
+	 * hashtable [identity => identity], handles identity references
+	 */
+	hashtable_t *ids;
+
+	/**
+	 * lock to safely access the pool
+	 */
+	rwlock_t *lock;
+};
+
+/**
+ * hashtable hash function for identities
+ */
+static u_int id_hash(identification_t *id)
+{
+	return chunk_hash(id->get_encoding(id));
+}
+
+/**
+ * hashtable equals function for identities
+ */
+static bool id_equals(identification_t *a, identification_t *b)
+{
+	return a->equals(a, b);
+}
+
+/**
+ * convert a pool offset to an address
+ */
+static host_t* offset2host(private_mem_pool_t *pool, int offset)
+{
+	chunk_t addr;
+	host_t *host;
+	u_int32_t *pos;
+
+	offset--;
+	if (offset > pool->size)
+	{
+		return NULL;
+	}
+
+	addr = chunk_clone(pool->base->get_address(pool->base));
+	if (pool->base->get_family(pool->base) == AF_INET6)
+	{
+		pos = (u_int32_t*)(addr.ptr + 12);
+	}
+	else
+	{
+		pos = (u_int32_t*)addr.ptr;
+	}
+	*pos = htonl(offset + ntohl(*pos));
+	host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0);
+	free(addr.ptr);
+	return host;
+}
+
+/**
+ * convert a host to a pool offset
+ */
+static int host2offset(private_mem_pool_t *pool, host_t *addr)
+{
+	chunk_t host, base;
+	u_int32_t hosti, basei;
+
+	if (addr->get_family(addr) != pool->base->get_family(pool->base))
+	{
+		return -1;
+	}
+	host = addr->get_address(addr);
+	base = pool->base->get_address(pool->base);
+	if (addr->get_family(addr) == AF_INET6)
+	{
+		/* only look at last /32 block */
+		if (!memeq(host.ptr, base.ptr, 12))
+		{
+			return -1;
+		}
+		host = chunk_skip(host, 12);
+		base = chunk_skip(base, 12);
+	}
+	hosti = ntohl(*(u_int32_t*)(host.ptr));
+	basei = ntohl(*(u_int32_t*)(base.ptr));
+	if (hosti > basei + pool->size)
+	{
+		return -1;
+	}
+	return hosti - basei + 1;
+}
+
+METHOD(mem_pool_t, get_name, const char*,
+	   private_mem_pool_t *this)
+{
+	return this->name;
+}
+
+METHOD(mem_pool_t, get_size, u_int,
+	   private_mem_pool_t *this)
+{
+	return this->size;
+}
+
+METHOD(mem_pool_t, get_online, u_int,
+	   private_mem_pool_t *this)
+{
+	u_int count;
+	this->lock->read_lock(this->lock);
+	count = this->online->get_count(this->online);
+	this->lock->unlock(this->lock);
+	return count;
+}
+
+METHOD(mem_pool_t, get_offline, u_int,
+	   private_mem_pool_t *this)
+{
+	u_int count;
+	this->lock->read_lock(this->lock);
+	count = this->offline->get_count(this->offline);
+	this->lock->unlock(this->lock);
+	return count;
+}
+
+METHOD(mem_pool_t, acquire_address, host_t*,
+	   private_mem_pool_t *this, identification_t *id, host_t *requested)
+{
+	uintptr_t offset = 0;
+	enumerator_t *enumerator;
+	identification_t *old_id;
+
+	/* if the pool is empty (e.g. in the %config case) we simply return the
+	 * requested address */
+	if (this->size == 0)
+	{
+		return requested->clone(requested);
+	}
+
+	if (!requested->is_anyaddr(requested) &&
+		requested->get_family(requested) !=
+		this->base->get_family(this->base))
+	{
+		DBG1(DBG_CFG, "IP pool address family mismatch");
+		return NULL;
+	}
+
+	this->lock->write_lock(this->lock);
+	while (TRUE)
+	{
+		/* check for a valid offline lease, refresh */
+		offset = (uintptr_t)this->offline->remove(this->offline, id);
+		if (offset)
+		{
+			id = this->ids->get(this->ids, id);
+			if (id)
+			{
+				DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id);
+				this->online->put(this->online, id, (void*)offset);
+				break;
+			}
+		}
+
+		/* check for a valid online lease, reassign */
+		offset = (uintptr_t)this->online->get(this->online, id);
+		if (offset && offset == host2offset(this, requested))
+		{
+			DBG1(DBG_CFG, "reassigning online lease to '%Y'", id);
+			break;
+		}
+
+		if (this->unused < this->size)
+		{
+			/* assigning offset, starting by 1. Handling 0 in hashtable
+			 * is difficult. */
+			offset = ++this->unused;
+			id = id->clone(id);
+			this->ids->put(this->ids, id, id);
+			this->online->put(this->online, id, (void*)offset);
+			DBG1(DBG_CFG, "assigning new lease to '%Y'", id);
+			break;
+		}
+
+		/* no more addresses, replace the first found offline lease */
+		enumerator = this->offline->create_enumerator(this->offline);
+		if (enumerator->enumerate(enumerator, &old_id, &offset))
+		{
+			offset = (uintptr_t)this->offline->remove(this->offline, old_id);
+			if (offset)
+			{
+				/* destroy reference to old ID */
+				old_id = this->ids->remove(this->ids, old_id);
+				DBG1(DBG_CFG, "reassigning existing offline lease by '%Y'"
+					 " to '%Y'", old_id, id);
+				if (old_id)
+				{
+					old_id->destroy(old_id);
+				}
+				id = id->clone(id);
+				this->ids->put(this->ids, id, id);
+				this->online->put(this->online, id, (void*)offset);
+				enumerator->destroy(enumerator);
+				break;
+			}
+		}
+		enumerator->destroy(enumerator);
+
+		DBG1(DBG_CFG, "pool '%s' is full, unable to assign address",
+			 this->name);
+		break;
+	}
+	this->lock->unlock(this->lock);
+
+	if (offset)
+	{
+		return offset2host(this, offset);
+	}
+	return NULL;
+}
+
+METHOD(mem_pool_t, release_address, bool,
+	   private_mem_pool_t *this, host_t *address, identification_t *id)
+{
+	bool found = FALSE;
+	if (this->size != 0)
+	{
+		uintptr_t offset;
+		this->lock->write_lock(this->lock);
+		offset = (uintptr_t)this->online->remove(this->online, id);
+		if (offset)
+		{
+			id = this->ids->get(this->ids, id);
+			if (id)
+			{
+				DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id);
+				this->offline->put(this->offline, id, (void*)offset);
+				found = TRUE;
+			}
+		}
+		this->lock->unlock(this->lock);
+	}
+	return found;
+}
+
+/**
+ * lease enumerator
+ */
+typedef struct {
+	/** implemented enumerator interface */
+	enumerator_t public;
+	/** inner hash-table enumerator */
+	enumerator_t *inner;
+	/** enumerated pool */
+	private_mem_pool_t *pool;
+	/** currently enumerated lease address */
+	host_t *current;
+} lease_enumerator_t;
+
+METHOD(enumerator_t, lease_enumerate, bool,
+	   lease_enumerator_t *this, identification_t **id_out, host_t **addr_out,
+	   bool *online)
+{
+	identification_t *id;
+	uintptr_t offset;
+
+	DESTROY_IF(this->current);
+	this->current = NULL;
+
+	if (this->inner->enumerate(this->inner, &id, NULL))
+	{
+		offset = (uintptr_t)this->pool->online->get(this->pool->online, id);
+		if (offset)
+		{
+			*id_out = id;
+			*addr_out = this->current = offset2host(this->pool, offset);
+			*online = TRUE;
+			return TRUE;
+		}
+		offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id);
+		if (offset)
+		{
+			*id_out = id;
+			*addr_out = this->current = offset2host(this->pool, offset);
+			*online = FALSE;
+			return TRUE;
+		}
+	}
+	return FALSE;
+}
+
+METHOD(enumerator_t, lease_enumerator_destroy, void,
+	   lease_enumerator_t *this)
+{
+	DESTROY_IF(this->current);
+	this->inner->destroy(this->inner);
+	this->pool->lock->unlock(this->pool->lock);
+	free(this);
+}
+
+METHOD(mem_pool_t, create_lease_enumerator, enumerator_t*,
+	   private_mem_pool_t *this)
+{
+	lease_enumerator_t *enumerator;
+	this->lock->read_lock(this->lock);
+	INIT(enumerator,
+		.public = {
+			.enumerate = (void*)_lease_enumerate,
+			.destroy = (void*)_lease_enumerator_destroy,
+		},
+		.pool = this,
+		.inner = this->ids->create_enumerator(this->ids),
+	);
+	return &enumerator->public;
+}
+
+METHOD(mem_pool_t, destroy, void,
+	   private_mem_pool_t *this)
+{
+	enumerator_t *enumerator;
+	identification_t *id;
+
+	enumerator = this->ids->create_enumerator(this->ids);
+	while (enumerator->enumerate(enumerator, &id, NULL))
+	{
+		id->destroy(id);
+	}
+	enumerator->destroy(enumerator);
+
+	this->ids->destroy(this->ids);
+	this->online->destroy(this->online);
+	this->offline->destroy(this->offline);
+	this->lock->destroy(this->lock);
+	DESTROY_IF(this->base);
+	free(this->name);
+	free(this);
+}
+
+/**
+ * Described in header
+ */
+mem_pool_t *mem_pool_create(char *name, host_t *base, int bits)
+{
+	private_mem_pool_t *this;
+
+	INIT(this,
+		.public = {
+			.get_name = _get_name,
+			.get_size = _get_size,
+			.get_online = _get_online,
+			.get_offline = _get_offline,
+			.acquire_address = _acquire_address,
+			.release_address = _release_address,
+			.create_lease_enumerator = _create_lease_enumerator,
+			.destroy = _destroy,
+		},
+		.name = strdup(name),
+		.online = hashtable_create((hashtable_hash_t)id_hash,
+								   (hashtable_equals_t)id_equals, 16),
+		.offline = hashtable_create((hashtable_hash_t)id_hash,
+									(hashtable_equals_t)id_equals, 16),
+		.ids = hashtable_create((hashtable_hash_t)id_hash,
+								(hashtable_equals_t)id_equals, 16),
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	if (base)
+	{
+		int addr_bits = base->get_family(base) == AF_INET ? 32 : 128;
+		/* net bits -> host bits */
+		bits = addr_bits - bits;
+		if (bits > POOL_LIMIT)
+		{
+			bits = POOL_LIMIT;
+			DBG1(DBG_CFG, "virtual IP pool too large, limiting to %H/%d",
+				 base, addr_bits - bits);
+		}
+		this->size = 1 << (bits);
+
+		if (this->size > 2)
+		{	/* do not use first and last addresses of a block */
+			this->unused++;
+			this->size--;
+		}
+		this->base = base->clone(base);
+	}
+
+	return &this->public;
+}
+
diff --git a/src/libhydra/attributes/mem_pool.h b/src/libhydra/attributes/mem_pool.h
new file mode 100644
index 000000000..bb963de93
--- /dev/null
+++ b/src/libhydra/attributes/mem_pool.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mem_pool mem_pool
+ * @{ @ingroup attributes
+ */
+
+#ifndef MEM_POOL_H
+#define MEM_POOL_H
+
+typedef struct mem_pool_t mem_pool_t;
+
+#include <utils/host.h>
+#include <utils/identification.h>
+
+/**
+ * An in-memory IP address pool.
+ */
+struct mem_pool_t {
+
+	/**
+	 * Get the name of this pool.
+	 *
+	 * @return			the name of this pool
+	 */
+	const char* (*get_name)(mem_pool_t *this);
+
+	/**
+	 * Get the size (i.e. number of addresses) of this pool.
+	 *
+	 * @return			the size of this pool
+	 */
+	u_int (*get_size)(mem_pool_t *this);
+
+	/**
+	 * Get the number of online leases.
+	 *
+	 * @return			the number of offline leases
+	 */
+	u_int (*get_online)(mem_pool_t *this);
+
+	/**
+	 * Get the number of offline leases.
+	 *
+	 * @return			the number of online leases
+	 */
+	u_int (*get_offline)(mem_pool_t *this);
+
+	/**
+	 * Acquire an address for the given id from this pool.
+	 *
+	 * @param id		the id to acquire an address for
+	 * @param requested	acquire this address, if possible
+	 * @return			the acquired address
+	 */
+	host_t* (*acquire_address)(mem_pool_t *this, identification_t *id,
+							   host_t *requested);
+
+	/**
+	 * Release a previously acquired address.
+	 *
+	 * @param address	the address to release
+	 * @param id		the id the address was assigned to
+	 * @return			TRUE, if the lease was found
+	 */
+	bool (*release_address)(mem_pool_t *this, host_t *address,
+							identification_t *id);
+
+	/**
+	 * Create an enumerator over the leases of this pool.
+	 *
+	 * Enumerator enumerates over
+	 * identification_t *id, host_t *address, bool online
+	 *
+	 * @return			enumerator
+	 */
+	enumerator_t* (*create_lease_enumerator)(mem_pool_t *this);
+
+	/**
+	 * Destroy a mem_pool_t instance.
+	 */
+	void (*destroy)(mem_pool_t *this);
+};
+
+/**
+ * Create an in-memory IP address pool.
+ *
+ * An empty pool just returns the requested address.
+ *
+ * @param name		name of this pool
+ * @param base		base address of this pool, NULL to create an empty pool
+ * @param bits		net mask
+ */
+mem_pool_t *mem_pool_create(char *name, host_t *base, int bits);
+
+#endif /** MEM_POOL_H_ @} */
+
diff --git a/src/libhydra/hydra.c b/src/libhydra/hydra.c
new file mode 100644
index 000000000..16a8193ea
--- /dev/null
+++ b/src/libhydra/hydra.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "hydra.h"
+
+#include <debug.h>
+
+typedef struct private_hydra_t private_hydra_t;
+
+/**
+ * Private additions to hydra_t.
+ */
+struct private_hydra_t {
+
+	/**
+	 * Public members of hydra_t.
+	 */
+	hydra_t public;
+};
+
+/**
+ * Single instance of hydra_t.
+ */
+hydra_t *hydra;
+
+/**
+ * Described in header.
+ */
+void libhydra_deinit()
+{
+	private_hydra_t *this = (private_hydra_t*)hydra;
+	this->public.attributes->destroy(this->public.attributes);
+	free((void*)this->public.daemon);
+	free(this);
+	hydra = NULL;
+}
+
+/**
+ * Described in header.
+ */
+bool libhydra_init(const char *daemon)
+{
+	private_hydra_t *this;
+
+	INIT(this,
+		.public = {
+			.attributes = attribute_manager_create(),
+			.daemon = strdup(daemon ?: "libhydra"),
+		},
+	);
+	hydra = &this->public;
+
+	if (lib->integrity &&
+		!lib->integrity->check(lib->integrity, "libhydra", libhydra_init))
+	{
+		DBG1(DBG_LIB, "integrity check of libhydra failed");
+		return FALSE;
+	}
+	return TRUE;
+}
+
diff --git a/src/libhydra/hydra.h b/src/libhydra/hydra.h
new file mode 100644
index 000000000..8670f3969
--- /dev/null
+++ b/src/libhydra/hydra.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup libhydra libhydra
+ *
+ * @defgroup attributes attributes
+ * @ingroup libhydra
+ *
+ * @defgroup hplugins plugins
+ * @ingroup libhydra
+ *
+ * @addtogroup libhydra
+ * @{
+ */
+
+#ifndef HYDRA_H_
+#define HYDRA_H_
+
+typedef struct hydra_t hydra_t;
+
+#include <attributes/attribute_manager.h>
+
+#include <library.h>
+
+/**
+ * IKE Daemon support object.
+ */
+struct hydra_t {
+
+	/**
+	 * manager for payload attributes
+	 */
+	attribute_manager_t *attributes;
+
+	/**
+	 * name of the daemon that initialized the library
+	 */
+	const char *daemon;
+};
+
+/**
+ * The single instance of hydra_t.
+ *
+ * Set between calls to libhydra_init() and libhydra_deinit() calls.
+ */
+extern hydra_t *hydra;
+
+/**
+ * Initialize libhydra.
+ *
+ * The daemon's name is used to load daemon-specific settings.
+ *
+ * @param daemon		name of the daemon that initializes the library
+ * @return				FALSE if integrity check failed
+ */
+bool libhydra_init(const char *daemon);
+
+/**
+ * Deinitialize libhydra.
+ */
+void libhydra_deinit();
+
+#endif /** HYDRA_H_ @}*/
diff --git a/src/libhydra/plugins/attr/Makefile.am b/src/libhydra/plugins/attr/Makefile.am
new file mode 100644
index 000000000..71401648e
--- /dev/null
+++ b/src/libhydra/plugins/attr/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-attr.la
+else
+plugin_LTLIBRARIES = libstrongswan-attr.la
+endif
+
+libstrongswan_attr_la_SOURCES = \
+	attr_plugin.h attr_plugin.c \
+	attr_provider.h attr_provider.c
+
+libstrongswan_attr_la_LDFLAGS = -module -avoid-version
diff --git a/src/charon/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in
index 689bb3244..54aa64beb 100644
--- a/src/charon/plugins/attr/Makefile.in
+++ b/src/libhydra/plugins/attr/Makefile.in
@@ -34,7 +34,7 @@ PRE_UNINSTALL = :
 POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
-subdir = src/charon/plugins/attr
+subdir = src/libhydra/plugins/attr
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_attr_la_LIBADD =
 am_libstrongswan_attr_la_OBJECTS = attr_plugin.lo attr_provider.lo
 libstrongswan_attr_la_OBJECTS = $(am_libstrongswan_attr_la_OBJECTS)
 libstrongswan_attr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_attr_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_attr_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_attr_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -251,11 +254,15 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+	-I$(top_srcdir)/src/libcharon
+
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-attr.la
-libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \
-  attr_provider.h attr_provider.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr.la
+libstrongswan_attr_la_SOURCES = \
+	attr_plugin.h attr_plugin.c \
+	attr_provider.h attr_provider.c
 
 libstrongswan_attr_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -271,9 +278,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile
+	  $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -292,6 +299,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-attr.la: $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_DEPENDENCIES) 
-	$(libstrongswan_attr_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS)
+	$(libstrongswan_attr_la_LINK) $(am_libstrongswan_attr_la_rpath) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -478,8 +494,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -550,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/charon/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c
index 6dfb10271..24c00bb44 100644
--- a/src/charon/plugins/attr/attr_plugin.c
+++ b/src/libhydra/plugins/attr/attr_plugin.c
@@ -16,7 +16,7 @@
 #include "attr_plugin.h"
 #include "attr_provider.h"
 
-#include <daemon.h>
+#include <hydra.h>
 
 typedef struct private_attr_plugin_t private_attr_plugin_t;
 
@@ -41,7 +41,7 @@ struct private_attr_plugin_t {
  */
 static void destroy(private_attr_plugin_t *this)
 {
-	lib->attributes->remove_provider(lib->attributes, &this->provider->provider);
+	hydra->attributes->remove_provider(hydra->attributes, &this->provider->provider);
 	this->provider->destroy(this->provider);
 	free(this);
 }
@@ -49,14 +49,14 @@ static void destroy(private_attr_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *attr_plugin_create()
 {
 	private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t);
 
 	this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
 
 	this->provider = attr_provider_create();
-	lib->attributes->add_provider(lib->attributes, &this->provider->provider);
+	hydra->attributes->add_provider(hydra->attributes, &this->provider->provider);
 
 	return &this->public.plugin;
 }
diff --git a/src/charon/plugins/attr/attr_plugin.h b/src/libhydra/plugins/attr/attr_plugin.h
index 9f31b60e1..29fb33839 100644
--- a/src/charon/plugins/attr/attr_plugin.h
+++ b/src/libhydra/plugins/attr/attr_plugin.h
@@ -15,7 +15,7 @@
 
 /**
  * @defgroup attr attr
- * @ingroup cplugins
+ * @ingroup hplugins
  *
  * @defgroup attr_plugin attr_plugin
  * @{ @ingroup attr
@@ -39,9 +39,4 @@ struct attr_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a attr_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** ATTR_PLUGIN_H_ @}*/
diff --git a/src/charon/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index 548896f56..9d6daa892 100644
--- a/src/charon/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -17,7 +18,9 @@
 
 #include <time.h>
 
-#include <daemon.h>
+#include <hydra.h>
+#include <debug.h>
+#include <utils/linked_list.h>
 
 #define SERVER_MAX		2
 
@@ -100,7 +103,8 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr,
 	host_t *host;
 	char *str;
 
-	str = lib->settings->get_str(lib->settings, "charon.%s%d", NULL, key, nr);
+	str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, hydra->daemon,
+								 key, nr);
 	if (str)
 	{
 		host = host_create_from_string(str, 0);
@@ -155,7 +159,7 @@ static void load_entries(private_attr_provider_t *this)
 	char *key, *value, *token;
 
 	enumerator = lib->settings->create_key_value_enumerator(lib->settings,
-														"charon.plugins.attr");
+											"%s.plugins.attr", hydra->daemon);
 	while (enumerator->enumerate(enumerator, &key, &value))
 	{
 		configuration_attribute_type_t type;
diff --git a/src/charon/plugins/attr/attr_provider.h b/src/libhydra/plugins/attr/attr_provider.h
index a41466718..a41466718 100644
--- a/src/charon/plugins/attr/attr_provider.h
+++ b/src/libhydra/plugins/attr/attr_provider.h
diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am
new file mode 100644
index 000000000..376a8259c
--- /dev/null
+++ b/src/libhydra/plugins/attr_sql/Makefile.am
@@ -0,0 +1,23 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
+
+AM_CFLAGS = \
+	-rdynamic \
+	-DPLUGINS=\""${libstrongswan_plugins}\""
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-attr-sql.la
+else
+plugin_LTLIBRARIES = libstrongswan-attr-sql.la
+endif
+
+libstrongswan_attr_sql_la_SOURCES = \
+	attr_sql_plugin.h attr_sql_plugin.c \
+	sql_attribute.h sql_attribute.c
+
+libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
+
+ipsec_PROGRAMS = pool
+pool_SOURCES = pool.c
+pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pool.o :	$(top_builddir)/config.status
diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in
index e157a9b78..99e97cefc 100644
--- a/src/libstrongswan/plugins/attr_sql/Makefile.in
+++ b/src/libhydra/plugins/attr_sql/Makefile.in
@@ -36,7 +36,7 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 ipsec_PROGRAMS = pool$(EXEEXT)
-subdir = src/libstrongswan/plugins/attr_sql
+subdir = src/libhydra/plugins/attr_sql
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -74,7 +74,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_attr_sql_la_LIBADD =
 am_libstrongswan_attr_sql_la_OBJECTS = attr_sql_plugin.lo \
 	sql_attribute.lo
@@ -84,6 +84,9 @@ libstrongswan_attr_sql_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_sql_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_attr_sql_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_attr_sql_la_rpath =
 PROGRAMS = $(ipsec_PROGRAMS)
 am_pool_OBJECTS = pool.$(OBJEXT)
 pool_OBJECTS = $(am_pool_OBJECTS)
@@ -227,6 +230,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -261,14 +265,16 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan
-AM_CFLAGS = -rdynamic \
-  -DPLUGINS=\""${libstrongswan_plugins}\""
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra
+AM_CFLAGS = \
+	-rdynamic \
+	-DPLUGINS=\""${libstrongswan_plugins}\""
 
-plugin_LTLIBRARIES = libstrongswan-attr-sql.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr-sql.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr-sql.la
 libstrongswan_attr_sql_la_SOURCES = \
-  attr_sql_plugin.h attr_sql_plugin.c \
-  sql_attribute.h sql_attribute.c
+	attr_sql_plugin.h attr_sql_plugin.c \
+	sql_attribute.h sql_attribute.c
 
 libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
 pool_SOURCES = pool.c
@@ -286,9 +292,9 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	      exit 1;; \
 	  esac; \
 	done; \
-	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile'; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile'; \
 	$(am__cd) $(top_srcdir) && \
-	  $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile
+	  $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile
 .PRECIOUS: Makefile
 Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	@case '$?' in \
@@ -307,6 +313,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -339,7 +354,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-attr-sql.la: $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_DEPENDENCIES) 
-	$(libstrongswan_attr_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS)
+	$(libstrongswan_attr_sql_la_LINK) $(am_libstrongswan_attr_sql_la_rpath) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS)
 install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)"
@@ -541,7 +556,7 @@ maintainer-clean-generic:
 clean: clean-am
 
 clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \
-	clean-pluginLTLIBRARIES mostlyclean-am
+	clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -612,21 +627,22 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-ipsecPROGRAMS clean-libtool clean-pluginLTLIBRARIES \
-	ctags distclean distclean-compile distclean-generic \
-	distclean-libtool distclean-tags distdir dvi dvi-am html \
-	html-am info info-am install install-am install-data \
-	install-data-am install-dvi install-dvi-am install-exec \
-	install-exec-am install-html install-html-am install-info \
-	install-info-am install-ipsecPROGRAMS install-man install-pdf \
-	install-pdf-am install-pluginLTLIBRARIES install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
-	uninstall-am uninstall-ipsecPROGRAMS \
+	clean-ipsecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES ctags distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-data install-data-am install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-ipsecPROGRAMS install-man \
+	install-pdf install-pdf-am install-pluginLTLIBRARIES \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-ipsecPROGRAMS \
 	uninstall-pluginLTLIBRARIES
 
+pool.o :	$(top_builddir)/config.status
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
index 66b309c67..70e7a2247 100644
--- a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c
@@ -13,7 +13,7 @@
  * for more details.
  */
 
-#include <library.h>
+#include <hydra.h>
 #include <debug.h>
 
 #include "attr_sql_plugin.h"
@@ -48,7 +48,7 @@ struct private_attr_sql_plugin_t {
  */
 static void destroy(private_attr_sql_plugin_t *this)
 {
-	lib->attributes->remove_provider(lib->attributes, &this->attribute->provider);
+	hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider);
 	this->attribute->destroy(this->attribute);
 	this->db->destroy(this->db);
 	free(this);
@@ -57,15 +57,15 @@ static void destroy(private_attr_sql_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *attr_sql_plugin_create()
 {
 	char *uri;
 	private_attr_sql_plugin_t *this;
 
-	uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL);
+	uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL);
 	if (!uri)
 	{
-		DBG1("attr-sql plugin: database URI not set");
+		DBG1(DBG_CFG, "attr-sql plugin: database URI not set");
 		return NULL;
 	}
 
@@ -76,12 +76,12 @@ plugin_t *plugin_create()
 	this->db = lib->db->create(lib->db, uri);
 	if (!this->db)
 	{
-		DBG1("attr-sql plugin failed to connect to database");
+		DBG1(DBG_CFG, "attr-sql plugin failed to connect to database");
 		free(this);
 		return NULL;
 	}
 	this->attribute = sql_attribute_create(this->db);
-	lib->attributes->add_provider(lib->attributes, &this->attribute->provider);
+	hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider);
 
 	return &this->public.plugin;
 }
diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h b/src/libhydra/plugins/attr_sql/attr_sql_plugin.h
index 3a60ea0d2..ba85a6b28 100644
--- a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h
+++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.h
@@ -15,7 +15,7 @@
 
 /**
  * @defgroup attr_sql attr_sql
- * @ingroup plugins
+ * @ingroup hplugins
  *
  * @defgroup sql_plugin sql_plugin
  * @{ @ingroup attr_sql
@@ -39,9 +39,4 @@ struct attr_sql_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a sql_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** ATTR_SQL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/attr_sql/pool.c b/src/libhydra/plugins/attr_sql/pool.c
index 85b30a70f..fed89fc51 100644
--- a/src/libstrongswan/plugins/attr_sql/pool.c
+++ b/src/libhydra/plugins/attr_sql/pool.c
@@ -18,6 +18,8 @@
 #include <unistd.h>
 #include <stdio.h>
 #include <time.h>
+#include <string.h>
+#include <errno.h>
 
 #include <debug.h>
 #include <library.h>
@@ -36,6 +38,85 @@ database_t *db;
 host_t *start = NULL, *end = NULL, *server = NULL;
 
 /**
+ * whether --add should --replace an existing pool
+ */
+bool replace_pool = FALSE;
+
+/**
+ * forward declarations
+ */
+static void del(char *name);
+static void do_args(int argc, char *argv[]);
+
+/**
+ * nesting counter for database transaction functions
+ */
+int nested_transaction = 0;
+
+/**
+ * start a database transaction
+ */
+static void begin_transaction()
+{
+	if (db->get_driver(db) == DB_SQLITE)
+	{
+		if (!nested_transaction)
+		{
+			db->execute(db, NULL, "BEGIN EXCLUSIVE TRANSACTION");
+		}
+		++nested_transaction;
+	}
+}
+
+/**
+ * commit a database transaction
+ */
+static void commit_transaction()
+{
+	if (db->get_driver(db) == DB_SQLITE)
+	{
+		--nested_transaction;
+		if (!nested_transaction)
+		{
+			db->execute(db, NULL, "END TRANSACTION");
+		}
+	}
+}
+
+/**
+ * Create or replace a pool by name
+ */
+static u_int create_pool(char *name, chunk_t start, chunk_t end, int timeout)
+{
+	enumerator_t *e;
+	int pool;
+
+	e = db->query(db, "SELECT id FROM pools WHERE name = ?",
+			DB_TEXT, name, DB_UINT);
+	if (e && e->enumerate(e, &pool))
+	{
+		if (replace_pool == FALSE)
+		{
+			fprintf(stderr, "pool '%s' exists.\n", name);
+			e->destroy(e);
+			exit(EXIT_FAILURE);
+		}
+		del(name);
+	}
+	DESTROY_IF(e);
+	if (db->execute(db, &pool,
+			"INSERT INTO pools (name, start, end, timeout) VALUES (?, ?, ?, ?)",
+			DB_TEXT, name, DB_BLOB, start, DB_BLOB, end,
+			DB_INT, timeout*3600) != 1)
+	{
+		fprintf(stderr, "creating pool failed.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	return pool;
+}
+
+/**
  * instead of a pool handle a DNS or NBNS attribute
  */
 static bool is_attribute(char *name)
@@ -84,18 +165,32 @@ static void usage(void)
 {
 	printf("\
 Usage:\n\
-  ipsec pool --status|--add|--del|--resize|--purge [options]\n\
+  ipsec pool --status|--add|--replace|--del|--resize|--purge [options]\n\
   \n\
   ipsec pool --status\n\
     Show a list of installed pools with statistics.\n\
   \n\
   ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\
-    Add a new pool to the database.\n\
+  ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\
+    Add a new pool to or replace an existing pool in the database.\n\
       name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
       start:   Start address of the pool\n\
       end:     End address of the pool\n\
       timeout: Lease time in hours, 0 for static leases\n\
   \n\
+  ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\
+  ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\
+    Add a new pool to or replace an existing pool in the database.\n\
+      name:    Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\
+      file:    File newline separated addresses for the pool are read from.\n\
+               Optionally each address can be pre-assigned to a roadwarrior\n\
+               identity, e.g. 10.231.14.2=alice@strongswan.org.\n\
+               If a - (hyphen) is given instead of a file name, the addresses\n\
+               are read from STDIN. Reading addresses stops at the end of file\n\
+               or an empty line. Pools created with this command can not be\n\
+               resized.\n\
+      timeout: Lease time in hours, 0 for static leases\n\
+  \n\
   ipsec pool --add dns|nbns|wins --server <server>\n\
     Add a new DNS or NBNS server to the database.\n\
       server:  IP address of the name server\n\
@@ -127,8 +222,19 @@ Usage:\n\
   ipsec pool --purge <name>\n\
     Delete lease history of a pool:\n\
       name:    Name of the pool to purge\n\
+  \n\
+  ipsec pool --batch <file>\n\
+    Read commands from a file and execute them atomically.\n\
+      file:    File to read the newline separated commands from. Commands\n\
+               appear as they are written on the command line, e.g.\n\
+                  --replace mypool --start 10.0.0.1 --end 10.0.0.254\n\
+                  --del dns\n\
+                  --add dns --server 10.1.0.1\n\
+                  --add dns --server 10.1.1.1\n\
+               If a - (hyphen) is given as a file name, the commands are read\n\
+               from STDIN. Readin commands stops at the end of file. Empty\n\
+               lines are ignored. The file may not contain a --batch command.\n\
   \n");
-	exit(0);
 }
 
 /**
@@ -268,8 +374,14 @@ static void status(void)
 
 			start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0);
 			end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0);
-			size = get_pool_size(start_chunk, end_chunk);
-			printf("%8s %15H %15H ", name, start, end);
+			if (start->is_anyaddr(start) && end->is_anyaddr(end))
+			{
+				printf("%8s %15s %15s ", name, "n/a", "n/a");
+			}
+			else
+			{
+				printf("%8s %15H %15H ", name, start, end);
+			}
 			if (timeout)
 			{
 				printf("%7dh ", timeout/3600);
@@ -278,6 +390,14 @@ static void status(void)
 			{
 				printf("%8s ", "static");
 			}
+			/* get total number of hosts in the pool */
+			lease = db->query(db, "SELECT COUNT(*) FROM addresses "
+							  "WHERE pool = ?", DB_UINT, id, DB_INT);
+			if (lease)
+			{
+				lease->enumerate(lease, &size);
+				lease->destroy(lease);
+			}
 			printf("%6d ", size);
 			/* get number of online hosts */
 			lease = db->query(db, "SELECT COUNT(*) FROM addresses "
@@ -313,7 +433,6 @@ static void status(void)
 	{
 		printf("no pools found.\n");
 	}
-	exit(0);
 }
 
 /**
@@ -333,23 +452,13 @@ static void add(char *name, host_t *start, host_t *end, int timeout)
 		memcmp(start_addr.ptr, end_addr.ptr, start_addr.len) > 0)
 	{
 		fprintf(stderr, "invalid start/end pair specified.\n");
-		exit(-1);
-	}
-	if (db->execute(db, &id,
-			"INSERT INTO pools (name, start, end, timeout) "
-			"VALUES (?, ?, ?, ?)",
-			DB_TEXT, name, DB_BLOB, start_addr,
-			DB_BLOB, end_addr, DB_INT, timeout*3600) != 1)
-	{
-		fprintf(stderr, "creating pool failed.\n");
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
+	id = create_pool(name, start_addr, end_addr, timeout);
 	printf("allocating %d addresses... ", count);
 	fflush(stdout);
-	if (db->get_driver(db) == DB_SQLITE)
-	{	/* run population in a transaction for sqlite */
-		db->execute(db, NULL, "BEGIN TRANSACTION");
-	}
+	/* run population in a transaction for sqlite */
+	begin_transaction();
 	while (TRUE)
 	{
 		db->execute(db, NULL,
@@ -362,13 +471,125 @@ static void add(char *name, host_t *start, host_t *end, int timeout)
 		}
 		chunk_increment(cur_addr);
 	}
-	if (db->get_driver(db) == DB_SQLITE)
+	commit_transaction();
+	printf("done.\n", count);
+}
+
+static bool add_address(u_int pool_id, char *address_str, int *family)
+{
+	host_t *address;
+	int user_id = 0;
+
+	char *pos_eq = strchr(address_str, '=');
+	if (pos_eq != NULL)
 	{
-		db->execute(db, NULL, "END TRANSACTION");
+		enumerator_t *e;
+		identification_t *id = identification_create_from_string(pos_eq + 1);
+
+		/* look for peer identity in the identities table */
+		e = db->query(db,
+				"SELECT id FROM identities WHERE type = ? AND data = ?",
+				DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id),
+				DB_UINT);
+
+		if (!e || !e->enumerate(e, &user_id))
+		{
+			/* not found, insert new one */
+			if (db->execute(db, &user_id,
+					"INSERT INTO identities (type, data) VALUES (?, ?)",
+					DB_INT, id->get_type(id),
+					DB_BLOB, id->get_encoding(id)) != 1)
+			{
+				fprintf(stderr, "creating id '%s' failed.\n", pos_eq + 1);
+				return FALSE;
+			}
+		}
+		DESTROY_IF(e);
+		id->destroy(id);
+		*pos_eq = '\0';
 	}
-	printf("done.\n", count);
 
-	exit(0);
+	address = host_create_from_string(address_str, 0);
+	if (address == NULL)
+	{
+		fprintf(stderr, "invalid address '%s'.\n", address_str);
+		return FALSE;
+	}
+	if (family && *family && *family != address->get_family(address))
+	{
+		fprintf(stderr, "invalid address family '%s'.\n", address_str);
+		return FALSE;
+	}
+
+	if (db->execute(db, NULL,
+			"INSERT INTO addresses "
+			"(pool, address, identity, acquired, released) "
+			"VALUES (?, ?, ?, ?, ?)",
+			DB_UINT, pool_id, DB_BLOB, address->get_address(address),
+			DB_UINT, user_id, DB_UINT, 0, DB_UINT, 1) != 1)
+	{
+		fprintf(stderr, "inserting address '%s' failed.\n", address_str);
+		return FALSE;
+	}
+	*family = address->get_family(address);
+	address->destroy(address);
+
+	return TRUE;
+}
+
+static void add_addresses(char *pool, char *path, int timeout)
+{
+	u_int pool_id, count = 0;
+	int family = AF_UNSPEC;
+	char address_str[512];
+	host_t *addr;
+	FILE *file;
+
+	/* run population in a transaction for sqlite */
+	begin_transaction();
+
+	addr = host_create_from_string("%any", 0);
+	pool_id = create_pool(pool, addr->get_address(addr),
+						  addr->get_address(addr), timeout);
+	addr->destroy(addr);
+
+	file = (strcmp(path, "-") == 0 ? stdin : fopen(path, "r"));
+	if (file == NULL)
+	{
+		fprintf(stderr, "opening '%s' failed: %s\n", path, strerror(errno));
+		exit(-1);
+	}
+
+	printf("starting allocation... ");
+	fflush(stdout);
+
+	while (fgets(address_str, sizeof(address_str), file))
+	{
+		size_t addr_len = strlen(address_str);
+		char *last_chr = address_str + addr_len - 1;
+		if (*last_chr == '\n')
+		{
+			if (addr_len == 1)
+			{	/* end of input */
+				break;
+			}
+			*last_chr = '\0';
+		}
+		if (add_address(pool_id, address_str, &family) == FALSE)
+		{
+			exit(EXIT_FAILURE);
+		}
+		++count;
+	}
+
+	if (file != stdin)
+	{
+		fclose(file);
+	}
+
+	commit_transaction();
+
+	printf("%d addresses done.\n", count);
 }
 
 /**
@@ -386,10 +607,9 @@ static void add_attr(char *name, host_t *server)
 			DB_INT, type, DB_BLOB, value) != 1)
 	{
 		fprintf(stderr, "adding %s server %H failed.\n", name, server);
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 	printf("added %s server %H\n", name, server);
-	exit(0);
 }
 
 /**
@@ -406,7 +626,7 @@ static void del(char *name)
 	if (!query)
 	{
 		fprintf(stderr, "deleting pool failed.\n");
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 	while (query->enumerate(query, &id))
 	{
@@ -421,16 +641,15 @@ static void del(char *name)
 		{
 			fprintf(stderr, "deleting pool failed.\n");
 			query->destroy(query);
-			exit(-1);
+			exit(EXIT_FAILURE);
 		}
 	}
 	query->destroy(query);
 	if (!found)
 	{
 		fprintf(stderr, "pool '%s' not found.\n", name);
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
-	exit(0);
 }
 
 /**
@@ -448,7 +667,7 @@ static void del_attr(char *name, host_t *server)
 	{
 		type = get_attribute_type(name, server);
 		value = server->get_address(server);
-		query = db->query(db, 
+		query = db->query(db,
 					"SELECT id, type, value FROM attributes "
 					"WHERE type = ? AND value = ?",
 					DB_INT, type, DB_BLOB, value,
@@ -468,17 +687,17 @@ static void del_attr(char *name, host_t *server)
 			type_ip4 = INTERNAL_IP4_NBNS;
 			type_ip6 = INTERNAL_IP6_NBNS;
 		}
-			
+
 		query = db->query(db,
 					"SELECT id, type, value FROM attributes "
 					"WHERE type = ? OR type = ?",
 					DB_INT, type_ip4, DB_INT, type_ip6,
 					DB_UINT, DB_INT, DB_BLOB);
-	}	
+	}
 	if (!query)
 	{
 		fprintf(stderr, "deleting %s servers failed.\n", name);
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 
 	while (query->enumerate(query, &id, &type, &value))
@@ -497,45 +716,33 @@ static void del_attr(char *name, host_t *server)
 			fprintf(stderr, "deleting %s server %H failed\n", name, host);
 			query->destroy(query);
 			DESTROY_IF(host);
-			exit(-1);
+			exit(EXIT_FAILURE);
 		}
 		printf("deleted %s server %H\n", name, host);
 		DESTROY_IF(host);
 	}
 	query->destroy(query);
 
-	if (!found)
+	if (!found && server)
 	{
-		printf("no matching %s servers found\n", name);
-		exit(-1);		
+		printf("%s server %H not found\n", name, server);
+		exit(EXIT_FAILURE);
+	}
+	else if (!found)
+	{
+		printf("no %s servers found\n", name);
 	}
-	exit(0);
 }
 
 /**
- * ipsec pool --resize - resize a pool		if (db->execute(db, NULL,
-					"DELETE FROM attributes WHERE type = ? AND value = ?",
-					 DB_INT, type, DB_BLOB, value) != 1)
-		{
-			fprintf(stderr, "deleting %s server %H failed\n", name, server);
-			exit(-1);
-		}
-		printf("deleted %s server %H\n", name, server);
-		if (db->execute(db, NULL,
-					"DELETE FROM attributes WHERE type = ? AND value = ?",
-					 DB_INT, type, DB_BLOB, value) != 1)
-		{
-			fprintf(stderr, "deleting %s server %H failed\n", name, server);
-			exit(-1);
-		}
-		printf("deleted %s server %H\n", name, server);
-
+ * ipsec pool --resize - resize a pool
  */
 static void resize(char *name, host_t *end)
 {
 	enumerator_t *query;
 	chunk_t old_addr, new_addr, cur_addr;
 	u_int id, count;
+	host_t *old_end;
 
 	new_addr = end->get_address(end);
 
@@ -545,33 +752,41 @@ static void resize(char *name, host_t *end)
 	{
 		DESTROY_IF(query);
 		fprintf(stderr, "resizing pool failed.\n");
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 	if (old_addr.len != new_addr.len ||
 		memcmp(new_addr.ptr, old_addr.ptr, old_addr.len) < 0)
 	{
 		fprintf(stderr, "shrinking of pools not supported.\n");
 		query->destroy(query);
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 	cur_addr = chunk_clonea(old_addr);
 	count = get_pool_size(old_addr, new_addr) - 1;
 	query->destroy(query);
 
+	/* Check whether pool is resizable */
+	old_end = host_create_from_chunk(AF_UNSPEC, old_addr, 0);
+	if (old_end && old_end->is_anyaddr(old_end))
+	{
+		fprintf(stderr, "pool is not resizable.\n");
+		old_end->destroy(old_end);
+		exit(EXIT_FAILURE);
+	}
+	DESTROY_IF(old_end);
+
 	if (db->execute(db, NULL,
 			"UPDATE pools SET end = ? WHERE name = ?",
 			DB_BLOB, new_addr, DB_TEXT, name) <= 0)
 	{
 		fprintf(stderr, "pool '%s' not found.\n", name);
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 
 	printf("allocating %d new addresses... ", count);
 	fflush(stdout);
-	if (db->get_driver(db) == DB_SQLITE)
-	{	/* run population in a transaction for sqlite */
-		db->execute(db, NULL, "BEGIN TRANSACTION");
-	}
+	/* run population in a transaction for sqlite */
+	begin_transaction();
 	while (count-- > 0)
 	{
 		chunk_increment(cur_addr);
@@ -580,13 +795,9 @@ static void resize(char *name, host_t *end)
 			"VALUES (?, ?, ?, ?, ?)",
 			DB_UINT, id, DB_BLOB, cur_addr,	DB_UINT, 0, DB_UINT, 0, DB_UINT, 1);
 	}
-	if (db->get_driver(db) == DB_SQLITE)
-	{
-		db->execute(db, NULL, "END TRANSACTION");
-	}
+	commit_transaction();
 	printf("done.\n", count);
 
-	exit(0);
 }
 
 /**
@@ -652,7 +863,7 @@ static enumerator_t *create_lease_query(char *filter)
 				if (!addr)
 				{
 					fprintf(stderr, "invalid 'addr' in filter string.\n");
-					exit(-1);
+					exit(EXIT_FAILURE);
 				}
 				break;
 			case FIL_TSTAMP:
@@ -683,13 +894,13 @@ static enumerator_t *create_lease_query(char *filter)
 					else
 					{
 						fprintf(stderr, "invalid 'state' in filter string.\n");
-						exit(-1);
+						exit(EXIT_FAILURE);
 					}
 				}
 				break;
 			default:
 				fprintf(stderr, "invalid filter string.\n");
-				exit(-1);
+				exit(EXIT_FAILURE);
 				break;
 		}
 	}
@@ -748,7 +959,8 @@ static void leases(char *filter, bool utc)
 	chunk_t address_chunk, identity_chunk;
 	int identity_type;
 	char *name;
-	u_int acquired, released, timeout;
+	u_int db_acquired, db_released, db_timeout;
+	time_t acquired, released, timeout;
 	host_t *address;
 	identification_t *identity;
 	bool found = FALSE;
@@ -757,10 +969,10 @@ static void leases(char *filter, bool utc)
 	if (!query)
 	{
 		fprintf(stderr, "querying leases failed.\n");
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 	while (query->enumerate(query, &name, &address_chunk, &identity_type,
-							&identity_chunk, &acquired, &released, &timeout))
+							&identity_chunk, &db_acquired, &db_released, &db_timeout))
 	{
 		if (!found)
 		{
@@ -773,6 +985,11 @@ static void leases(char *filter, bool utc)
 		address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0);
 		identity = identification_create_from_encoding(identity_type, identity_chunk);
 
+		/* u_int is not always equal to time_t */
+		acquired = (time_t)db_acquired;
+		released = (time_t)db_released;
+		timeout  = (time_t)db_timeout;
+
 		printf("%-8s %-15H ", name, address);
 		if (released == 0)
 		{
@@ -812,9 +1029,8 @@ static void leases(char *filter, bool utc)
 	if (!found)
 	{
 		fprintf(stderr, "no matching leases found.\n");
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
-	exit(0);
 }
 
 /**
@@ -832,10 +1048,82 @@ static void purge(char *name)
 	if (purged < 0)
 	{
 		fprintf(stderr, "purging pool '%s' failed.\n", name);
-		exit(-1);
+		exit(EXIT_FAILURE);
 	}
 	fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name);
-	exit(0);
+}
+
+#define ARGV_SIZE 32
+
+static void argv_add(char **argv, int argc, char *value)
+{
+	if (argc >= ARGV_SIZE)
+	{
+		fprintf(stderr, "too many arguments: %s\n", value);
+		exit(EXIT_FAILURE);
+	}
+	argv[argc] = value;
+}
+
+/**
+ * ipsec pool --batch - read commands from a file
+ */
+static void batch(char *argv0, char *name)
+{
+	char command[512];
+
+	FILE *file = strncmp(name, "-", 1) == 0 ? stdin : fopen(name, "r");
+	if (file == NULL)
+	{
+		fprintf(stderr, "opening '%s' failed: %s\n", name, strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	begin_transaction();
+	while (fgets(command, sizeof(command), file))
+	{
+		char *argv[ARGV_SIZE], *start;
+		int i, argc = 0;
+		size_t cmd_len = strlen(command);
+
+		/* ignore empty lines */
+		if (cmd_len == 1 && *(command + cmd_len - 1) == '\n')
+		{
+			continue;
+		}
+
+		/* parse command into argv */
+		start = command;
+		argv_add(argv, argc++, argv0);
+		for (i = 0; i < cmd_len; ++i)
+		{
+			if (command[i] == ' ' || command[i] == '\n')
+			{
+				if (command + i == start)
+				{
+					/* ignore leading whitespace */
+					++start;
+					continue;
+				}
+				command[i] = '\0';
+				argv_add(argv, argc++, start);
+				start = command + i + 1;
+			}
+		}
+		if (strlen(start) > 0)
+		{
+			argv_add(argv, argc++, start);
+		}
+		argv_add(argv, argc, NULL);
+
+		do_args(argc, argv);
+	}
+	commit_transaction();
+
+	if (file != stdin)
+	{
+		fclose(file);
+	}
 }
 
 /**
@@ -849,12 +1137,13 @@ static void cleanup(void)
 	DESTROY_IF(server);
 }
 
-int main(int argc, char *argv[])
+static void do_args(int argc, char *argv[])
 {
-	char *uri, *name = "", *filter = "";
+	char *name = "", *filter = "", *addresses = NULL;
 	int timeout = 0;
 	bool utc = FALSE;
 	enum {
+		OP_UNDEF,
 		OP_USAGE,
 		OP_STATUS,
 		OP_ADD,
@@ -863,41 +1152,12 @@ int main(int argc, char *argv[])
 		OP_DEL_ATTR,
 		OP_RESIZE,
 		OP_LEASES,
-		OP_PURGE
-	} operation = OP_USAGE;
+		OP_PURGE,
+		OP_BATCH
+	} operation = OP_UNDEF;
 
-	atexit(library_deinit);
-
-	/* initialize library */
-	if (!library_init(NULL))
-	{
-		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
-	}
-	if (lib->integrity &&
-		!lib->integrity->check_file(lib->integrity, "pool", argv[0]))
-	{
-		fprintf(stderr, "integrity check of pool failed\n");
-		exit(SS_RC_DAEMON_INTEGRITY);
-	}
-	if (!lib->plugins->load(lib->plugins, NULL,
-			lib->settings->get_str(lib->settings, "pool.load", PLUGINS)))
-	{
-		exit(SS_RC_INITIALIZATION_FAILED);
-	}
-
-	uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL);
-	if (!uri)
-	{
-		fprintf(stderr, "database URI libstrongswan.plugins.attr-sql.database not set.\n");
-		exit(SS_RC_INITIALIZATION_FAILED);
-	}
-	db = lib->db->create(lib->db, uri);
-	if (!db)
-	{
-		fprintf(stderr, "opening database failed.\n");
-		exit(SS_RC_INITIALIZATION_FAILED);
-	}
-	atexit(cleanup);
+	/* reinit getopt state */
+	optind = 0;
 
 	while (TRUE)
 	{
@@ -909,13 +1169,16 @@ int main(int argc, char *argv[])
 			{ "utc", no_argument, NULL, 'u' },
 			{ "status", no_argument, NULL, 'w' },
 			{ "add", required_argument, NULL, 'a' },
+			{ "replace", required_argument, NULL, 'c' },
 			{ "del", required_argument, NULL, 'd' },
 			{ "resize", required_argument, NULL, 'r' },
 			{ "leases", no_argument, NULL, 'l' },
 			{ "purge", required_argument, NULL, 'p' },
+			{ "batch", required_argument, NULL, 'b' },
 
 			{ "start", required_argument, NULL, 's' },
 			{ "end", required_argument, NULL, 'e' },
+			{ "addresses", required_argument, NULL, 'x' },
 			{ "timeout", required_argument, NULL, 't' },
 			{ "filter", required_argument, NULL, 'f' },
 			{ "server", required_argument, NULL, 'v' },
@@ -928,6 +1191,7 @@ int main(int argc, char *argv[])
 			case EOF:
 				break;
 			case 'h':
+				operation = OP_USAGE;
 				break;
 			case 'w':
 				operation = OP_STATUS;
@@ -935,9 +1199,18 @@ int main(int argc, char *argv[])
 			case 'u':
 				utc = TRUE;
 				continue;
+			case 'c':
+				replace_pool = TRUE;
+				/* fallthrough */
 			case 'a':
 				name = optarg;
 				operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD;
+				if (replace_pool && operation == OP_ADD_ATTR)
+				{
+					fprintf(stderr, "invalid pool name: '%s'.\n", optarg);
+					usage();
+					exit(EXIT_FAILURE);
+				}
 				continue;
 			case 'd':
 				name = optarg;
@@ -954,22 +1227,33 @@ int main(int argc, char *argv[])
 				name = optarg;
 				operation = OP_PURGE;
 				continue;
+			case 'b':
+				name = optarg;
+				if (operation == OP_BATCH)
+				{
+					fprintf(stderr, "--batch commands can not be nested\n");
+					exit(EXIT_FAILURE);
+				}
+				operation = OP_BATCH;
+				continue;
 			case 's':
+				DESTROY_IF(start);
 				start = host_create_from_string(optarg, 0);
 				if (start == NULL)
 				{
 					fprintf(stderr, "invalid start address: '%s'.\n", optarg);
-					operation = OP_USAGE;
-					break;
+					usage();
+					exit(EXIT_FAILURE);
 				}
 				continue;
 			case 'e':
+				DESTROY_IF(end);
 				end = host_create_from_string(optarg, 0);
 				if (end == NULL)
 				{
 					fprintf(stderr, "invalid end address: '%s'.\n", optarg);
-					operation = OP_USAGE;
-					break;
+					usage();
+					exit(EXIT_FAILURE);
 				}
 				continue;
 			case 't':
@@ -977,24 +1261,29 @@ int main(int argc, char *argv[])
 				if (timeout == 0 && strcmp(optarg, "0") != 0)
 				{
 					fprintf(stderr, "invalid timeout '%s'.\n", optarg);
-					operation = OP_USAGE;
-					break;
+					usage();
+					exit(EXIT_FAILURE);
 				}
 				continue;
 			case 'f':
 				filter = optarg;
 				continue;
+			case 'x':
+				addresses = optarg;
+				continue;
 			case 'v':
+				DESTROY_IF(server);
 				server = host_create_from_string(optarg, 0);
 				if (server == NULL)
 				{
 					fprintf(stderr, "invalid server address: '%s'.\n", optarg);
-					operation = OP_USAGE;
-					break;
+					usage();
+					exit(EXIT_FAILURE);
 				}
 				continue;
 			default:
-				operation = OP_USAGE;
+				usage();
+				exit(EXIT_FAILURE);
 				break;
 		}
 		break;
@@ -1009,18 +1298,27 @@ int main(int argc, char *argv[])
 			status();
 			break;
 		case OP_ADD:
-			if (start == NULL || end == NULL)
+			if (addresses != NULL)
+			{
+				add_addresses(name, addresses, timeout);
+			}
+			else if (start != NULL && end != NULL)
+			{
+				add(name, start, end, timeout);
+			}
+			else
 			{
 				fprintf(stderr, "missing arguments.\n");
 				usage();
+				exit(EXIT_FAILURE);
 			}
-			add(name, start, end, timeout);
 			break;
 		case OP_ADD_ATTR:
 			if (server == NULL)
 			{
 				fprintf(stderr, "missing arguments.\n");
 				usage();
+				exit(EXIT_FAILURE);
 			}
 			add_attr(name, server);
 			break;
@@ -1035,6 +1333,7 @@ int main(int argc, char *argv[])
 			{
 				fprintf(stderr, "missing arguments.\n");
 				usage();
+				exit(EXIT_FAILURE);
 			}
 			resize(name, end);
 			break;
@@ -1044,7 +1343,60 @@ int main(int argc, char *argv[])
 		case OP_PURGE:
 			purge(name);
 			break;
+		case OP_BATCH:
+			if (name == NULL)
+			{
+				fprintf(stderr, "missing arguments.\n");
+				usage();
+				exit(EXIT_FAILURE);
+			}
+			batch(argv[0], name);
+			break;
+		default:
+			usage();
+			exit(EXIT_FAILURE);
+	}
+}
+
+int main(int argc, char *argv[])
+{
+	char *uri;
+
+	atexit(library_deinit);
+
+	/* initialize library */
+	if (!library_init(NULL))
+	{
+		exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
 	}
-	exit(0);
+	if (lib->integrity &&
+		!lib->integrity->check_file(lib->integrity, "pool", argv[0]))
+	{
+		fprintf(stderr, "integrity check of pool failed\n");
+		exit(SS_RC_DAEMON_INTEGRITY);
+	}
+	if (!lib->plugins->load(lib->plugins, NULL,
+			lib->settings->get_str(lib->settings, "pool.load", PLUGINS)))
+	{
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+
+	uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL);
+	if (!uri)
+	{
+		fprintf(stderr, "database URI libhydra.plugins.attr-sql.database not set.\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	db = lib->db->create(lib->db, uri);
+	if (!db)
+	{
+		fprintf(stderr, "opening database failed.\n");
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
+	atexit(cleanup);
+
+	do_args(argc, argv);
+
+	exit(EXIT_SUCCESS);
 }
 
diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c
index a89195b6d..a7cfde649 100644
--- a/src/libstrongswan/plugins/attr_sql/sql_attribute.c
+++ b/src/libhydra/plugins/attr_sql/sql_attribute.c
@@ -127,8 +127,8 @@ static host_t* check_lease(private_sql_attribute_t *this, char *name,
 			host = host_create_from_chunk(AF_UNSPEC, address, 0);
 			if (host)
 			{
-				DBG1("acquired existing lease for address %H in pool '%s'",
-					 host, name);
+				DBG1(DBG_CFG, "acquired existing lease for address %H in"
+					 " pool '%s'", host, name);
 				return host;
 			}
 		}
@@ -202,13 +202,13 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name,
 			host = host_create_from_chunk(AF_UNSPEC, address, 0);
 			if (host)
 			{
-				DBG1("acquired new lease for address %H in pool '%s'",
+				DBG1(DBG_CFG, "acquired new lease for address %H in pool '%s'",
 					 host, name);
 				return host;
 			}
 		}
 	}
-	DBG1("no available address found in pool '%s'", name);
+	DBG1(DBG_CFG, "no available address found in pool '%s'", name);
 	return NULL;
 }
 
@@ -366,7 +366,7 @@ sql_attribute_t *sql_attribute_create(database_t *db)
 
 	this->db = db;
 	this->history = lib->settings->get_bool(lib->settings,
-						"libstrongswan.plugins.attr-sql.lease_history", TRUE);
+						"libhydra.plugins.attr-sql.lease_history", TRUE);
 
 	/* close any "online" leases in the case we crashed */
 	if (this->history)
diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.h b/src/libhydra/plugins/attr_sql/sql_attribute.h
index ca87eb27e..ca87eb27e 100644
--- a/src/libstrongswan/plugins/attr_sql/sql_attribute.h
+++ b/src/libhydra/plugins/attr_sql/sql_attribute.h
diff --git a/src/libsimaka/Makefile.am b/src/libsimaka/Makefile.am
index f64e4dba3..8e7a1f0d3 100644
--- a/src/libsimaka/Makefile.am
+++ b/src/libsimaka/Makefile.am
@@ -1,5 +1,5 @@
 
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
 
 noinst_LTLIBRARIES = libsimaka.la
 libsimaka_la_SOURCES = simaka_message.h simaka_message.c \
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index 9a448ef02..ab07cb214 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -192,6 +192,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -226,7 +227,7 @@ top_srcdir = @top_srcdir@
 urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon
 noinst_LTLIBRARIES = libsimaka.la
 libsimaka_la_SOURCES = simaka_message.h simaka_message.c \
   simaka_crypto.h simaka_crypto.c
diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c
index 22d111bfd..e0319e918 100644
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@@ -256,16 +256,12 @@ static void add_attribute(private_simaka_message_t *this,
 {
 	attr_t *attr;
 
-	if (!charon->sim->attribute_hook(charon->sim, this->hdr->code,
-							this->hdr->type, this->hdr->subtype, type, data))
-	{
-		attr = malloc(sizeof(attr_t) + data.len);
-		attr->len = data.len;
-		attr->type = type;
-		memcpy(attr->data, data.ptr, data.len);
+	attr = malloc(sizeof(attr_t) + data.len);
+	attr->len = data.len;
+	attr->type = type;
+	memcpy(attr->data, data.ptr, data.len);
 
-		this->attributes->insert_last(this->attributes, attr);
-	}
+	this->attributes->insert_last(this->attributes, attr);
 }
 
 /**
@@ -463,6 +459,9 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in)
 				break;
 		}
 	}
+
+	charon->sim->message_hook(charon->sim, &this->public, TRUE, this->encrypted);
+
 	return TRUE;
 }
 
@@ -604,6 +603,8 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
 	u_int16_t len;
 	signer_t *signer;
 
+	charon->sim->message_hook(charon->sim, &this->public, FALSE, TRUE);
+
 	out = chunk_create(out_buf, sizeof(out_buf));
 	encr = chunk_create(encr_buf, sizeof(encr_buf));
 
@@ -814,6 +815,9 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata)
 		data = chunk_cata("cc", out, sigdata);
 		signer->get_signature(signer, data, mac.ptr);
 	}
+
+	charon->sim->message_hook(charon->sim, &this->public, FALSE, FALSE);
+
 	return eap_payload_create_data(out);
 }
 
diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h
index ee9b3ebec..341f72959 100644
--- a/src/libsimaka/simaka_message.h
+++ b/src/libsimaka/simaka_message.h
@@ -31,7 +31,6 @@
 
 #include "simaka_crypto.h"
 
-typedef struct simaka_message_t simaka_message_t;
 typedef enum simaka_attribute_t simaka_attribute_t;
 typedef enum simaka_subtype_t simaka_subtype_t;
 typedef enum simaka_notification_t simaka_notification_t;
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
new file mode 100644
index 000000000..d639220e3
--- /dev/null
+++ b/src/libstrongswan/Android.mk
@@ -0,0 +1,121 @@
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# copy-n-paste from Makefile.am
+LOCAL_SRC_FILES := \
+library.c library.h \
+chunk.c chunk.h \
+debug.c debug.h \
+enum.c enum.h \
+settings.h settings.c \
+printf_hook.c printf_hook.h \
+asn1/asn1.c asn1/asn1.h \
+asn1/asn1_parser.c asn1/asn1_parser.h \
+asn1/oid.c asn1/oid.h \
+crypto/crypters/crypter.c crypto/crypters/crypter.h \
+crypto/hashers/hasher.h crypto/hashers/hasher.c \
+crypto/pkcs9.c crypto/pkcs9.h \
+crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
+crypto/prfs/prf.c crypto/prfs/prf.h \
+crypto/rngs/rng.c crypto/rngs/rng.h \
+crypto/prf_plus.h crypto/prf_plus.c \
+crypto/signers/signer.c crypto/signers/signer.h \
+crypto/crypto_factory.c crypto/crypto_factory.h \
+crypto/crypto_tester.c crypto/crypto_tester.h \
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
+crypto/transform.c crypto/transform.h \
+credentials/credential_factory.c credentials/credential_factory.h \
+credentials/builder.c credentials/builder.h \
+credentials/keys/key_encoding.c credentials/keys/key_encoding.h \
+credentials/keys/private_key.c credentials/keys/private_key.h \
+credentials/keys/public_key.c credentials/keys/public_key.h \
+credentials/keys/shared_key.c credentials/keys/shared_key.h \
+credentials/certificates/certificate.c credentials/certificates/certificate.h \
+credentials/certificates/x509.h credentials/certificates/x509.c \
+credentials/certificates/ac.h \
+credentials/certificates/crl.h credentials/certificates/crl.c \
+credentials/certificates/pkcs10.h \
+credentials/certificates/ocsp_request.h \
+credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \
+credentials/certificates/pgp_certificate.h \
+credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \
+database/database.h database/database_factory.h database/database_factory.c \
+fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+selectors/traffic_selector.c selectors/traffic_selector.h \
+threading/thread.h threading/thread.c \
+threading/thread_value.h threading/thread_value.c \
+threading/mutex.h threading/mutex.c threading/condvar.h  \
+threading/rwlock.h threading/rwlock.c \
+threading/lock_profiler.h \
+utils.h utils.c \
+utils/host.c utils/host.h \
+utils/identification.c utils/identification.h \
+utils/iterator.h \
+utils/lexparser.c utils/lexparser.h \
+utils/linked_list.c utils/linked_list.h \
+utils/hashtable.c utils/hashtable.h \
+utils/enumerator.c utils/enumerator.h \
+utils/optionsfrom.c utils/optionsfrom.h \
+utils/backtrace.c utils/backtrace.h \
+plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h
+
+# adding the plugin source files
+
+LOCAL_SRC_FILES += $(call add_plugin, aes)
+
+LOCAL_SRC_FILES += $(call add_plugin, des)
+
+LOCAL_SRC_FILES += $(call add_plugin, fips-prf)
+
+LOCAL_SRC_FILES += $(call add_plugin, gmp)
+ifneq ($(call plugin_enabled, gmp)),)
+LOCAL_C_INCLUDES += $(libgmp_PATH)
+LOCAL_SHARED_LIBRARIES += libgmp
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, hmac)
+
+LOCAL_SRC_FILES += $(call add_plugin, md4)
+
+LOCAL_SRC_FILES += $(call add_plugin, md5)
+
+LOCAL_SRC_FILES += $(call add_plugin, openssl)
+ifneq ($(call plugin_enabled, openssl)),)
+LOCAL_C_INCLUDES += external/openssl/include
+LOCAL_SHARED_LIBRARIES += libcrypto
+endif
+
+LOCAL_SRC_FILES += $(call add_plugin, pem)
+
+LOCAL_SRC_FILES += $(call add_plugin, pkcs1)
+
+LOCAL_SRC_FILES += $(call add_plugin, pubkey)
+
+LOCAL_SRC_FILES += $(call add_plugin, random)
+
+LOCAL_SRC_FILES += $(call add_plugin, sha1)
+
+LOCAL_SRC_FILES += $(call add_plugin, sha2)
+
+LOCAL_SRC_FILES += $(call add_plugin, x509)
+
+LOCAL_SRC_FILES += $(call add_plugin, xcbc)
+
+# build libstrongswan ----------------------------------------------------------
+
+LOCAL_C_INCLUDES += \
+	$(libvstr_PATH)
+
+LOCAL_CFLAGS := $(strongswan_CFLAGS) \
+	-include $(LOCAL_PATH)/AndroidConfigLocal.h
+
+LOCAL_MODULE := libstrongswan
+
+LOCAL_ARM_MODE := arm
+
+LOCAL_PRELINK_MODULE := false
+
+LOCAL_SHARED_LIBRARIES += libdl libvstr
+
+include $(BUILD_SHARED_LIBRARY)
+
diff --git a/src/libstrongswan/AndroidConfigLocal.h b/src/libstrongswan/AndroidConfigLocal.h
new file mode 100644
index 000000000..a6da3276a
--- /dev/null
+++ b/src/libstrongswan/AndroidConfigLocal.h
@@ -0,0 +1,9 @@
+/* stuff defined in AndroidConfig.h, which is included using the -include
+ * command-line option, thus cannot be undefined using -U CFLAGS options.
+ * the reason we have to undefine these flags in the first place, is that
+ * AndroidConfig.h defines them as 0, which in turn means that they are
+ * actually defined. */
+
+#undef HAVE_BACKTRACE
+#undef HAVE_DLADDR
+
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 7ee15052c..157d37b5e 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -10,9 +10,6 @@ printf_hook.c printf_hook.h \
 asn1/asn1.c asn1/asn1.h \
 asn1/asn1_parser.c asn1/asn1_parser.h \
 asn1/oid.c asn1/oid.h \
-attributes/attributes.c attributes/attributes.h \
-attributes/attribute_provider.h attributes/attribute_handler.h \
-attributes/attribute_manager.c attributes/attribute_manager.h \
 crypto/crypters/crypter.c crypto/crypters/crypter.h \
 crypto/hashers/hasher.h crypto/hashers/hasher.c \
 crypto/pkcs9.c crypto/pkcs9.h \
@@ -90,7 +87,8 @@ endif
 
 EXTRA_DIST = \
 asn1/oid.txt asn1/oid.pl \
-crypto/proposal/proposal_keywords.txt
+crypto/proposal/proposal_keywords.txt \
+Android.mk AndroidConfigLocal.h
 
 BUILT_SOURCES = \
 $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
@@ -115,116 +113,197 @@ $(srcdir)/crypto/proposal/proposal_keywords.c:	$(srcdir)/crypto/proposal/proposa
 # build plugins with their own Makefile
 #######################################
 
+if MONOLITHIC
+SUBDIRS =
+else
 SUBDIRS = .
+endif
 
 if USE_AES
   SUBDIRS += plugins/aes
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/aes/libstrongswan-aes.la
+endif
 endif
 
 if USE_DES
   SUBDIRS += plugins/des
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/des/libstrongswan-des.la
+endif
 endif
 
 if USE_BLOWFISH
   SUBDIRS += plugins/blowfish
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/blowfish/libstrongswan-blowfish.la
+endif
 endif
 
 if USE_MD4
   SUBDIRS += plugins/md4
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/md4/libstrongswan-md4.la
+endif
 endif
 
 if USE_MD5
   SUBDIRS += plugins/md5
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/md5/libstrongswan-md5.la
+endif
 endif
 
 if USE_SHA1
   SUBDIRS += plugins/sha1
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/sha1/libstrongswan-sha1.la
+endif
 endif
 
 if USE_SHA2
   SUBDIRS += plugins/sha2
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/sha2/libstrongswan-sha2.la
 endif
-
-if USE_FIPS_PRF
-  SUBDIRS += plugins/fips_prf
 endif
 
 if USE_GMP
   SUBDIRS += plugins/gmp
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/gmp/libstrongswan-gmp.la
+endif
 endif
 
 if USE_RANDOM
   SUBDIRS += plugins/random
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/random/libstrongswan-random.la
+endif
 endif
 
 if USE_HMAC
   SUBDIRS += plugins/hmac
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/hmac/libstrongswan-hmac.la
+endif
 endif
 
 if USE_XCBC
   SUBDIRS += plugins/xcbc
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/xcbc/libstrongswan-xcbc.la
+endif
 endif
 
 if USE_X509
   SUBDIRS += plugins/x509
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/x509/libstrongswan-x509.la
+endif
 endif
 
 if USE_PUBKEY
   SUBDIRS += plugins/pubkey
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/pubkey/libstrongswan-pubkey.la
+endif
 endif
 
 if USE_PKCS1
   SUBDIRS += plugins/pkcs1
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/pkcs1/libstrongswan-pkcs1.la
+endif
 endif
 
 if USE_PGP
   SUBDIRS += plugins/pgp
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/pgp/libstrongswan-pgp.la
+endif
 endif
 
 if USE_DNSKEY
   SUBDIRS += plugins/dnskey
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/dnskey/libstrongswan-dnskey.la
+endif
 endif
 
 if USE_PEM
   SUBDIRS += plugins/pem
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/pem/libstrongswan-pem.la
+endif
 endif
 
 if USE_CURL
   SUBDIRS += plugins/curl
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/curl/libstrongswan-curl.la
+endif
 endif
 
 if USE_LDAP
   SUBDIRS += plugins/ldap
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/ldap/libstrongswan-ldap.la
+endif
 endif
 
 if USE_MYSQL
   SUBDIRS += plugins/mysql
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/mysql/libstrongswan-mysql.la
+endif
 endif
 
 if USE_SQLITE
   SUBDIRS += plugins/sqlite
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/sqlite/libstrongswan-sqlite.la
 endif
-
-if USE_ATTR_SQL
-  SUBDIRS += plugins/attr_sql
 endif
 
 if USE_PADLOCK
   SUBDIRS += plugins/padlock
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/padlock/libstrongswan-padlock.la
+endif
 endif
 
 if USE_OPENSSL
   SUBDIRS += plugins/openssl
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/openssl/libstrongswan-openssl.la
+endif
 endif
 
 if USE_GCRYPT
   SUBDIRS += plugins/gcrypt
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/gcrypt/libstrongswan-gcrypt.la
+endif
+endif
+
+if USE_FIPS_PRF
+  SUBDIRS += plugins/fips_prf
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/fips_prf/libstrongswan-fips-prf.la
+endif
 endif
 
 if USE_AGENT
   SUBDIRS += plugins/agent
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/agent/libstrongswan-agent.la
+endif
 endif
 
 if USE_TEST_VECTORS
   SUBDIRS += plugins/test_vectors
+if MONOLITHIC
+  libstrongswan_la_LIBADD += plugins/test_vectors/libstrongswan-test-vectors.la
+endif
 endif
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 729d32eb3..b8d967d4a 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -45,33 +45,59 @@ host_triplet = @host@
 
 @USE_VSTR_TRUE@am__append_6 = -lvstr
 @USE_AES_TRUE@am__append_7 = plugins/aes
-@USE_DES_TRUE@am__append_8 = plugins/des
-@USE_BLOWFISH_TRUE@am__append_9 = plugins/blowfish
-@USE_MD4_TRUE@am__append_10 = plugins/md4
-@USE_MD5_TRUE@am__append_11 = plugins/md5
-@USE_SHA1_TRUE@am__append_12 = plugins/sha1
-@USE_SHA2_TRUE@am__append_13 = plugins/sha2
-@USE_FIPS_PRF_TRUE@am__append_14 = plugins/fips_prf
-@USE_GMP_TRUE@am__append_15 = plugins/gmp
-@USE_RANDOM_TRUE@am__append_16 = plugins/random
-@USE_HMAC_TRUE@am__append_17 = plugins/hmac
-@USE_XCBC_TRUE@am__append_18 = plugins/xcbc
-@USE_X509_TRUE@am__append_19 = plugins/x509
-@USE_PUBKEY_TRUE@am__append_20 = plugins/pubkey
-@USE_PKCS1_TRUE@am__append_21 = plugins/pkcs1
-@USE_PGP_TRUE@am__append_22 = plugins/pgp
-@USE_DNSKEY_TRUE@am__append_23 = plugins/dnskey
-@USE_PEM_TRUE@am__append_24 = plugins/pem
-@USE_CURL_TRUE@am__append_25 = plugins/curl
-@USE_LDAP_TRUE@am__append_26 = plugins/ldap
-@USE_MYSQL_TRUE@am__append_27 = plugins/mysql
-@USE_SQLITE_TRUE@am__append_28 = plugins/sqlite
-@USE_ATTR_SQL_TRUE@am__append_29 = plugins/attr_sql
-@USE_PADLOCK_TRUE@am__append_30 = plugins/padlock
-@USE_OPENSSL_TRUE@am__append_31 = plugins/openssl
-@USE_GCRYPT_TRUE@am__append_32 = plugins/gcrypt
-@USE_AGENT_TRUE@am__append_33 = plugins/agent
-@USE_TEST_VECTORS_TRUE@am__append_34 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_8 = plugins/aes/libstrongswan-aes.la
+@USE_DES_TRUE@am__append_9 = plugins/des
+@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_10 = plugins/des/libstrongswan-des.la
+@USE_BLOWFISH_TRUE@am__append_11 = plugins/blowfish
+@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_12 = plugins/blowfish/libstrongswan-blowfish.la
+@USE_MD4_TRUE@am__append_13 = plugins/md4
+@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_14 = plugins/md4/libstrongswan-md4.la
+@USE_MD5_TRUE@am__append_15 = plugins/md5
+@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_16 = plugins/md5/libstrongswan-md5.la
+@USE_SHA1_TRUE@am__append_17 = plugins/sha1
+@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_18 = plugins/sha1/libstrongswan-sha1.la
+@USE_SHA2_TRUE@am__append_19 = plugins/sha2
+@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_20 = plugins/sha2/libstrongswan-sha2.la
+@USE_GMP_TRUE@am__append_21 = plugins/gmp
+@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_22 = plugins/gmp/libstrongswan-gmp.la
+@USE_RANDOM_TRUE@am__append_23 = plugins/random
+@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_24 = plugins/random/libstrongswan-random.la
+@USE_HMAC_TRUE@am__append_25 = plugins/hmac
+@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_26 = plugins/hmac/libstrongswan-hmac.la
+@USE_XCBC_TRUE@am__append_27 = plugins/xcbc
+@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_28 = plugins/xcbc/libstrongswan-xcbc.la
+@USE_X509_TRUE@am__append_29 = plugins/x509
+@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_30 = plugins/x509/libstrongswan-x509.la
+@USE_PUBKEY_TRUE@am__append_31 = plugins/pubkey
+@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_32 = plugins/pubkey/libstrongswan-pubkey.la
+@USE_PKCS1_TRUE@am__append_33 = plugins/pkcs1
+@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_34 = plugins/pkcs1/libstrongswan-pkcs1.la
+@USE_PGP_TRUE@am__append_35 = plugins/pgp
+@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_36 = plugins/pgp/libstrongswan-pgp.la
+@USE_DNSKEY_TRUE@am__append_37 = plugins/dnskey
+@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_38 = plugins/dnskey/libstrongswan-dnskey.la
+@USE_PEM_TRUE@am__append_39 = plugins/pem
+@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_40 = plugins/pem/libstrongswan-pem.la
+@USE_CURL_TRUE@am__append_41 = plugins/curl
+@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_42 = plugins/curl/libstrongswan-curl.la
+@USE_LDAP_TRUE@am__append_43 = plugins/ldap
+@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_44 = plugins/ldap/libstrongswan-ldap.la
+@USE_MYSQL_TRUE@am__append_45 = plugins/mysql
+@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_46 = plugins/mysql/libstrongswan-mysql.la
+@USE_SQLITE_TRUE@am__append_47 = plugins/sqlite
+@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_48 = plugins/sqlite/libstrongswan-sqlite.la
+@USE_PADLOCK_TRUE@am__append_49 = plugins/padlock
+@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_50 = plugins/padlock/libstrongswan-padlock.la
+@USE_OPENSSL_TRUE@am__append_51 = plugins/openssl
+@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_52 = plugins/openssl/libstrongswan-openssl.la
+@USE_GCRYPT_TRUE@am__append_53 = plugins/gcrypt
+@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_54 = plugins/gcrypt/libstrongswan-gcrypt.la
+@USE_FIPS_PRF_TRUE@am__append_55 = plugins/fips_prf
+@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_56 = plugins/fips_prf/libstrongswan-fips-prf.la
+@USE_AGENT_TRUE@am__append_57 = plugins/agent
+@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_58 = plugins/agent/libstrongswan-agent.la
+@USE_TEST_VECTORS_TRUE@am__append_59 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_60 = plugins/test_vectors/libstrongswan-test-vectors.la
 subdir = src/libstrongswan
 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -115,14 +141,20 @@ am__DEPENDENCIES_1 =
 libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
 	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1) $(am__append_8) $(am__append_10) \
+	$(am__append_12) $(am__append_14) $(am__append_16) \
+	$(am__append_18) $(am__append_20) $(am__append_22) \
+	$(am__append_24) $(am__append_26) $(am__append_28) \
+	$(am__append_30) $(am__append_32) $(am__append_34) \
+	$(am__append_36) $(am__append_38) $(am__append_40) \
+	$(am__append_42) $(am__append_44) $(am__append_46) \
+	$(am__append_48) $(am__append_50) $(am__append_52) \
+	$(am__append_54) $(am__append_56) $(am__append_58) \
+	$(am__append_60)
 am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
 	chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \
 	printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \
 	asn1/asn1_parser.c asn1/asn1_parser.h asn1/oid.c asn1/oid.h \
-	attributes/attributes.c attributes/attributes.h \
-	attributes/attribute_provider.h attributes/attribute_handler.h \
-	attributes/attribute_manager.c attributes/attribute_manager.h \
 	crypto/crypters/crypter.c crypto/crypters/crypter.h \
 	crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \
 	crypto/pkcs9.h crypto/proposal/proposal_keywords.c \
@@ -173,10 +205,10 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
 @USE_INTEGRITY_TEST_TRUE@am__objects_2 = integrity_checker.lo
 am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \
 	settings.lo printf_hook.lo asn1.lo asn1_parser.lo oid.lo \
-	attributes.lo attribute_manager.lo crypter.lo hasher.lo \
-	pkcs9.lo proposal_keywords.lo prf.lo rng.lo prf_plus.lo \
-	signer.lo crypto_factory.lo crypto_tester.lo diffie_hellman.lo \
-	transform.lo credential_factory.lo builder.lo key_encoding.lo \
+	crypter.lo hasher.lo pkcs9.lo proposal_keywords.lo prf.lo \
+	rng.lo prf_plus.lo signer.lo crypto_factory.lo \
+	crypto_tester.lo diffie_hellman.lo transform.lo \
+	credential_factory.lo builder.lo key_encoding.lo \
 	private_key.lo public_key.lo shared_key.lo certificate.lo \
 	x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \
 	database_factory.lo fetcher_manager.lo traffic_selector.lo \
@@ -215,13 +247,12 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
 ETAGS = etags
 CTAGS = ctags
 DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \
-	plugins/md5 plugins/sha1 plugins/sha2 plugins/fips_prf \
-	plugins/gmp plugins/random plugins/hmac plugins/xcbc \
-	plugins/x509 plugins/pubkey plugins/pkcs1 plugins/pgp \
-	plugins/dnskey plugins/pem plugins/curl plugins/ldap \
-	plugins/mysql plugins/sqlite plugins/attr_sql plugins/padlock \
-	plugins/openssl plugins/gcrypt plugins/agent \
-	plugins/test_vectors
+	plugins/md5 plugins/sha1 plugins/sha2 plugins/gmp \
+	plugins/random plugins/hmac plugins/xcbc plugins/x509 \
+	plugins/pubkey plugins/pkcs1 plugins/pgp plugins/dnskey \
+	plugins/pem plugins/curl plugins/ldap plugins/mysql \
+	plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \
+	plugins/fips_prf plugins/agent plugins/test_vectors
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 am__relativize = \
   dir0=`pwd`; \
@@ -368,6 +399,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -407,9 +439,6 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \
 	debug.h enum.c enum.h settings.h settings.c printf_hook.c \
 	printf_hook.h asn1/asn1.c asn1/asn1.h asn1/asn1_parser.c \
 	asn1/asn1_parser.h asn1/oid.c asn1/oid.h \
-	attributes/attributes.c attributes/attributes.h \
-	attributes/attribute_provider.h attributes/attribute_handler.h \
-	attributes/attribute_manager.c attributes/attribute_manager.h \
 	crypto/crypters/crypter.c crypto/crypters/crypter.h \
 	crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \
 	crypto/pkcs9.h crypto/proposal/proposal_keywords.c \
@@ -456,14 +485,24 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \
 	plugins/plugin_loader.h plugins/plugin.h $(am__append_2) \
 	$(am__append_5)
 libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
-	$(RTLIB) $(am__append_6)
+	$(RTLIB) $(am__append_6) $(am__append_8) $(am__append_10) \
+	$(am__append_12) $(am__append_14) $(am__append_16) \
+	$(am__append_18) $(am__append_20) $(am__append_22) \
+	$(am__append_24) $(am__append_26) $(am__append_28) \
+	$(am__append_30) $(am__append_32) $(am__append_34) \
+	$(am__append_36) $(am__append_38) $(am__append_40) \
+	$(am__append_42) $(am__append_44) $(am__append_46) \
+	$(am__append_48) $(am__append_50) $(am__append_52) \
+	$(am__append_54) $(am__append_56) $(am__append_58) \
+	$(am__append_60)
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \
 	-DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \
 	$(am__append_3) $(am__append_4)
 EXTRA_DIST = \
 asn1/oid.txt asn1/oid.pl \
-crypto/proposal/proposal_keywords.txt
+crypto/proposal/proposal_keywords.txt \
+Android.mk AndroidConfigLocal.h
 
 BUILT_SOURCES = \
 $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
@@ -473,19 +512,37 @@ MAINTAINERCLEANFILES = \
 $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
 $(srcdir)/crypto/proposal/proposal_keywords.c
 
+@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_7) $(am__append_9) \
+@MONOLITHIC_FALSE@	$(am__append_11) $(am__append_13) \
+@MONOLITHIC_FALSE@	$(am__append_15) $(am__append_17) \
+@MONOLITHIC_FALSE@	$(am__append_19) $(am__append_21) \
+@MONOLITHIC_FALSE@	$(am__append_23) $(am__append_25) \
+@MONOLITHIC_FALSE@	$(am__append_27) $(am__append_29) \
+@MONOLITHIC_FALSE@	$(am__append_31) $(am__append_33) \
+@MONOLITHIC_FALSE@	$(am__append_35) $(am__append_37) \
+@MONOLITHIC_FALSE@	$(am__append_39) $(am__append_41) \
+@MONOLITHIC_FALSE@	$(am__append_43) $(am__append_45) \
+@MONOLITHIC_FALSE@	$(am__append_47) $(am__append_49) \
+@MONOLITHIC_FALSE@	$(am__append_51) $(am__append_53) \
+@MONOLITHIC_FALSE@	$(am__append_55) $(am__append_57) \
+@MONOLITHIC_FALSE@	$(am__append_59)
 
 # build plugins with their own Makefile
 #######################################
-SUBDIRS = . $(am__append_7) $(am__append_8) $(am__append_9) \
-	$(am__append_10) $(am__append_11) $(am__append_12) \
-	$(am__append_13) $(am__append_14) $(am__append_15) \
-	$(am__append_16) $(am__append_17) $(am__append_18) \
-	$(am__append_19) $(am__append_20) $(am__append_21) \
-	$(am__append_22) $(am__append_23) $(am__append_24) \
-	$(am__append_25) $(am__append_26) $(am__append_27) \
-	$(am__append_28) $(am__append_29) $(am__append_30) \
-	$(am__append_31) $(am__append_32) $(am__append_33) \
-	$(am__append_34)
+@MONOLITHIC_TRUE@SUBDIRS = $(am__append_7) $(am__append_9) \
+@MONOLITHIC_TRUE@	$(am__append_11) $(am__append_13) \
+@MONOLITHIC_TRUE@	$(am__append_15) $(am__append_17) \
+@MONOLITHIC_TRUE@	$(am__append_19) $(am__append_21) \
+@MONOLITHIC_TRUE@	$(am__append_23) $(am__append_25) \
+@MONOLITHIC_TRUE@	$(am__append_27) $(am__append_29) \
+@MONOLITHIC_TRUE@	$(am__append_31) $(am__append_33) \
+@MONOLITHIC_TRUE@	$(am__append_35) $(am__append_37) \
+@MONOLITHIC_TRUE@	$(am__append_39) $(am__append_41) \
+@MONOLITHIC_TRUE@	$(am__append_43) $(am__append_45) \
+@MONOLITHIC_TRUE@	$(am__append_47) $(am__append_49) \
+@MONOLITHIC_TRUE@	$(am__append_51) $(am__append_53) \
+@MONOLITHIC_TRUE@	$(am__append_55) $(am__append_57) \
+@MONOLITHIC_TRUE@	$(am__append_59)
 all: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
 
@@ -563,8 +620,6 @@ distclean-compile:
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_parser.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attributes.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backtrace.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/builder.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certificate.Plo@am__quote@
@@ -657,20 +712,6 @@ oid.lo: asn1/oid.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c
 
-attributes.lo: attributes/attributes.c
-@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attributes.lo -MD -MP -MF $(DEPDIR)/attributes.Tpo -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/attributes.Tpo $(DEPDIR)/attributes.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='attributes/attributes.c' object='attributes.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c
-
-attribute_manager.lo: attributes/attribute_manager.c
-@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.lo -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
-@am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='attributes/attribute_manager.c' object='attribute_manager.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c
-
 crypter.lo: crypto/crypters/crypter.c
 @am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF $(DEPDIR)/crypter.Tpo -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c
 @am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/crypter.Tpo $(DEPDIR)/crypter.Plo
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 763caafc4..6264bdc54 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -19,7 +19,6 @@
 #include <string.h>
 #include <time.h>
 
-#include <utils.h>
 #include <debug.h>
 
 #include "oid.h"
@@ -134,7 +133,7 @@ size_t asn1_length(chunk_t *blob)
 
 	if (blob->len < 2)
 	{
-		DBG2("insufficient number of octets to parse ASN.1 length");
+		DBG2(DBG_LIB, "insufficient number of octets to parse ASN.1 length");
 		return ASN1_INVALID_LENGTH;
 	}
 
@@ -146,7 +145,7 @@ size_t asn1_length(chunk_t *blob)
 	{	/* single length octet */
 		if (n > blob->len)
 		{
-			DBG2("length is larger than remaining blob size");
+			DBG2(DBG_LIB, "length is larger than remaining blob size");
 			return ASN1_INVALID_LENGTH;
 		}
 		return n;
@@ -157,14 +156,14 @@ size_t asn1_length(chunk_t *blob)
 
 	if (n == 0 || n > blob->len)
 	{
-		DBG2("number of length octets invalid");
+		DBG2(DBG_LIB, "number of length octets invalid");
 		return ASN1_INVALID_LENGTH;
 	}
 
 	if (n > sizeof(len))
 	{
-		DBG2("number of length octets is larger than limit of %d octets",
-			 (int)sizeof(len));
+		DBG2(DBG_LIB, "number of length octets is larger than limit of"
+			 " %d octets", (int)sizeof(len));
 		return ASN1_INVALID_LENGTH;
 	}
 
@@ -177,7 +176,7 @@ size_t asn1_length(chunk_t *blob)
 	}
 	if (len > blob->len)
 	{
-		DBG2("length is larger than remaining blob size");
+		DBG2(DBG_LIB, "length is larger than remaining blob size");
 		return ASN1_INVALID_LENGTH;
 	}
 	return len;
@@ -377,7 +376,7 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
 			oid = asn1_known_oid(object);
 			if (oid != OID_UNKNOWN)
 			{
-				DBG2("  '%s'", oid_names[oid].name);
+				DBG2(DBG_LIB, "  '%s'", oid_names[oid].name);
 				return;
 			}
 			break;
@@ -386,14 +385,14 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
 		case ASN1_PRINTABLESTRING:
 		case ASN1_T61STRING:
 		case ASN1_VISIBLESTRING:
-			DBG2("  '%.*s'", (int)object.len, object.ptr);
+			DBG2(DBG_LIB, "  '%.*s'", (int)object.len, object.ptr);
 			return;
 		case ASN1_UTCTIME:
 		case ASN1_GENERALIZEDTIME:
 			{
 				time_t time = asn1_to_time(&object, type);
 
-				DBG2("  '%T'", &time, TRUE);
+				DBG2(DBG_LIB, "  '%T'", &time, TRUE);
 			}
 			return;
 		default:
@@ -401,11 +400,11 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
 	}
 	if (private)
 	{
-		DBG4("%B", &object);
+		DBG4(DBG_LIB, "%B", &object);
 	}
 	else
 	{
-		DBG3("%B", &object);
+		DBG3(DBG_LIB, "%B", &object);
 	}
 }
 
@@ -419,13 +418,14 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
 	/* an ASN.1 object must possess at least a tag and length field */
 	if (object->len < 2)
 	{
-		DBG2("L%d - %s:  ASN.1 object smaller than 2 octets", level, name);
+		DBG2(DBG_LIB, "L%d - %s:  ASN.1 object smaller than 2 octets", level,
+			 name);
 		return FALSE;
 	}
 
 	if (*object->ptr != type)
 	{
-		DBG2("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
+		DBG2(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
 			 level, name, type, *object->ptr);
 		return FALSE;
 	}
@@ -434,12 +434,12 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
 
 	if (len == ASN1_INVALID_LENGTH || object->len < len)
 	{
-		DBG2("L%d - %s:  length of ASN.1 object invalid or too large",
+		DBG2(DBG_LIB, "L%d - %s:  length of ASN.1 object invalid or too large",
 			 level, name);
 		return FALSE;
 	}
 
-	DBG2("L%d - %s:", level, name);
+	DBG2(DBG_LIB, "L%d - %s:", level, name);
 	asn1_debug_simple_object(*object, type, FALSE);
 	return TRUE;
 }
@@ -501,7 +501,7 @@ bool is_asn1(chunk_t blob)
 
 	if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING)
 	{
-		DBG2("  file content is not binary ASN.1");
+		DBG2(DBG_LIB, "  file content is not binary ASN.1");
 		return FALSE;
 	}
 
@@ -519,7 +519,7 @@ bool is_asn1(chunk_t blob)
 		return TRUE;
 	}
 
-	DBG2("  file size does not match ASN.1 coded length");
+	DBG2(DBG_LIB, "  file size does not match ASN.1 coded length");
 	return FALSE;
 }
 
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index d29190df7..866c28095 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -25,8 +25,7 @@
 
 #include <stdarg.h>
 
-#include <utils.h>
-#include <chunk.h>
+#include <library.h>
 
 /**
  * Definition of some primitive ASN1 types
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index dc7726ad7..3e5bbbabd 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -19,7 +19,6 @@
 #include <string.h>
 #include <time.h>
 
-#include <utils.h>
 #include <debug.h>
 
 #include "asn1.h"
@@ -123,7 +122,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
 	if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) )
 	{
 		/* field is missing */
-		DBG2("L%d - %s:", level, obj.name);
+		DBG2(DBG_LIB, "L%d - %s:", level, obj.name);
 		if (obj.type & ASN1_CONSTRUCTED)
 		{
 			this->line++ ;  /* skip context-specific tag */
@@ -150,7 +149,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
 
 	if (blob->len < 2)
 	{
-		DBG1("L%d - %s:  ASN.1 object smaller than 2 octets",
+		DBG1(DBG_LIB, "L%d - %s:  ASN.1 object smaller than 2 octets",
 					level, obj.name);
 		this->success = FALSE;
 		goto end;
@@ -160,7 +159,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
 
 	if (blob1->len == ASN1_INVALID_LENGTH)
 	{
-		DBG1("L%d - %s:  length of ASN.1 object invalid or too large",
+		DBG1(DBG_LIB, "L%d - %s:  length of ASN.1 object invalid or too large",
 					level, obj.name);
 		this->success = FALSE;
 	}
@@ -173,7 +172,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
 
 	if (obj.flags & ASN1_RAW)
 	{
-		DBG2("L%d - %s:", level, obj.name);
+		DBG2(DBG_LIB, "L%d - %s:", level, obj.name);
 		object->ptr = start_ptr;
 		object->len = (size_t)(blob->ptr - start_ptr);
 		goto end;
@@ -181,14 +180,14 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
 
 	if (*start_ptr != obj.type && !(this->implicit && this->line == 0))
 	{
-		DBG1("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
+		DBG1(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
 					level, obj.name, obj.type, *start_ptr);
-		DBG3("%b", start_ptr, (u_int)(blob->ptr - start_ptr));
+		DBG3(DBG_LIB, "%b", start_ptr, (u_int)(blob->ptr - start_ptr));
 		this->success = FALSE;
 		goto end;
 	}
 
-	DBG2("L%d - %s:", level, obj.name);
+	DBG2(DBG_LIB, "L%d - %s:", level, obj.name);
 
 	/* In case of "SEQUENCE OF" or "SET OF" start a loop */
 	if (obj.flags & ASN1_LOOP)
@@ -217,11 +216,11 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
 		object->len = (size_t)(blob->ptr - start_ptr);
 		if (this->private)
 		{
-			DBG4("%B", object);
+			DBG4(DBG_LIB, "%B", object);
 		}
 		else
 		{
-			DBG3("%B", object);
+			DBG3(DBG_LIB, "%B", object);
 		}
 	}
 	else if (obj.flags & ASN1_BODY)
diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h
index 49325232d..0edc22c23 100644
--- a/src/libstrongswan/asn1/asn1_parser.h
+++ b/src/libstrongswan/asn1/asn1_parser.h
@@ -25,9 +25,9 @@
 
 #include <stdarg.h>
 
-#include <utils.h>
-#include <chunk.h>
-#include <asn1/asn1.h>
+#include <library.h>
+
+#include "asn1.h"
 
 /**
  * Definition of ASN.1 flags
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 32e2eb033..aa1fd31b0 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -41,6 +41,7 @@ extern const oid_t oid_names[];
 #define OID_UNIQUE_IDENTIFIER				34
 #define OID_ROLE							35
 #define OID_SUBJECT_KEY_ID					38
+#define OID_KEY_USAGE						39
 #define OID_SUBJECT_ALT_NAME				41
 #define OID_BASIC_CONSTRAINTS				43
 #define OID_CRL_NUMBER						44
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 203bc1f28..5d729c2eb 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -37,7 +37,7 @@
   0x1D                       "id-ce"
     0x09                     "subjectDirectoryAttrs"
     0x0E                     "subjectKeyIdentifier"		OID_SUBJECT_KEY_ID
-    0x0F                     "keyUsage"
+    0x0F                     "keyUsage"					OID_KEY_USAGE
     0x10                     "privateKeyUsagePeriod"
     0x11                     "subjectAltName"			OID_SUBJECT_ALT_NAME
     0x12                     "issuerAltName"
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index 86436e997..ef69eb4e7 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -22,8 +22,7 @@
 #include <ctype.h>
 
 #include "chunk.h"
-
-#include <debug.h>
+#include "debug.h"
 
 /* required for chunk_hash */
 #undef get16bits
@@ -222,7 +221,7 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force
 
 	if (!force && access(path, F_OK) == 0)
 	{
-		DBG1("  %s file '%s' already exists", label, path);
+		DBG1(DBG_LIB, "  %s file '%s' already exists", label, path);
 		return FALSE;
 	}
 	oldmask = umask(mask);
@@ -231,20 +230,21 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force
 	{
 		if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len)
 		{
-			DBG1("  written %s file '%s' (%d bytes)",
+			DBG1(DBG_LIB, "  written %s file '%s' (%d bytes)",
 				 label, path, chunk.len);
 			good = TRUE;
 		}
 		else
 		{
-			DBG1("  writing %s file '%s' failed: %s",
+			DBG1(DBG_LIB, "  writing %s file '%s' failed: %s",
 				 label, path, strerror(errno));
 		}
 		fclose(fd);
 	}
 	else
 	{
-		DBG1("  could not open %s file '%s': %s", label, path, strerror(errno));
+		DBG1(DBG_LIB, "  could not open %s file '%s': %s", label, path,
+			 strerror(errno));
 	}
 	umask(oldmask);
 	return good;
@@ -497,7 +497,7 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace)
  * Described in header.
  *
  * The implementation is based on Paul Hsieh's SuperFastHash:
- * 	 http://www.azillionmonkeys.com/qed/hash.html
+ *	 http://www.azillionmonkeys.com/qed/hash.html
  */
 u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash)
 {
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index a526f4a89..f0f9a7366 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -42,7 +42,7 @@ struct chunk_t {
 	size_t len;
 };
 
-#include <utils.h>
+#include "utils.h"
 
 /**
  * A { NULL, 0 }-chunk handy for initialization.
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 5139ad504..7cc7dbe0e 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -151,7 +151,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
 		{
 			names = certificate_type_names;
 		}
-		DBG1("building %N - %N failed, tried %d builders",
+		DBG1(DBG_LIB, "building %N - %N failed, tried %d builders",
 			 credential_type_names, type, names, subtype, failures);
 	}
 	this->recursive->set(this->recursive, (void*)level);
diff --git a/src/libstrongswan/credentials/keys/key_encoding.h b/src/libstrongswan/credentials/keys/key_encoding.h
index 384117166..d8435f4b4 100644
--- a/src/libstrongswan/credentials/keys/key_encoding.h
+++ b/src/libstrongswan/credentials/keys/key_encoding.h
@@ -79,7 +79,7 @@ enum key_encoding_type_t {
 	KEY_PRIV_ASN1_DER,
 	/** subjectPublicKeyInfo encoding */
 	KEY_PUB_SPKI_ASN1_DER,
-	/** PEM oncoded PKCS#1 key */
+	/** PEM encoded PKCS#1 key */
 	KEY_PUB_PEM,
 	KEY_PRIV_PEM,
 	/** PGP key encoding */
diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h
index fe7bc86be..d00b8d12e 100644
--- a/src/libstrongswan/credentials/keys/shared_key.h
+++ b/src/libstrongswan/credentials/keys/shared_key.h
@@ -41,6 +41,8 @@ enum shared_key_type_t {
 	SHARED_PRIVATE_KEY_PASS,
 	/** PIN to unlock a smartcard */
 	SHARED_PIN,
+	/** Calculated NT Hash = MD4(UTF-16LE(password)) */
+	SHARED_NT_HASH,
 };
 
 /**
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index 46b50329d..fee71953d 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -686,7 +686,7 @@ static void add_test_vector(private_crypto_factory_t *this,
 		case RANDOM_NUMBER_GENERATOR:
 			return this->tester->add_rng_vector(this->tester, vector);
 		default:
-			DBG1("%N test vectors not supported, ignored",
+			DBG1(DBG_LIB, "%N test vectors not supported, ignored",
 				 transform_type_names, type);
 	}
 }
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 86daf65f9..76cc1cf2c 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -136,7 +136,7 @@ static bool test_crypter(private_crypto_tester_t *this,
 		crypter->destroy(crypter);
 		if (failed)
 		{
-			DBG1("disabled %N: test vector %u failed",
+			DBG1(DBG_LIB, "disabled %N: test vector %u failed",
 				 encryption_algorithm_names, alg, tested);
 			break;
 		}
@@ -144,14 +144,14 @@ static bool test_crypter(private_crypto_tester_t *this,
 	enumerator->destroy(enumerator);
 	if (!tested)
 	{
-		DBG1("%s %N: no test vectors found",
+		DBG1(DBG_LIB, "%s %N: no test vectors found",
 			 this->required ? "disabled" : "enabled ",
 			 encryption_algorithm_names, alg);
 		return !this->required;
 	}
 	if (!failed)
 	{
-		DBG1("enabled  %N: passed %u test vectors",
+		DBG1(DBG_LIB, "enabled  %N: passed %u test vectors",
 			 encryption_algorithm_names, alg, tested);
 	}
 	return !failed;
@@ -183,7 +183,7 @@ static bool test_signer(private_crypto_tester_t *this,
 		signer = create(alg);
 		if (!signer)
 		{
-			DBG1("disabled %N: creating instance failed",
+			DBG1(DBG_LIB, "disabled %N: creating instance failed",
 				 integrity_algorithm_names, alg);
 			failed = TRUE;
 			break;
@@ -240,7 +240,7 @@ static bool test_signer(private_crypto_tester_t *this,
 		signer->destroy(signer);
 		if (failed)
 		{
-			DBG1("disabled %N: test vector %u failed",
+			DBG1(DBG_LIB, "disabled %N: test vector %u failed",
 				 integrity_algorithm_names, alg, tested);
 			break;
 		}
@@ -248,14 +248,14 @@ static bool test_signer(private_crypto_tester_t *this,
 	enumerator->destroy(enumerator);
 	if (!tested)
 	{
-		DBG1("%s %N: no test vectors found",
+		DBG1(DBG_LIB, "%s %N: no test vectors found",
 			 this->required ? "disabled" : "enabled ",
 			 integrity_algorithm_names, alg);
 		return !this->required;
 	}
 	if (!failed)
 	{
-		DBG1("enabled  %N: passed %u test vectors",
+		DBG1(DBG_LIB, "enabled  %N: passed %u test vectors",
 			 integrity_algorithm_names, alg, tested);
 	}
 	return !failed;
@@ -287,7 +287,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
 		hasher = create(alg);
 		if (!hasher)
 		{
-			DBG1("disabled %N: creating instance failed",
+			DBG1(DBG_LIB, "disabled %N: creating instance failed",
 				 hash_algorithm_names, alg);
 			failed = TRUE;
 			break;
@@ -330,7 +330,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
 		hasher->destroy(hasher);
 		if (failed)
 		{
-			DBG1("disabled %N: test vector %u failed",
+			DBG1(DBG_LIB, "disabled %N: test vector %u failed",
 				 hash_algorithm_names, alg, tested);
 			break;
 		}
@@ -338,14 +338,14 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
 	enumerator->destroy(enumerator);
 	if (!tested)
 	{
-		DBG1("%s %N: no test vectors found",
+		DBG1(DBG_LIB, "%s %N: no test vectors found",
 			 this->required ? "disabled" : "enabled ",
 			 hash_algorithm_names, alg);
 		return !this->required;
 	}
 	if (!failed)
 	{
-		DBG1("enabled  %N: passed %u test vectors",
+		DBG1(DBG_LIB, "enabled  %N: passed %u test vectors",
 			 hash_algorithm_names, alg, tested);
 	}
 	return !failed;
@@ -377,7 +377,7 @@ static bool test_prf(private_crypto_tester_t *this,
 		prf = create(alg);
 		if (!prf)
 		{
-			DBG1("disabled %N: creating instance failed",
+			DBG1(DBG_LIB, "disabled %N: creating instance failed",
 				 pseudo_random_function_names, alg);
 			failed = TRUE;
 			break;
@@ -431,7 +431,7 @@ static bool test_prf(private_crypto_tester_t *this,
 		prf->destroy(prf);
 		if (failed)
 		{
-			DBG1("disabled %N: test vector %u failed",
+			DBG1(DBG_LIB, "disabled %N: test vector %u failed",
 				 pseudo_random_function_names, alg, tested);
 			break;
 		}
@@ -439,14 +439,14 @@ static bool test_prf(private_crypto_tester_t *this,
 	enumerator->destroy(enumerator);
 	if (!tested)
 	{
-		DBG1("%s %N: no test vectors found",
+		DBG1(DBG_LIB, "%s %N: no test vectors found",
 			 this->required ? "disabled" : "enabled ",
 			 pseudo_random_function_names, alg);
 		return !this->required;
 	}
 	if (!failed)
 	{
-		DBG1("enabled  %N: passed %u test vectors",
+		DBG1(DBG_LIB, "enabled  %N: passed %u test vectors",
 			 pseudo_random_function_names, alg, tested);
 	}
 	return !failed;
@@ -465,7 +465,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
 
 	if (!this->rng_true && quality == RNG_TRUE)
 	{
-		DBG1("enabled  %N: skipping test (disabled by config)",
+		DBG1(DBG_LIB, "enabled  %N: skipping test (disabled by config)",
 			 rng_quality_names, quality);
 		return TRUE;
 	}
@@ -485,7 +485,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
 		rng = create(quality);
 		if (!rng)
 		{
-			DBG1("disabled %N: creating instance failed",
+			DBG1(DBG_LIB, "disabled %N: creating instance failed",
 				 rng_quality_names, quality);
 			failed = TRUE;
 			break;
@@ -515,7 +515,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
 		rng->destroy(rng);
 		if (failed)
 		{
-			DBG1("disabled %N: test vector %u failed",
+			DBG1(DBG_LIB, "disabled %N: test vector %u failed",
 				 rng_quality_names, quality, tested);
 			break;
 		}
@@ -523,14 +523,14 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
 	enumerator->destroy(enumerator);
 	if (!tested)
 	{
-		DBG1("%s %N: no test vectors found",
+		DBG1(DBG_LIB, "%s %N: no test vectors found",
 			 this->required ? ", disabled" : "enabled ",
 			 rng_quality_names, quality);
 		return !this->required;
 	}
 	if (!failed)
 	{
-		DBG1("enabled  %N: passed %u test vectors",
+		DBG1(DBG_LIB, "enabled  %N: passed %u test vectors",
 			 rng_quality_names, quality, tested);
 	}
 	return !failed;
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 18d532697..9bd8991fc 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -1,5 +1,6 @@
 /*
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2005-2010 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
  *
@@ -31,10 +32,412 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
 	"ECP_256",
 	"ECP_384",
 	"ECP_521");
-ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT,
+ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT,
+	"MODP_1024_160",
+	"MODP_2048_224",
+	"MODP_2048_256",
 	"ECP_192",
 	"ECP_224");
 ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT,
 	"MODP_NULL");
 ENUM_END(diffie_hellman_group_names, MODP_NULL);
 
+
+/**
+ * List of known diffie hellman group parameters.
+ */
+static struct {
+	/* Public part of the struct */
+	diffie_hellman_params_t public;
+	/* The group identifier as specified in IKEv2 */
+	diffie_hellman_group_t group;
+	/* Optimal length of the exponent (in bytes), as specified in RFC 3526. */
+	size_t opt_exp;
+} dh_params[] = {
+	{
+		.group = MODP_768_BIT, .opt_exp = 32, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_1024_BIT, .opt_exp = 32, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+				0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+				0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_1536_BIT, .opt_exp = 32, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+				0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+				0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+				0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+				0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+				0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+				0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_2048_BIT, .opt_exp = 48, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+				0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+				0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+				0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+				0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+				0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+				0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+				0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+				0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+				0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+				0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_3072_BIT, .opt_exp = 48, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+				0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+				0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+				0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+				0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+				0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+				0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+				0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+				0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+				0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+				0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+				0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+				0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+				0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+				0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+				0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+				0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+				0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+				0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_4096_BIT, .opt_exp = 64, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+				0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+				0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+				0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+				0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+				0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+				0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+				0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+				0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+				0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+				0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+				0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+				0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+				0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+				0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+				0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+				0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+				0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+				0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+				0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+				0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+				0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+				0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+				0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+				0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+				0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+				0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_6144_BIT, .opt_exp = 64, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+				0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+				0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+				0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+				0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+				0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+				0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+				0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+				0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+				0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+				0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+				0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+				0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+				0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+				0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+				0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+				0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+				0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+				0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+				0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+				0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+				0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+				0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+				0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+				0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+				0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+				0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+				0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+				0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+				0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+				0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+				0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+				0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+				0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+				0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+				0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+				0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+				0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+				0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+				0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+				0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+				0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+				0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_8192_BIT, .opt_exp = 64, .public = {
+			.generator = chunk_from_chars(0x02),
+			.prime = chunk_from_chars(
+				0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+				0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+				0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+				0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+				0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+				0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+				0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+				0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+				0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+				0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+				0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+				0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+				0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+				0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+				0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+				0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+				0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+				0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+				0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+				0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+				0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+				0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+				0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+				0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+				0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+				0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+				0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+				0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+				0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+				0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+				0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+				0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+				0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+				0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+				0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+				0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+				0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+				0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+				0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+				0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+				0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+				0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+				0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+				0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+				0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+				0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+				0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+				0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
+				0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
+				0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
+				0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
+				0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
+				0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
+				0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
+				0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
+				0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
+				0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
+				0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
+				0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
+				0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
+				0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
+				0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
+				0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
+				0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF)
+		},
+	},{
+		.group = MODP_1024_160, .opt_exp = 20, .public = {
+			.subgroup = chunk_from_chars(
+				0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D,
+				0x49,0x46,0x23,0x53),
+			.generator = chunk_from_chars(
+				0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42,0xEF,0xB9,0x99,0x05,
+				0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F,0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,
+				0x26,0x6F,0xEA,0x1E,0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13,
+				0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F,0x9E,0x27,0x49,0xF4,
+				0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1,0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76,
+				0xA6,0xA2,0x4C,0x08,0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A,
+				0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59,0x18,0xD0,0x8B,0xC8,
+				0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24,0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5),
+			.prime = chunk_from_chars(
+				0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,0xAE,0x5D,0x54,0xEC,
+				0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6,0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,
+				0x60,0x73,0xE2,0x86,0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0,
+				0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C,0xD4,0x9B,0x83,0xBF,
+				0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70,0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72,
+				0x4E,0xFF,0xD6,0xFA,0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0,
+				0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF,0x36,0x5C,0x1A,0x65,
+				0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71),
+		},
+	}, {
+		.group = MODP_2048_224, .opt_exp = 28, .public = {
+			.subgroup = chunk_from_chars(
+				0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A,
+				0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB),
+			.generator = chunk_from_chars(
+				0xAC,0x40,0x32,0xEF,0x4F,0x2D,0x9A,0xE3,0x9D,0xF3,0x0B,0x5C,0x8F,0xFD,0xAC,0x50,
+				0x6C,0xDE,0xBE,0x7B,0x89,0x99,0x8C,0xAF,0x74,0x86,0x6A,0x08,0xCF,0xE4,0xFF,0xE3,
+				0xA6,0x82,0x4A,0x4E,0x10,0xB9,0xA6,0xF0,0xDD,0x92,0x1F,0x01,0xA7,0x0C,0x4A,0xFA,
+				0xAB,0x73,0x9D,0x77,0x00,0xC2,0x9F,0x52,0xC5,0x7D,0xB1,0x7C,0x62,0x0A,0x86,0x52,
+				0xBE,0x5E,0x90,0x01,0xA8,0xD6,0x6A,0xD7,0xC1,0x76,0x69,0x10,0x19,0x99,0x02,0x4A,
+				0xF4,0xD0,0x27,0x27,0x5A,0xC1,0x34,0x8B,0xB8,0xA7,0x62,0xD0,0x52,0x1B,0xC9,0x8A,
+				0xE2,0x47,0x15,0x04,0x22,0xEA,0x1E,0xD4,0x09,0x93,0x9D,0x54,0xDA,0x74,0x60,0xCD,
+				0xB5,0xF6,0xC6,0xB2,0x50,0x71,0x7C,0xBE,0xF1,0x80,0xEB,0x34,0x11,0x8E,0x98,0xD1,
+				0x19,0x52,0x9A,0x45,0xD6,0xF8,0x34,0x56,0x6E,0x30,0x25,0xE3,0x16,0xA3,0x30,0xEF,
+				0xBB,0x77,0xA8,0x6F,0x0C,0x1A,0xB1,0x5B,0x05,0x1A,0xE3,0xD4,0x28,0xC8,0xF8,0xAC,
+				0xB7,0x0A,0x81,0x37,0x15,0x0B,0x8E,0xEB,0x10,0xE1,0x83,0xED,0xD1,0x99,0x63,0xDD,
+				0xD9,0xE2,0x63,0xE4,0x77,0x05,0x89,0xEF,0x6A,0xA2,0x1E,0x7F,0x5F,0x2F,0xF3,0x81,
+				0xB5,0x39,0xCC,0xE3,0x40,0x9D,0x13,0xCD,0x56,0x6A,0xFB,0xB4,0x8D,0x6C,0x01,0x91,
+				0x81,0xE1,0xBC,0xFE,0x94,0xB3,0x02,0x69,0xED,0xFE,0x72,0xFE,0x9B,0x6A,0xA4,0xBD,
+				0x7B,0x5A,0x0F,0x1C,0x71,0xCF,0xFF,0x4C,0x19,0xC4,0x18,0xE1,0xF6,0xEC,0x01,0x79,
+				0x81,0xBC,0x08,0x7F,0x2A,0x70,0x65,0xB3,0x84,0xB8,0x90,0xD3,0x19,0x1F,0x2B,0xFA),
+			.prime = chunk_from_chars(
+				0xAD,0x10,0x7E,0x1E,0x91,0x23,0xA9,0xD0,0xD6,0x60,0xFA,0xA7,0x95,0x59,0xC5,0x1F,
+				0xA2,0x0D,0x64,0xE5,0x68,0x3B,0x9F,0xD1,0xB5,0x4B,0x15,0x97,0xB6,0x1D,0x0A,0x75,
+				0xE6,0xFA,0x14,0x1D,0xF9,0x5A,0x56,0xDB,0xAF,0x9A,0x3C,0x40,0x7B,0xA1,0xDF,0x15,
+				0xEB,0x3D,0x68,0x8A,0x30,0x9C,0x18,0x0E,0x1D,0xE6,0xB8,0x5A,0x12,0x74,0xA0,0xA6,
+				0x6D,0x3F,0x81,0x52,0xAD,0x6A,0xC2,0x12,0x90,0x37,0xC9,0xED,0xEF,0xDA,0x4D,0xF8,
+				0xD9,0x1E,0x8F,0xEF,0x55,0xB7,0x39,0x4B,0x7A,0xD5,0xB7,0xD0,0xB6,0xC1,0x22,0x07,
+				0xC9,0xF9,0x8D,0x11,0xED,0x34,0xDB,0xF6,0xC6,0xBA,0x0B,0x2C,0x8B,0xBC,0x27,0xBE,
+				0x6A,0x00,0xE0,0xA0,0xB9,0xC4,0x97,0x08,0xB3,0xBF,0x8A,0x31,0x70,0x91,0x88,0x36,
+				0x81,0x28,0x61,0x30,0xBC,0x89,0x85,0xDB,0x16,0x02,0xE7,0x14,0x41,0x5D,0x93,0x30,
+				0x27,0x82,0x73,0xC7,0xDE,0x31,0xEF,0xDC,0x73,0x10,0xF7,0x12,0x1F,0xD5,0xA0,0x74,
+				0x15,0x98,0x7D,0x9A,0xDC,0x0A,0x48,0x6D,0xCD,0xF9,0x3A,0xCC,0x44,0x32,0x83,0x87,
+				0x31,0x5D,0x75,0xE1,0x98,0xC6,0x41,0xA4,0x80,0xCD,0x86,0xA1,0xB9,0xE5,0x87,0xE8,
+				0xBE,0x60,0xE6,0x9C,0xC9,0x28,0xB2,0xB9,0xC5,0x21,0x72,0xE4,0x13,0x04,0x2E,0x9B,
+				0x23,0xF1,0x0B,0x0E,0x16,0xE7,0x97,0x63,0xC9,0xB5,0x3D,0xCF,0x4B,0xA8,0x0A,0x29,
+				0xE3,0xFB,0x73,0xC1,0x6B,0x8E,0x75,0xB9,0x7E,0xF3,0x63,0xE2,0xFF,0xA3,0x1F,0x71,
+				0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F)
+		},
+	},{
+		.group = MODP_2048_256, .opt_exp = 32, .public = {
+			.subgroup = chunk_from_chars(
+				0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2,
+				0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3),
+			.generator = chunk_from_chars(
+				0x3F,0xB3,0x2C,0x9B,0x73,0x13,0x4D,0x0B,0x2E,0x77,0x50,0x66,0x60,0xED,0xBD,0x48,
+				0x4C,0xA7,0xB1,0x8F,0x21,0xEF,0x20,0x54,0x07,0xF4,0x79,0x3A,0x1A,0x0B,0xA1,0x25,
+				0x10,0xDB,0xC1,0x50,0x77,0xBE,0x46,0x3F,0xFF,0x4F,0xED,0x4A,0xAC,0x0B,0xB5,0x55,
+				0xBE,0x3A,0x6C,0x1B,0x0C,0x6B,0x47,0xB1,0xBC,0x37,0x73,0xBF,0x7E,0x8C,0x6F,0x62,
+				0x90,0x12,0x28,0xF8,0xC2,0x8C,0xBB,0x18,0xA5,0x5A,0xE3,0x13,0x41,0x00,0x0A,0x65,
+				0x01,0x96,0xF9,0x31,0xC7,0x7A,0x57,0xF2,0xDD,0xF4,0x63,0xE5,0xE9,0xEC,0x14,0x4B,
+				0x77,0x7D,0xE6,0x2A,0xAA,0xB8,0xA8,0x62,0x8A,0xC3,0x76,0xD2,0x82,0xD6,0xED,0x38,
+				0x64,0xE6,0x79,0x82,0x42,0x8E,0xBC,0x83,0x1D,0x14,0x34,0x8F,0x6F,0x2F,0x91,0x93,
+				0xB5,0x04,0x5A,0xF2,0x76,0x71,0x64,0xE1,0xDF,0xC9,0x67,0xC1,0xFB,0x3F,0x2E,0x55,
+				0xA4,0xBD,0x1B,0xFF,0xE8,0x3B,0x9C,0x80,0xD0,0x52,0xB9,0x85,0xD1,0x82,0xEA,0x0A,
+				0xDB,0x2A,0x3B,0x73,0x13,0xD3,0xFE,0x14,0xC8,0x48,0x4B,0x1E,0x05,0x25,0x88,0xB9,
+				0xB7,0xD2,0xBB,0xD2,0xDF,0x01,0x61,0x99,0xEC,0xD0,0x6E,0x15,0x57,0xCD,0x09,0x15,
+				0xB3,0x35,0x3B,0xBB,0x64,0xE0,0xEC,0x37,0x7F,0xD0,0x28,0x37,0x0D,0xF9,0x2B,0x52,
+				0xC7,0x89,0x14,0x28,0xCD,0xC6,0x7E,0xB6,0x18,0x4B,0x52,0x3D,0x1D,0xB2,0x46,0xC3,
+				0x2F,0x63,0x07,0x84,0x90,0xF0,0x0E,0xF8,0xD6,0x47,0xD1,0x48,0xD4,0x79,0x54,0x51,
+				0x5E,0x23,0x27,0xCF,0xEF,0x98,0xC5,0x82,0x66,0x4B,0x4C,0x0F,0x6C,0xC4,0x16,0x59),
+			.prime = chunk_from_chars(
+				0x87,0xA8,0xE6,0x1D,0xB4,0xB6,0x66,0x3C,0xFF,0xBB,0xD1,0x9C,0x65,0x19,0x59,0x99,
+				0x8C,0xEE,0xF6,0x08,0x66,0x0D,0xD0,0xF2,0x5D,0x2C,0xEE,0xD4,0x43,0x5E,0x3B,0x00,
+				0xE0,0x0D,0xF8,0xF1,0xD6,0x19,0x57,0xD4,0xFA,0xF7,0xDF,0x45,0x61,0xB2,0xAA,0x30,
+				0x16,0xC3,0xD9,0x11,0x34,0x09,0x6F,0xAA,0x3B,0xF4,0x29,0x6D,0x83,0x0E,0x9A,0x7C,
+				0x20,0x9E,0x0C,0x64,0x97,0x51,0x7A,0xBD,0x5A,0x8A,0x9D,0x30,0x6B,0xCF,0x67,0xED,
+				0x91,0xF9,0xE6,0x72,0x5B,0x47,0x58,0xC0,0x22,0xE0,0xB1,0xEF,0x42,0x75,0xBF,0x7B,
+				0x6C,0x5B,0xFC,0x11,0xD4,0x5F,0x90,0x88,0xB9,0x41,0xF5,0x4E,0xB1,0xE5,0x9B,0xB8,
+				0xBC,0x39,0xA0,0xBF,0x12,0x30,0x7F,0x5C,0x4F,0xDB,0x70,0xC5,0x81,0xB2,0x3F,0x76,
+				0xB6,0x3A,0xCA,0xE1,0xCA,0xA6,0xB7,0x90,0x2D,0x52,0x52,0x67,0x35,0x48,0x8A,0x0E,
+				0xF1,0x3C,0x6D,0x9A,0x51,0xBF,0xA4,0xAB,0x3A,0xD8,0x34,0x77,0x96,0x52,0x4D,0x8E,
+				0xF6,0xA1,0x67,0xB5,0xA4,0x18,0x25,0xD9,0x67,0xE1,0x44,0xE5,0x14,0x05,0x64,0x25,
+				0x1C,0xCA,0xCB,0x83,0xE6,0xB4,0x86,0xF6,0xB3,0xCA,0x3F,0x79,0x71,0x50,0x60,0x26,
+				0xC0,0xB8,0x57,0xF6,0x89,0x96,0x28,0x56,0xDE,0xD4,0x01,0x0A,0xBD,0x0B,0xE6,0x21,
+				0xC3,0xA3,0x96,0x0A,0x54,0xE7,0x10,0xC3,0x75,0xF2,0x63,0x75,0xD7,0x01,0x41,0x03,
+				0xA4,0xB5,0x43,0x30,0xC1,0x98,0xAF,0x12,0x61,0x16,0xD2,0x27,0x6E,0x11,0x71,0x5F,
+				0x69,0x38,0x77,0xFA,0xD7,0xEF,0x09,0xCA,0xDB,0x09,0x4A,0xE9,0x1E,0x1A,0x15,0x97)
+		},
+	},
+};
+
+/**
+ * Described in header.
+ */
+diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
+{
+	int i;
+
+	for (i = 0; i < countof(dh_params); i++)
+	{
+		if (dh_params[i].group == group)
+		{
+			if (!dh_params[i].public.exp_len)
+			{
+				if (!dh_params[i].public.subgroup.len &&
+					lib->settings->get_int(lib->settings,
+								"libstrongswan.dh_exponent_ansi_x9_42", TRUE))
+				{
+					dh_params[i].public.exp_len = dh_params[i].public.prime.len;
+				}
+				else
+				{
+					dh_params[i].public.exp_len = dh_params[i].opt_exp;
+				}
+			}
+			return &dh_params[i].public;
+		}
+	}
+	return NULL;
+}
+
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 842938c3b..cdc9c785e 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -24,6 +25,7 @@
 
 typedef enum diffie_hellman_group_t diffie_hellman_group_t;
 typedef struct diffie_hellman_t diffie_hellman_t;
+typedef struct diffie_hellman_params_t diffie_hellman_params_t;
 
 #include <library.h>
 
@@ -48,6 +50,9 @@ enum diffie_hellman_group_t {
 	ECP_256_BIT   = 19,
 	ECP_384_BIT   = 20,
 	ECP_521_BIT   = 21,
+	MODP_1024_160 = 22,
+	MODP_2048_224 = 23,
+	MODP_2048_256 = 24,
 	ECP_192_BIT   = 25,
 	ECP_224_BIT   = 26,
 	/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
@@ -70,8 +75,8 @@ struct diffie_hellman_t {
 	 * Space for returned secret is allocated and must be
 	 * freed by the caller.
 	 *
-	 * @param secret 	shared secret will be written into this chunk
-	 * @return 			SUCCESS, FAILED if not both DH values are set
+	 * @param secret	shared secret will be written into this chunk
+	 * @return			SUCCESS, FAILED if not both DH values are set
 	 */
 	status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret);
 
@@ -80,7 +85,7 @@ struct diffie_hellman_t {
 	 *
 	 * Chunk gets cloned and can be destroyed afterwards.
 	 *
-	 * @param value 	public value of partner
+	 * @param value		public value of partner
 	 */
 	void (*set_other_public_value) (diffie_hellman_t *this, chunk_t value);
 
@@ -106,4 +111,38 @@ struct diffie_hellman_t {
 	void (*destroy) (diffie_hellman_t *this);
 };
 
+/**
+ * Parameters for a specific diffie hellman group.
+ */
+struct diffie_hellman_params_t {
+
+	/**
+	 * The prime of the group
+	 */
+	const chunk_t prime;
+
+	/**
+	 * Generator of the group
+	 */
+	const chunk_t generator;
+
+	/**
+	 * Exponent length to use
+	 */
+	size_t exp_len;
+
+	/**
+	 * Prime order subgroup; for MODP Groups 22-24
+	 */
+	const chunk_t subgroup;
+};
+
+/**
+ * Get the parameters associated with the specified diffie hellman group.
+ *
+ * @param group			DH group
+ * @return				The parameters or NULL, if the group is not supported
+ */
+diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group);
+
 #endif /** DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index 75816e8b3..a43dde7ea 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -59,12 +59,12 @@ struct proposal_token {
     u_int16_t         keysize;
 };
 
-#define TOTAL_KEYWORDS 89
+#define TOTAL_KEYWORDS 95
 #define MIN_WORD_LENGTH 3
 #define MAX_WORD_LENGTH 12
-#define MIN_HASH_VALUE 4
-#define MAX_HASH_VALUE 123
-/* maximum key range = 120, duplicates = 0 */
+#define MIN_HASH_VALUE 5
+#define MAX_HASH_VALUE 137
+/* maximum key range = 133, duplicates = 0 */
 
 #ifdef __GNUC__
 __inline
@@ -80,32 +80,32 @@ hash (str, len)
 {
   static const unsigned char asso_values[] =
     {
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124,  11,
-        2,  23,   5,  27,  21,   8,   5,   0, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124,  22, 124,  24,   0,   1,
-        8,   2,  50,   0,  11,  54, 124, 124,   0, 124,
-       42,   0, 124, 124,   5,   9,  34,   6, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124, 124, 124, 124,
-      124, 124, 124, 124, 124, 124, 124
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138,   3,  11,
+        2,  23,  29,  27,  21,  16,   5,   0, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138,  17, 138,   1,   0,   1,
+        9,   9,  50,   0,   4,  54, 138, 138,   1, 138,
+       35,   0, 138, 138,  71,   3,  38,  22, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
+      138, 138, 138, 138, 138, 138, 138
     };
   register int hval = len;
 
@@ -135,108 +135,115 @@ hash (str, len)
 
 static const struct proposal_token wordlist[] =
   {
-    {"null",             ENCRYPTION_ALGORITHM, ENCR_NULL,                0},
-    {"aes192",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192},
-    {"aesxcbc",          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,         0},
-    {"aes",              ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128},
-    {"aes128",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128},
-    {"des",              ENCRYPTION_ALGORITHM, ENCR_DES,                 0},
-    {"aes192ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           192},
-    {"aes128ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           128},
-    {"3des",             ENCRYPTION_ALGORITHM, ENCR_3DES,                0},
-    {"aes192gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192},
-    {"aes192ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192},
-    {"aes128gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128},
-    {"aes128ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128},
-    {"aes192gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192},
-    {"aes192ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192},
-    {"aes128gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128},
-    {"aes128ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128},
-    {"aes192gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192},
-    {"aes192ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192},
-    {"aes128gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128},
-    {"aes128ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128},
-    {"aes192gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192},
-    {"aes192ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192},
-    {"aes128gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128},
-    {"aes128ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128},
-    {"cast128",          ENCRYPTION_ALGORITHM, ENCR_CAST,              128},
-    {"aes192gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192},
-    {"aes192ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192},
-    {"aes128gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128},
-    {"aes128ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128},
-    {"aes256ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           256},
-    {"aes192gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192},
-    {"aes192ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192},
-    {"aes128gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128},
-    {"aes128ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128},
-    {"aes256gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256},
-    {"aes256ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256},
-    {"sha1",             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0},
-    {"sha384",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0},
-    {"aes256gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256},
-    {"aes256ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256},
-    {"sha512",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0},
-    {"aes256",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256},
-    {"aes256gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256},
-    {"aes256ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256},
-    {"modp8192",         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,            0},
-    {"ecp192",           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,              0},
-    {"aes256gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256},
-    {"aes256ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256},
-    {"sha",              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0},
-    {"modp2048",         DIFFIE_HELLMAN_GROUP, MODP_2048_BIT,            0},
-    {"ecp224",           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,              0},
-    {"aes256gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256},
-    {"aes256ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256},
-    {"ecp384",           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,              0},
-    {"modp768",          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,             0},
-    {"modp1024",         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,            0},
-    {"ecp521",           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,              0},
-    {"aes256gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256},
-    {"aes256ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256},
-    {"md5",              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,         0},
-    {"blowfish192",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          192},
-    {"sha2_384",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0},
-    {"camellia192",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      192},
-    {"modp4096",         DIFFIE_HELLMAN_GROUP, MODP_4096_BIT,            0},
-    {"sha2_512",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0},
-    {"blowfish128",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128},
-    {"blowfish",         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128},
-    {"camellia128",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128},
-    {"modp6144",         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,            0},
-    {"modp3072",         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,            0},
-    {"serpent192",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       192},
-    {"twofish192",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       192},
-    {"sha256",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0},
-    {"twofish",          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128},
-    {"serpent128",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128},
-    {"twofish128",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128},
-    {"modpnull",         DIFFIE_HELLMAN_GROUP, MODP_NULL,                0},
-    {"camellia",         ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128},
-    {"ecp256",           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,              0},
-    {"modp1536",         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,            0},
-    {"serpent",          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128},
-    {"sha2_256",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0},
-    {"sha256_96",        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,    0},
-    {"sha2_256_96",      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,    0},
-    {"blowfish256",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          256},
-    {"camellia256",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      256},
-    {"serpent256",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       256},
-    {"twofish256",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       256}
+    {"null",             ENCRYPTION_ALGORITHM, ENCR_NULL,                 0},
+    {"aes",              ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128},
+    {"aes192",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            192},
+    {"aesxcbc",          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,          0},
+    {"aes192gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+    {"aes128",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128},
+    {"aes128gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
+    {"des",              ENCRYPTION_ALGORITHM, ENCR_DES,                  0},
+    {"aes192gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192},
+    {"aes192ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192},
+    {"aes128gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       128},
+    {"aes128ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128},
+    {"aes192gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      192},
+    {"aes192ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      192},
+    {"aes128gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      128},
+    {"aes128ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      128},
+    {"aes192gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      192},
+    {"aes192ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      192},
+    {"aes128gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      128},
+    {"aes128ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      128},
+    {"aes192gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      192},
+    {"aes192ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      192},
+    {"aes128gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      128},
+    {"aes128ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      128},
+    {"3des",             ENCRYPTION_ALGORITHM, ENCR_3DES,                 0},
+    {"cast128",          ENCRYPTION_ALGORITHM, ENCR_CAST,               128},
+    {"aes256gmac",       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
+    {"sha",              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0},
+    {"aes192gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      192},
+    {"aes192ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      192},
+    {"aes128gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      128},
+    {"aes128ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      128},
+    {"aes256gcm8",       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256},
+    {"aes256ccm8",       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256},
+    {"modp8192",         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,             0},
+    {"aes256gcm12",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256},
+    {"aes256ccm12",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      256},
+    {"sha1",             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0},
+    {"aes256",           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            256},
+    {"aes256gcm128",     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256},
+    {"aes256ccm128",     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      256},
+    {"sha512",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0},
+    {"ecp192",           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,               0},
+    {"aes256gcm96",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256},
+    {"aes256ccm96",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      256},
+    {"aes192gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192},
+    {"aes192ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192},
+    {"aes128gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       128},
+    {"aes128ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128},
+    {"md5",              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,          0},
+    {"blowfish",         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
+    {"blowfish192",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           192},
+    {"modp768",          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,              0},
+    {"ecp521",           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,               0},
+    {"aes256gcm16",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256},
+    {"aes256ccm16",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      256},
+    {"blowfish128",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128},
+    {"camellia",         ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128},
+    {"modp1024s160",     DIFFIE_HELLMAN_GROUP, MODP_1024_160,             0},
+    {"sha2_512",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0},
+    {"camellia192",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       192},
+    {"sha384",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0},
+    {"modp2048",         DIFFIE_HELLMAN_GROUP, MODP_2048_BIT,             0},
+    {"modpnull",         DIFFIE_HELLMAN_GROUP, MODP_NULL,                 0},
+    {"aes192ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            192},
+    {"camellia128",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128},
+    {"aes128ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            128},
+    {"modp3072",         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,             0},
+    {"modp1024",         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,             0},
+    {"ecp224",           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,               0},
+    {"aes256gcm64",      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256},
+    {"aes256ccm64",      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256},
+    {"ecp384",           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,               0},
+    {"twofish",          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
+    {"sha256",           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0},
+    {"modp4096",         DIFFIE_HELLMAN_GROUP, MODP_4096_BIT,             0},
+    {"twofish192",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        192},
+    {"sha2_384",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0},
+    {"modp1536",         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,             0},
+    {"serpent192",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        192},
+    {"twofish128",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128},
+    {"modp2048s256",     DIFFIE_HELLMAN_GROUP, MODP_2048_256,             0},
+    {"ecp256",           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,               0},
+    {"serpent128",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
+    {"aes256ctr",        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            256},
+    {"modp2048s224",     DIFFIE_HELLMAN_GROUP, MODP_2048_224,             0},
+    {"sha2_256",         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0},
+    {"sha256_96",        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0},
+    {"blowfish256",      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           256},
+    {"sha2_256_96",      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0},
+    {"modp6144",         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,             0},
+    {"camellia256",      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       256},
+    {"serpent",          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128},
+    {"twofish256",       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        256},
+    {"serpent256",       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        256}
   };
 
 static const short lookup[] =
   {
-    -1, -1, -1, -1,  0, -1, -1, -1,  1, -1,  2, -1,  3,  4,
-     5,  6, -1,  7,  8, -1,  9, 10, 11, 12, 13, 14, 15, 16,
-    17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, -1,
-    30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43,
-    44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
-    58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, -1, 70,
-    71, 72, -1, -1, 73, 74, 75, 76, 77, -1, 78, -1, -1, -1,
-    -1, -1, -1, -1, -1, -1, 79, 80, -1, -1, -1, -1, -1, 81,
-    82, 83, -1, 84, -1, -1, -1, 85, -1, 86, 87, 88
+    -1, -1, -1, -1, -1,  0,  1, -1,  2, -1,  3, -1,  4,  5,
+     6,  7, -1, -1, -1, -1,  8,  9, 10, 11, 12, 13, 14, 15,
+    16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, 26, -1, -1,
+    27, 28, 29, 30, 31, 32, 33, -1, 34, 35, 36, 37, 38, 39,
+    40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
+    54, 55, 56, 57, 58, -1, 59, 60, 61, 62, 63, 64, 65, 66,
+    67, 68, -1, 69, 70, 71, 72, 73, 74, 75, 76, -1, -1, 77,
+    78, 79, 80, 81, -1, -1, 82, 83, -1, -1, 84, 85, -1, 86,
+    87, 88, 89, -1, -1, -1, -1, -1, -1, -1, 90, 91, -1, -1,
+    -1, -1, -1, -1, 92, -1, 93, -1, -1, -1, -1, 94
   };
 
 #ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 139d689ca..338993821 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -29,92 +29,98 @@ struct proposal_token {
     u_int16_t         keysize;
 };
 %%
-null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                0
-des,              ENCRYPTION_ALGORITHM, ENCR_DES,                 0
-3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                0
-aes,              ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
-aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           128
-aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           192
-aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,           256
-aes128ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           128
-aes192ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           192
-aes256ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,           256
-aes128ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
-aes128ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      128
-aes128ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128
-aes128ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     128
-aes128ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128
-aes128ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     128
-aes192ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192
-aes192ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      192
-aes192ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192
-aes192ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     192
-aes192ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192
-aes192ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     192
-aes256ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256
-aes256ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,      256
-aes256ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256
-aes256ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,     256
-aes256ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256
-aes256ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,     256
-aes128gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128
-aes128gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      128
-aes128gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128
-aes128gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     128
-aes128gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128
-aes128gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     128
-aes192gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192
-aes192gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      192
-aes192gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192
-aes192gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     192
-aes192gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192
-aes192gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     192
-aes256gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256
-aes256gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,      256
-aes256gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
-aes256gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,     256
-aes256gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
-aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,     256
-blowfish,         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128
-blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          128
-blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          192
-blowfish256,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,          256
-camellia,         ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128
-camellia128,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      128
-camellia192,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      192
-camellia256,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,      256
-cast128,          ENCRYPTION_ALGORITHM, ENCR_CAST,              128
-serpent,          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128
-serpent128,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       128
-serpent192,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       192
-serpent256,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,       256
-twofish,          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128
-twofish128,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       128
-twofish192,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       192
-twofish256,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,       256
-sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
-sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,        0
-sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
-sha2_256,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,   0
-sha256_96,        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,    0
-sha2_256_96,      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,    0
-sha384,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
-sha2_384,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,   0
-sha512,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0
-sha2_512,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,   0
-md5,              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,         0
-aesxcbc,          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,         0
-modpnull,         DIFFIE_HELLMAN_GROUP, MODP_NULL,                0
-modp768,          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,             0
-modp1024,         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,            0
-modp1536,         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,            0
-modp2048,         DIFFIE_HELLMAN_GROUP, MODP_2048_BIT,            0
-modp3072,         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,            0
-modp4096,         DIFFIE_HELLMAN_GROUP, MODP_4096_BIT,            0
-modp6144,         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,            0
-modp8192,         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,            0
-ecp192,           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,              0
-ecp224,           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,              0
-ecp256,           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,              0
-ecp384,           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,              0
-ecp521,           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,              0
+null,             ENCRYPTION_ALGORITHM, ENCR_NULL,                 0
+des,              ENCRYPTION_ALGORITHM, ENCR_DES,                  0
+3des,             ENCRYPTION_ALGORITHM, ENCR_3DES,                 0
+aes,              ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128
+aes128,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            128
+aes192,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            192
+aes256,           ENCRYPTION_ALGORITHM, ENCR_AES_CBC,            256
+aes128ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            128
+aes192ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            192
+aes256ctr,        ENCRYPTION_ALGORITHM, ENCR_AES_CTR,            256
+aes128ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128
+aes128ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       128
+aes128ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      128
+aes128ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      128
+aes128ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      128
+aes128ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      128
+aes192ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192
+aes192ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       192
+aes192ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      192
+aes192ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      192
+aes192ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      192
+aes192ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      192
+aes256ccm8,       ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256
+aes256ccm64,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8,       256
+aes256ccm12,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      256
+aes256ccm96,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12,      256
+aes256ccm16,      ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      256
+aes256ccm128,     ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16,      256
+aes128gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       128
+aes128gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       128
+aes128gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      128
+aes128gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      128
+aes128gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      128
+aes128gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      128
+aes192gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192
+aes192gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       192
+aes192gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      192
+aes192gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      192
+aes192gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      192
+aes192gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      192
+aes256gcm8,       ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256
+aes256gcm64,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8,       256
+aes256gcm12,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256
+aes256gcm96,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12,      256
+aes256gcm16,      ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256
+aes256gcm128,     ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16,      256
+aes128gmac,       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128
+aes192gmac,       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192
+aes256gmac,       ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256
+blowfish,         ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128
+blowfish128,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           128
+blowfish192,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           192
+blowfish256,      ENCRYPTION_ALGORITHM, ENCR_BLOWFISH,           256
+camellia,         ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128
+camellia128,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       128
+camellia192,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       192
+camellia256,      ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC,       256
+cast128,          ENCRYPTION_ALGORITHM, ENCR_CAST,               128
+serpent,          ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128
+serpent128,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        128
+serpent192,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        192
+serpent256,       ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC,        256
+twofish,          ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128
+twofish128,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        128
+twofish192,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        192
+twofish256,       ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC,        256
+sha,              INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0
+sha1,             INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA1_96,         0
+sha256,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0
+sha2_256,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_128,    0
+sha256_96,        INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0
+sha2_256_96,      INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_256_96,     0
+sha384,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0
+sha2_384,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_384_192,    0
+sha512,           INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0
+sha2_512,         INTEGRITY_ALGORITHM,  AUTH_HMAC_SHA2_512_256,    0
+md5,              INTEGRITY_ALGORITHM,  AUTH_HMAC_MD5_96,          0
+aesxcbc,          INTEGRITY_ALGORITHM,  AUTH_AES_XCBC_96,          0
+modpnull,         DIFFIE_HELLMAN_GROUP, MODP_NULL,                 0
+modp768,          DIFFIE_HELLMAN_GROUP, MODP_768_BIT,              0
+modp1024,         DIFFIE_HELLMAN_GROUP, MODP_1024_BIT,             0
+modp1536,         DIFFIE_HELLMAN_GROUP, MODP_1536_BIT,             0
+modp2048,         DIFFIE_HELLMAN_GROUP, MODP_2048_BIT,             0
+modp3072,         DIFFIE_HELLMAN_GROUP, MODP_3072_BIT,             0
+modp4096,         DIFFIE_HELLMAN_GROUP, MODP_4096_BIT,             0
+modp6144,         DIFFIE_HELLMAN_GROUP, MODP_6144_BIT,             0
+modp8192,         DIFFIE_HELLMAN_GROUP, MODP_8192_BIT,             0
+ecp192,           DIFFIE_HELLMAN_GROUP, ECP_192_BIT,               0
+ecp224,           DIFFIE_HELLMAN_GROUP, ECP_224_BIT,               0
+ecp256,           DIFFIE_HELLMAN_GROUP, ECP_256_BIT,               0
+ecp384,           DIFFIE_HELLMAN_GROUP, ECP_384_BIT,               0
+ecp521,           DIFFIE_HELLMAN_GROUP, ECP_521_BIT,               0
+modp1024s160,     DIFFIE_HELLMAN_GROUP, MODP_1024_160,             0
+modp2048s224,     DIFFIE_HELLMAN_GROUP, MODP_2048_224,             0
+modp2048s256,     DIFFIE_HELLMAN_GROUP, MODP_2048_256,             0
diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c
index 51b7875d8..21a7e63dd 100644
--- a/src/libstrongswan/debug.c
+++ b/src/libstrongswan/debug.c
@@ -17,10 +17,36 @@
 
 #include "debug.h"
 
+ENUM(debug_names, DBG_DMN, DBG_LIB,
+	"DMN",
+	"MGR",
+	"IKE",
+	"CHD",
+	"JOB",
+	"CFG",
+	"KNL",
+	"NET",
+	"ENC",
+	"LIB",
+);
+
+ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
+	"dmn",
+	"mgr",
+	"ike",
+	"chd",
+	"job",
+	"cfg",
+	"knl",
+	"net",
+	"enc",
+	"lib",
+);
+
 /**
  * level logged by the default logger
  */
-static int default_level = 1;
+static level_t default_level = 1;
 
 /**
  * stream logged to by the default logger
@@ -30,7 +56,7 @@ static FILE *default_stream = NULL;
 /**
  * default dbg function which printf all to stderr
  */
-void dbg_default(int level, char *fmt, ...)
+void dbg_default(debug_t group, level_t level, char *fmt, ...)
 {
 	if (!default_stream)
 	{
@@ -50,7 +76,7 @@ void dbg_default(int level, char *fmt, ...)
 /**
  * set the level logged by the default stderr logger
  */
-void dbg_default_set_level(int level)
+void dbg_default_set_level(level_t level)
 {
 	default_level = level;
 }
@@ -66,5 +92,5 @@ void dbg_default_set_stream(FILE *stream)
 /**
  * The registered debug hook.
  */
-void (*dbg) (int level, char *fmt, ...) = dbg_default;
+void (*dbg) (debug_t group, level_t level, char *fmt, ...) = dbg_default;
 
diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h
index 085795acb..a21111d93 100644
--- a/src/libstrongswan/debug.h
+++ b/src/libstrongswan/debug.h
@@ -21,26 +21,95 @@
 #ifndef DEBUG_H_
 #define DEBUG_H_
 
+typedef enum debug_t debug_t;
+typedef enum level_t level_t;
+
 #include <stdio.h>
 
+#include "enum.h"
+
+/**
+ * Debug message group.
+ */
+enum debug_t {
+	/** daemon specific */
+	DBG_DMN,
+	/** IKE_SA_MANAGER */
+	DBG_MGR,
+	/** IKE_SA */
+	DBG_IKE,
+	/** CHILD_SA */
+	DBG_CHD,
+	/** job processing */
+	DBG_JOB,
+	/** configuration backends */
+	DBG_CFG,
+	/** kernel interface */
+	DBG_KNL,
+	/** networking/sockets */
+	DBG_NET,
+	/** message encoding/decoding */
+	DBG_ENC,
+	/** libstrongswan */
+	DBG_LIB,
+	/** number of groups */
+	DBG_MAX,
+	/** pseudo group with all groups */
+	DBG_ANY = DBG_MAX,
+};
+
+/**
+ * short names of debug message group.
+ */
+extern enum_name_t *debug_names;
+
+/**
+ * short names of debug message group, lower case.
+ */
+extern enum_name_t *debug_lower_names;
+
+/**
+ * Debug levels used to control output verbosity.
+ */
+enum level_t {
+	/** absolutely silent */
+	LEVEL_SILENT = -1,
+	/** most important auditing logs */
+	LEVEL_AUDIT =   0,
+	/** control flow */
+	LEVEL_CTRL =    1,
+	/** diagnose problems */
+	LEVEL_DIAG =    2,
+	/** raw binary blobs */
+	LEVEL_RAW =     3,
+	/** including sensitive data (private keys) */
+	LEVEL_PRIVATE = 4,
+};
+
 #ifndef DEBUG_LEVEL
 # define DEBUG_LEVEL 4
 #endif /* DEBUG_LEVEL */
 
 /** debug macros, they call the dbg function hook */
+#if DEBUG_LEVEL >= 0
+# define DBG0(group, fmt, ...) dbg(group, 0, fmt, ##__VA_ARGS__)
+#endif /* DEBUG_LEVEL */
 #if DEBUG_LEVEL >= 1
-# define DBG1(fmt, ...) dbg(1, fmt, ##__VA_ARGS__)
+# define DBG1(group, fmt, ...) dbg(group, 1, fmt, ##__VA_ARGS__)
 #endif /* DEBUG_LEVEL */
 #if DEBUG_LEVEL >= 2
-# define DBG2(fmt, ...) dbg(2, fmt, ##__VA_ARGS__)
+# define DBG2(group, fmt, ...) dbg(group, 2, fmt, ##__VA_ARGS__)
 #endif /* DEBUG_LEVEL */
 #if DEBUG_LEVEL >= 3
-# define DBG3(fmt, ...) dbg(3, fmt, ##__VA_ARGS__)
+# define DBG3(group, fmt, ...) dbg(group, 3, fmt, ##__VA_ARGS__)
 #endif /* DEBUG_LEVEL */
 #if DEBUG_LEVEL >= 4
-# define DBG4(fmt, ...) dbg(4, fmt, ##__VA_ARGS__)
+# define DBG4(group, fmt, ...) dbg(group, 4, fmt, ##__VA_ARGS__)
 #endif /* DEBUG_LEVEL */
 
+#ifndef DBG0
+# define DBG0(...) {}
+#endif
 #ifndef DBG1
 # define DBG1(...) {}
 #endif
@@ -55,13 +124,13 @@
 #endif
 
 /** dbg function hook, uses dbg_default() by default */
-extern void (*dbg) (int level, char *fmt, ...);
+extern void (*dbg) (debug_t group, level_t level, char *fmt, ...);
 
 /** default logging function */
-void dbg_default(int level, char *fmt, ...);
+void dbg_default(debug_t group, level_t level, char *fmt, ...);
 
 /** set the level logged by dbg_default() */
-void dbg_default_set_level(int level);
+void dbg_default_set_level(level_t level);
 
 /** set the stream logged by dbg_default() to */
 void dbg_default_set_stream(FILE *stream);
diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h
index 6b9fd7eaa..691f9f2bc 100644
--- a/src/libstrongswan/enum.h
+++ b/src/libstrongswan/enum.h
@@ -22,7 +22,7 @@
 #ifndef ENUM_H_
 #define ENUM_H_
 
-#include <printf_hook.h>
+#include "printf_hook.h"
 
 typedef struct enum_name_t enum_name_t;
 
diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c
index b73bfacf6..c81de032c 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.c
+++ b/src/libstrongswan/fetcher/fetcher_manager.c
@@ -134,7 +134,7 @@ static status_t fetch(private_fetcher_manager_t *this,
 	this->lock->unlock(this->lock);
 	if (!capable)
 	{
-		DBG1("unable to fetch from %s, no capable fetcher found", url);
+		DBG1(DBG_LIB, "unable to fetch from %s, no capable fetcher found", url);
 	}
 	return status;
 }
diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c
index 51da4e725..c9cad44ae 100644
--- a/src/libstrongswan/integrity_checker.c
+++ b/src/libstrongswan/integrity_checker.c
@@ -26,8 +26,8 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
-#include <debug.h>
-#include <library.h>
+#include "debug.h"
+#include "library.h"
 
 typedef struct private_integrity_checker_t private_integrity_checker_t;
 
@@ -72,13 +72,14 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file,
 	fd = open(file, O_RDONLY);
 	if (fd == -1)
 	{
-		DBG1("  opening '%s' failed: %s", file, strerror(errno));
+		DBG1(DBG_LIB, "  opening '%s' failed: %s", file, strerror(errno));
 		return 0;
 	}
 
 	if (fstat(fd, &sb) == -1)
 	{
-		DBG1("  getting file size of '%s' failed: %s", file, strerror(errno));
+		DBG1(DBG_LIB, "  getting file size of '%s' failed: %s", file,
+			 strerror(errno));
 		close(fd);
 		return 0;
 	}
@@ -86,7 +87,7 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file,
 	addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
 	if (addr == MAP_FAILED)
 	{
-		DBG1("  mapping '%s' failed: %s", file, strerror(errno));
+		DBG1(DBG_LIB, "  mapping '%s' failed: %s", file, strerror(errno));
 		close(fd);
 		return 0;
 	}
@@ -146,13 +147,13 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym,
 
 	if (dladdr(sym, &dli) == 0)
 	{
-		DBG1("  unable to locate symbol: %s", dlerror());
+		DBG1(DBG_LIB, "  unable to locate symbol: %s", dlerror());
 		return 0;
 	}
 	/* we reuse the Dl_info struct as in/out parameter */
 	if (!dl_iterate_phdr((void*)callback, &dli))
 	{
-		DBG1("  executable section not found");
+		DBG1(DBG_LIB, "  executable section not found");
 		return 0;
 	}
 
@@ -192,7 +193,7 @@ static bool check_file(private_integrity_checker_t *this,
 	cs = find_checksum(this, name);
 	if (!cs)
 	{
-		DBG1("  '%s' file checksum not found", name);
+		DBG1(DBG_LIB, "  '%s' file checksum not found", name);
 		return FALSE;
 	}
 	sum = build_file(this, file, &len);
@@ -202,17 +203,17 @@ static bool check_file(private_integrity_checker_t *this,
 	}
 	if (cs->file_len != len)
 	{
-		DBG1("  invalid '%s' file size: %u bytes, expected %u bytes",
+		DBG1(DBG_LIB, "  invalid '%s' file size: %u bytes, expected %u bytes",
 			 name, len, cs->file_len);
 		return FALSE;
 	}
 	if (cs->file != sum)
 	{
-		DBG1("  invalid '%s' file checksum: %08x, expected %08x",
+		DBG1(DBG_LIB, "  invalid '%s' file checksum: %08x, expected %08x",
 			 name, sum, cs->file);
 		return FALSE;
 	}
-	DBG2("  valid '%s' file checksum: %08x", name, sum);
+	DBG2(DBG_LIB, "  valid '%s' file checksum: %08x", name, sum);
 	return TRUE;
 }
 
@@ -229,7 +230,7 @@ static bool check_segment(private_integrity_checker_t *this,
 	cs = find_checksum(this, name);
 	if (!cs)
 	{
-		DBG1("  '%s' segment checksum not found", name);
+		DBG1(DBG_LIB, "  '%s' segment checksum not found", name);
 		return FALSE;
 	}
 	sum = build_segment(this, sym, &len);
@@ -239,17 +240,17 @@ static bool check_segment(private_integrity_checker_t *this,
 	}
 	if (cs->segment_len != len)
 	{
-		DBG1("  invalid '%s' segment size: %u bytes, expected %u bytes",
-			 name, len, cs->segment_len);
+		DBG1(DBG_LIB, "  invalid '%s' segment size: %u bytes,"
+			 " expected %u bytes", name, len, cs->segment_len);
 		return FALSE;
 	}
 	if (cs->segment != sum)
 	{
-		DBG1("  invalid '%s' segment checksum: %08x, expected %08x",
+		DBG1(DBG_LIB, "  invalid '%s' segment checksum: %08x, expected %08x",
 			 name, sum, cs->segment);
 		return FALSE;
 	}
-	DBG2("  valid '%s' segment checksum: %08x", name, sum);
+	DBG2(DBG_LIB, "  valid '%s' segment checksum: %08x", name, sum);
 	return TRUE;
 }
 
@@ -262,7 +263,7 @@ static bool check(private_integrity_checker_t *this, char *name, void *sym)
 
 	if (dladdr(sym, &dli) == 0)
 	{
-		DBG1("unable to locate symbol: %s", dlerror());
+		DBG1(DBG_LIB, "unable to locate symbol: %s", dlerror());
 		return FALSE;
 	}
 	if (!check_file(this, name, (char*)dli.dli_fname))
@@ -319,12 +320,14 @@ integrity_checker_t *integrity_checker_create(char *checksum_library)
 			}
 			else
 			{
-				DBG1("checksum library '%s' invalid", checksum_library);
+				DBG1(DBG_LIB, "checksum library '%s' invalid",
+					 checksum_library);
 			}
 		}
 		else
 		{
-			DBG1("loading checksum library '%s' failed", checksum_library);
+			DBG1(DBG_LIB, "loading checksum library '%s' failed",
+				 checksum_library);
 		}
 	}
 	return &this->public;
diff --git a/src/libstrongswan/integrity_checker.h b/src/libstrongswan/integrity_checker.h
index 7349353f3..55a4658f7 100644
--- a/src/libstrongswan/integrity_checker.h
+++ b/src/libstrongswan/integrity_checker.h
@@ -21,8 +21,8 @@
 #ifndef INTEGRITY_CHECKER_H_
 #define INTEGRITY_CHECKER_H_
 
-#include <utils.h>
-#include <plugins/plugin.h>
+#include "utils.h"
+#include "plugins/plugin.h"
 
 typedef struct integrity_checker_t integrity_checker_t;
 typedef struct integrity_checksum_t integrity_checksum_t;
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index 4e8bb87d0..108ac2ca0 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -18,14 +18,12 @@
 
 #include <stdlib.h>
 
-#include <utils.h>
-#include <chunk.h>
-#include <debug.h>
-#include <threading/thread.h>
-#include <utils/identification.h>
-#include <utils/host.h>
+#include "debug.h"
+#include "threading/thread.h"
+#include "utils/identification.h"
+#include "utils/host.h"
 #ifdef LEAK_DETECTIVE
-#include <utils/leak_detective.h>
+#include "utils/leak_detective.h"
 #endif
 
 #define CHECKSUM_LIBRARY IPSEC_DIR"/libchecksum.so"
@@ -68,7 +66,6 @@ void library_deinit()
 	this->public.encoding->destroy(this->public.encoding);
 	this->public.crypto->destroy(this->public.crypto);
 	this->public.fetcher->destroy(this->public.fetcher);
-	this->public.attributes->destroy(this->public.attributes);
 	this->public.db->destroy(this->public.db);
 	this->public.printf_hook->destroy(this->public.printf_hook);
 	if (this->public.integrity)
@@ -133,7 +130,6 @@ bool library_init(char *settings)
 	this->public.creds = credential_factory_create();
 	this->public.encoding = key_encoding_create();
 	this->public.fetcher = fetcher_manager_create();
-	this->public.attributes = attribute_manager_create();
 	this->public.db = database_factory_create();
 	this->public.plugins = plugin_loader_create();
 	this->public.integrity = NULL;
@@ -145,11 +141,11 @@ bool library_init(char *settings)
 		this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY);
 		if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
 		{
-			DBG1("integrity check of libstrongswan failed");
+			DBG1(DBG_LIB, "integrity check of libstrongswan failed");
 			return FALSE;
 		}
 #else /* !INTEGRITY_TEST */
-		DBG1("integrity test enabled, but not supported");
+		DBG1(DBG_LIB, "integrity test enabled, but not supported");
 		return FALSE;
 #endif /* INTEGRITY_TEST */
 	}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 78a6fe0a9..241084155 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -55,18 +55,17 @@
 #ifndef LIBRARY_H_
 #define LIBRARY_H_
 
-#include <printf_hook.h>
-#include <utils.h>
-#include <chunk.h>
-#include <settings.h>
-#include <integrity_checker.h>
-#include <plugins/plugin_loader.h>
-#include <crypto/crypto_factory.h>
-#include <fetcher/fetcher_manager.h>
-#include <attributes/attribute_manager.h>
-#include <database/database_factory.h>
-#include <credentials/credential_factory.h>
-#include <credentials/keys/key_encoding.h>
+#include "printf_hook.h"
+#include "utils.h"
+#include "chunk.h"
+#include "settings.h"
+#include "integrity_checker.h"
+#include "plugins/plugin_loader.h"
+#include "crypto/crypto_factory.h"
+#include "fetcher/fetcher_manager.h"
+#include "database/database_factory.h"
+#include "credentials/credential_factory.h"
+#include "credentials/keys/key_encoding.h"
 
 typedef struct library_t library_t;
 
@@ -101,11 +100,6 @@ struct library_t {
 	fetcher_manager_t *fetcher;
 
 	/**
-	 * manager for payload attributes
-	 */
-	attribute_manager_t *attributes;
-
-	/**
 	 * database construction factory
 	 */
 	database_factory_t *db;
diff --git a/src/libstrongswan/plugins/aes/Makefile.am b/src/libstrongswan/plugins/aes/Makefile.am
index a3101172f..e72daeb44 100644
--- a/src/libstrongswan/plugins/aes/Makefile.am
+++ b/src/libstrongswan/plugins/aes/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-aes.la
+else
 plugin_LTLIBRARIES = libstrongswan-aes.la
+endif
 
-libstrongswan_aes_la_SOURCES = aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
-libstrongswan_aes_la_LDFLAGS = -module -avoid-version
+libstrongswan_aes_la_SOURCES = \
+	aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
 
+libstrongswan_aes_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 03ef465e0..391d23049 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_aes_la_LIBADD =
 am_libstrongswan_aes_la_OBJECTS = aes_plugin.lo aes_crypter.lo
 libstrongswan_aes_la_OBJECTS = $(am_libstrongswan_aes_la_OBJECTS)
 libstrongswan_aes_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_aes_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_aes_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_aes_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-aes.la
-libstrongswan_aes_la_SOURCES = aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-aes.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-aes.la
+libstrongswan_aes_la_SOURCES = \
+	aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h
+
 libstrongswan_aes_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -290,6 +296,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-aes.la: $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_DEPENDENCIES) 
-	$(libstrongswan_aes_la_LINK) -rpath $(plugindir) $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_LIBADD) $(LIBS)
+	$(libstrongswan_aes_la_LINK) $(am_libstrongswan_aes_la_rpath) $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c
index c6215cc7f..1e920f8cc 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.c
+++ b/src/libstrongswan/plugins/aes/aes_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_aes_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *aes_plugin_create()
 {
 	private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t);
 
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.h b/src/libstrongswan/plugins/aes/aes_plugin.h
index a6ff620ed..f0f0e8154 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.h
+++ b/src/libstrongswan/plugins/aes/aes_plugin.h
@@ -39,9 +39,4 @@ struct aes_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a aes_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** AES_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/agent/Makefile.am b/src/libstrongswan/plugins/agent/Makefile.am
index e1000e562..ffa6e8b7f 100644
--- a/src/libstrongswan/plugins/agent/Makefile.am
+++ b/src/libstrongswan/plugins/agent/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-agent.la
+else
 plugin_LTLIBRARIES = libstrongswan-agent.la
+endif
 
-libstrongswan_agent_la_SOURCES = agent_plugin.h agent_plugin.c \
-  agent_private_key.c agent_private_key.h
+libstrongswan_agent_la_SOURCES = \
+	agent_plugin.h agent_plugin.c \
+	agent_private_key.c agent_private_key.h
 
 libstrongswan_agent_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 5bf52aa56..bd6465374 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_agent_la_LIBADD =
 am_libstrongswan_agent_la_OBJECTS = agent_plugin.lo \
 	agent_private_key.lo
@@ -80,6 +80,9 @@ libstrongswan_agent_la_OBJECTS = $(am_libstrongswan_agent_la_OBJECTS)
 libstrongswan_agent_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_agent_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_agent_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_agent_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,9 +258,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-agent.la
-libstrongswan_agent_la_SOURCES = agent_plugin.h agent_plugin.c \
-  agent_private_key.c agent_private_key.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-agent.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-agent.la
+libstrongswan_agent_la_SOURCES = \
+	agent_plugin.h agent_plugin.c \
+	agent_private_key.c agent_private_key.h
 
 libstrongswan_agent_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -293,6 +299,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +340,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-agent.la: $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_DEPENDENCIES) 
-	$(libstrongswan_agent_la_LINK) -rpath $(plugindir) $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_LIBADD) $(LIBS)
+	$(libstrongswan_agent_la_LINK) $(am_libstrongswan_agent_la_rpath) $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -479,8 +494,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -551,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index 299b2cc1d..d40b437bb 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_agent_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *agent_plugin_create()
 {
 	private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t);
 
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h
index e49af42d8..d352c305c 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.h
+++ b/src/libstrongswan/plugins/agent/agent_plugin.h
@@ -39,9 +39,4 @@ struct agent_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a agent_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** AGENT_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index d0a2da87f..4247f849e 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -137,7 +137,8 @@ static int open_connection(char *path)
 	s = socket(AF_UNIX, SOCK_STREAM, 0);
 	if (s == -1)
 	{
-		DBG1("opening ssh-agent socket %s failed: %s:", path, strerror(errno));
+		DBG1(DBG_LIB, "opening ssh-agent socket %s failed: %s:", path,
+			 strerror(errno));
 		return -1;
 	}
 
@@ -147,7 +148,8 @@ static int open_connection(char *path)
 
 	if (connect(s, (struct sockaddr*)&addr, SUN_LEN(&addr)) != 0)
 	{
-		DBG1("connecting to ssh-agent socket failed: %s", strerror(errno));
+		DBG1(DBG_LIB, "connecting to ssh-agent socket failed: %s",
+			 strerror(errno));
 		close(s);
 		return -1;
 	}
@@ -168,7 +170,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
 	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
 		write(this->socket, &buf, 1) != 1)
 	{
-		DBG1("writing to ssh-agent failed");
+		DBG1(DBG_LIB, "writing to ssh-agent failed");
 		return FALSE;
 	}
 
@@ -179,7 +181,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
 		read_uint32(&blob) != blob.len ||
 		read_byte(&blob) != SSH_AGENT_ID_RESPONSE)
 	{
-		DBG1("received invalid ssh-agent identity response");
+		DBG1(DBG_LIB, "received invalid ssh-agent identity response");
 		return FALSE;
 	}
 	count = read_uint32(&blob);
@@ -231,7 +233,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
 
 	if (scheme != SIGN_RSA_EMSA_PKCS1_SHA1)
 	{
-		DBG1("signature scheme %N not supported by ssh-agent",
+		DBG1(DBG_LIB, "signature scheme %N not supported by ssh-agent",
 			 signature_scheme_names, scheme);
 		return FALSE;
 	}
@@ -241,7 +243,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
 	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
 		write(this->socket, &buf, 1) != 1)
 	{
-		DBG1("writing to ssh-agent failed");
+		DBG1(DBG_LIB, "writing to ssh-agent failed");
 		return FALSE;
 	}
 
@@ -249,7 +251,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
 	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
 		write(this->socket, this->key.ptr, this->key.len) != this->key.len)
 	{
-		DBG1("writing to ssh-agent failed");
+		DBG1(DBG_LIB, "writing to ssh-agent failed");
 		return FALSE;
 	}
 
@@ -257,14 +259,14 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
 	if (write(this->socket, &len, sizeof(len)) != sizeof(len) ||
 		write(this->socket, data.ptr, data.len) != data.len)
 	{
-		DBG1("writing to ssh-agent failed");
+		DBG1(DBG_LIB, "writing to ssh-agent failed");
 		return FALSE;
 	}
 
 	flags = htonl(0);
 	if (write(this->socket, &flags, sizeof(flags)) != sizeof(flags))
 	{
-		DBG1("writing to ssh-agent failed");
+		DBG1(DBG_LIB, "writing to ssh-agent failed");
 		return FALSE;
 	}
 
@@ -274,7 +276,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
 		read_uint32(&blob) != blob.len ||
 		read_byte(&blob) != SSH_AGENT_SIGN_RESPONSE)
 	{
-		DBG1("received invalid ssh-agent signature response");
+		DBG1(DBG_LIB, "received invalid ssh-agent signature response");
 		return FALSE;
 	}
 	/* parse length */
@@ -285,7 +287,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
 	blob = read_string(&blob);
 	if (!blob.len)
 	{
-		DBG1("received invalid ssh-agent signature response");
+		DBG1(DBG_LIB, "received invalid ssh-agent signature response");
 		return FALSE;
 	}
 	*signature =  chunk_clone(blob);
@@ -306,7 +308,7 @@ static key_type_t get_type(private_agent_private_key_t *this)
 static bool decrypt(private_agent_private_key_t *this,
 					chunk_t crypto, chunk_t *plain)
 {
-	DBG1("private key decryption not supported by ssh-agent");
+	DBG1(DBG_LIB, "private key decryption not supported by ssh-agent");
 	return FALSE;
 }
 
diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.am b/src/libstrongswan/plugins/attr_sql/Makefile.am
deleted file mode 100644
index 5be310abf..000000000
--- a/src/libstrongswan/plugins/attr_sql/Makefile.am
+++ /dev/null
@@ -1,15 +0,0 @@
-
-INCLUDES = -I$(top_srcdir)/src/libstrongswan
-
-AM_CFLAGS = -rdynamic \
-  -DPLUGINS=\""${libstrongswan_plugins}\""
-
-plugin_LTLIBRARIES = libstrongswan-attr-sql.la
-libstrongswan_attr_sql_la_SOURCES = \
-  attr_sql_plugin.h attr_sql_plugin.c \
-  sql_attribute.h sql_attribute.c
-libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version
-
-ipsec_PROGRAMS = pool
-pool_SOURCES = pool.c
-pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am
index de8948445..95c414204 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.am
+++ b/src/libstrongswan/plugins/blowfish/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-blowfish.la
+else
 plugin_LTLIBRARIES = libstrongswan-blowfish.la
+endif
 
 libstrongswan_blowfish_la_SOURCES = \
-blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
-bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
-libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version
+	blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
+	bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
 
+libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 7b55d69c7..f95a4abe5 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_blowfish_la_LIBADD =
 am_libstrongswan_blowfish_la_OBJECTS = blowfish_plugin.lo \
 	blowfish_crypter.lo bf_skey.lo bf_enc.lo
@@ -82,6 +82,9 @@ libstrongswan_blowfish_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_blowfish_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_blowfish_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_blowfish_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -256,10 +260,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-blowfish.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-blowfish.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-blowfish.la
 libstrongswan_blowfish_la_SOURCES = \
-blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
-bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
+	blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
+	bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
 
 libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -296,6 +301,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-blowfish.la: $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_DEPENDENCIES) 
-	$(libstrongswan_blowfish_la_LINK) -rpath $(plugindir) $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_LIBADD) $(LIBS)
+	$(libstrongswan_blowfish_la_LINK) $(am_libstrongswan_blowfish_la_rpath) $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -484,8 +498,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -556,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
index 993dc8b3b..f9fb605b3 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
@@ -45,7 +45,7 @@ static void destroy(private_blowfish_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *blowfish_plugin_create()
 {
 	private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t);
 
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
index 596a7c791..6a87f42ee 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
@@ -40,9 +40,4 @@ struct blowfish_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a blowfish_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** BLOWFISH_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/curl/Makefile.am b/src/libstrongswan/plugins/curl/Makefile.am
index f0a41e4ad..43718f678 100644
--- a/src/libstrongswan/plugins/curl/Makefile.am
+++ b/src/libstrongswan/plugins/curl/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-curl.la
+else
 plugin_LTLIBRARIES = libstrongswan-curl.la
+endif
+
+libstrongswan_curl_la_SOURCES = \
+	curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
 
-libstrongswan_curl_la_SOURCES = curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
 libstrongswan_curl_la_LDFLAGS = -module -avoid-version
 libstrongswan_curl_la_LIBADD  = -lcurl
-
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 32b2504fe..1952b22e7 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_curl_la_DEPENDENCIES =
 am_libstrongswan_curl_la_OBJECTS = curl_plugin.lo curl_fetcher.lo
 libstrongswan_curl_la_OBJECTS = $(am_libstrongswan_curl_la_OBJECTS)
 libstrongswan_curl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_curl_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_curl_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_curl_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-curl.la
-libstrongswan_curl_la_SOURCES = curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-curl.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-curl.la
+libstrongswan_curl_la_SOURCES = \
+	curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h
+
 libstrongswan_curl_la_LDFLAGS = -module -avoid-version
 libstrongswan_curl_la_LIBADD = -lcurl
 all: all-am
@@ -291,6 +297,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +338,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-curl.la: $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_DEPENDENCIES) 
-	$(libstrongswan_curl_la_LINK) -rpath $(plugindir) $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_LIBADD) $(LIBS)
+	$(libstrongswan_curl_la_LINK) $(am_libstrongswan_curl_la_rpath) $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -477,8 +492,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -549,18 +564,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 08315e932..2341c9052 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -84,7 +84,7 @@ METHOD(fetcher_t, fetch, status_t,
 		curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers);
 	}
 
-	DBG2("  sending http request to '%s'...", uri);
+	DBG2(DBG_LIB, "  sending http request to '%s'...", uri);
 	switch (curl_easy_perform(this->curl))
 	{
 		case CURLE_UNSUPPORTED_PROTOCOL:
@@ -94,7 +94,7 @@ METHOD(fetcher_t, fetch, status_t,
 			status = SUCCESS;
 			break;
 		default:
-			DBG1("libcurl http request failed: %s", error);
+			DBG1(DBG_LIB, "libcurl http request failed: %s", error);
 			status = FAILED;
 			break;
 	}
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index 13dfa053f..e00fcfc03 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -48,7 +48,7 @@ static void destroy(private_curl_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *curl_plugin_create()
 {
 	CURLcode res;
 	private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t);
@@ -69,7 +69,7 @@ plugin_t *plugin_create()
 	}
 	else
 	{
-		DBG1("global libcurl initializing failed: %s, curl disabled",
+		DBG1(DBG_LIB, "global libcurl initializing failed: %s, curl disabled",
 			 curl_easy_strerror(res));
 	}
 	return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.h b/src/libstrongswan/plugins/curl/curl_plugin.h
index 1b748446b..ae17285c2 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.h
+++ b/src/libstrongswan/plugins/curl/curl_plugin.h
@@ -39,9 +39,4 @@ struct curl_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a curl_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** CURL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/des/Makefile.am b/src/libstrongswan/plugins/des/Makefile.am
index 76cfbc419..c7d9ce915 100644
--- a/src/libstrongswan/plugins/des/Makefile.am
+++ b/src/libstrongswan/plugins/des/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-des.la
+else
 plugin_LTLIBRARIES = libstrongswan-des.la
+endif
 
-libstrongswan_des_la_SOURCES = des_plugin.h des_plugin.c des_crypter.c des_crypter.h
-libstrongswan_des_la_LDFLAGS = -module -avoid-version
+libstrongswan_des_la_SOURCES = \
+	des_plugin.h des_plugin.c des_crypter.c des_crypter.h
 
+libstrongswan_des_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index f68b4bd03..af351cfe3 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_des_la_LIBADD =
 am_libstrongswan_des_la_OBJECTS = des_plugin.lo des_crypter.lo
 libstrongswan_des_la_OBJECTS = $(am_libstrongswan_des_la_OBJECTS)
 libstrongswan_des_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_des_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_des_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_des_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-des.la
-libstrongswan_des_la_SOURCES = des_plugin.h des_plugin.c des_crypter.c des_crypter.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-des.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-des.la
+libstrongswan_des_la_SOURCES = \
+	des_plugin.h des_plugin.c des_crypter.c des_crypter.h
+
 libstrongswan_des_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -290,6 +296,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-des.la: $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_DEPENDENCIES) 
-	$(libstrongswan_des_la_LINK) -rpath $(plugindir) $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_LIBADD) $(LIBS)
+	$(libstrongswan_des_la_LINK) $(am_libstrongswan_des_la_rpath) $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index 649d224ab..afc82e8d4 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_des_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *des_plugin_create()
 {
 	private_des_plugin_t *this = malloc_thing(private_des_plugin_t);
 
diff --git a/src/libstrongswan/plugins/des/des_plugin.h b/src/libstrongswan/plugins/des/des_plugin.h
index 17df220bc..cfff420c0 100644
--- a/src/libstrongswan/plugins/des/des_plugin.h
+++ b/src/libstrongswan/plugins/des/des_plugin.h
@@ -39,9 +39,4 @@ struct des_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a des_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** DES_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.am b/src/libstrongswan/plugins/dnskey/Makefile.am
index fd020f505..fbba95e0a 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.am
+++ b/src/libstrongswan/plugins/dnskey/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-dnskey.la
+else
 plugin_LTLIBRARIES = libstrongswan-dnskey.la
+endif
 
-libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \
-  dnskey_builder.h dnskey_builder.c
+libstrongswan_dnskey_la_SOURCES = \
+	dnskey_plugin.h dnskey_plugin.c \
+	dnskey_builder.h dnskey_builder.c
 
 libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index d7d5ff29b..1f1f90127 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_dnskey_la_LIBADD =
 am_libstrongswan_dnskey_la_OBJECTS = dnskey_plugin.lo \
 	dnskey_builder.lo
@@ -81,6 +81,9 @@ libstrongswan_dnskey_la_OBJECTS =  \
 libstrongswan_dnskey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_dnskey_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_dnskey_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_dnskey_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,9 +259,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-dnskey.la
-libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \
-  dnskey_builder.h dnskey_builder.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-dnskey.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-dnskey.la
+libstrongswan_dnskey_la_SOURCES = \
+	dnskey_plugin.h dnskey_plugin.c \
+	dnskey_builder.h dnskey_builder.c
 
 libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -294,6 +300,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-dnskey.la: $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_DEPENDENCIES) 
-	$(libstrongswan_dnskey_la_LINK) -rpath $(plugindir) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS)
+	$(libstrongswan_dnskey_la_LINK) $(am_libstrongswan_dnskey_la_rpath) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -480,8 +495,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -552,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
index ba20e7158..ea4eb6cda 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c
@@ -52,7 +52,7 @@ static dnskey_public_key_t *parse_public_key(chunk_t blob)
 
 	if (blob.len < sizeof(dnskey_rr_t))
 	{
-		DBG1("DNSKEY too short");
+		DBG1(DBG_LIB, "DNSKEY too short");
 		return NULL;
 	}
 	blob = chunk_skip(blob, sizeof(dnskey_rr_t));
@@ -63,7 +63,8 @@ static dnskey_public_key_t *parse_public_key(chunk_t blob)
 			return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
 									  BUILD_BLOB_DNSKEY, blob, BUILD_END);
 		default:
-			DBG1("DNSKEY public key algorithm %d not supported", rr->algorithm);
+			DBG1(DBG_LIB, "DNSKEY public key algorithm %d not supported",
+				 rr->algorithm);
 			return NULL;
 	}
 }
@@ -77,7 +78,7 @@ static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob)
 
 	if (blob.len < 3)
 	{
-		DBG1("RFC 3110 public key blob too short for exponent length");
+		DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent length");
 		return NULL;
 	}
 
@@ -94,7 +95,7 @@ static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob)
 	e.ptr = blob.ptr;
 	if (e.len >= blob.len)
 	{
-		DBG1("RFC 3110 public key blob too short for exponent");
+		DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent");
 		return NULL;
 	}
 	n = chunk_skip(blob, e.len);
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
index 83dbe31a1..125047b05 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_dnskey_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *dnskey_plugin_create()
 {
 	private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t);
 
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
index 17790e1c6..8b49bd6cb 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h
@@ -39,9 +39,4 @@ struct dnskey_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a dnskey_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** DNSKEY_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.am b/src/libstrongswan/plugins/fips_prf/Makefile.am
index d9431947e..c9cf2c977 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.am
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-fips-prf.la
+else
 plugin_LTLIBRARIES = libstrongswan-fips-prf.la
+endif
 
-libstrongswan_fips_prf_la_SOURCES = fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
-libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version
+libstrongswan_fips_prf_la_SOURCES = \
+	fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
 
+libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index b23af6def..70553fbd8 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_fips_prf_la_LIBADD =
 am_libstrongswan_fips_prf_la_OBJECTS = fips_prf_plugin.lo fips_prf.lo
 libstrongswan_fips_prf_la_OBJECTS =  \
@@ -81,6 +81,9 @@ libstrongswan_fips_prf_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) $(libstrongswan_fips_prf_la_LDFLAGS) \
 	$(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_fips_prf_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_fips_prf_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,8 +259,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-fips-prf.la
-libstrongswan_fips_prf_la_SOURCES = fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-fips-prf.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-fips-prf.la
+libstrongswan_fips_prf_la_SOURCES = \
+	fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h
+
 libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -292,6 +299,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-fips-prf.la: $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_DEPENDENCIES) 
-	$(libstrongswan_fips_prf_la_LINK) -rpath $(plugindir) $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_LIBADD) $(LIBS)
+	$(libstrongswan_fips_prf_la_LINK) $(am_libstrongswan_fips_prf_la_rpath) $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -478,8 +494,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -550,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index 123d2a244..ad03fa585 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -126,14 +126,14 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[])
 	{
 		/* a. XVAL = (XKEY + XSEED j) mod 2^b */
 		add_mod(this->b, xkey, xseed, xval);
-		DBG3("XVAL %b", xval, this->b);
+		DBG3(DBG_LIB, "XVAL %b", xval, this->b);
 		/* b. wi = G(t, XVAL ) */
 		this->g(this, chunk_create(xval, this->b), &w[i * this->b]);
-		DBG3("w[%d] %b", i, &w[i * this->b], this->b);
+		DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], this->b);
 		/* c. XKEY = (1 + XKEY + wi) mod 2b */
 		add_mod(this->b, xkey, &w[i * this->b], sum);
 		add_mod(this->b, sum, one, xkey);
-		DBG3("XKEY %b", xkey, this->b);
+		DBG3(DBG_LIB, "XKEY %b", xkey, this->b);
 	}
 
 	/* 3.3 done already, mod q not used */
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
index 6c0842f81..f41265637 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_fips_prf_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *fips_prf_plugin_create()
 {
 	private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t);
 
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
index 8d65254ba..3bd26ad45 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h
@@ -39,9 +39,4 @@ struct fips_prf_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a fips_prf_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** FIPS_PRF_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am
index a468a5ed9..48bf916ab 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.am
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-gcrypt.la
+else
 plugin_LTLIBRARIES = libstrongswan-gcrypt.la
+endif
 
-libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+libstrongswan_gcrypt_la_SOURCES = \
+	gcrypt_plugin.h gcrypt_plugin.c \
 	gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \
 	gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \
 	gcrypt_dh.h gcrypt_dh.c \
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index c3081e2dd..35829c950 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_gcrypt_la_DEPENDENCIES =
 am_libstrongswan_gcrypt_la_OBJECTS = gcrypt_plugin.lo \
 	gcrypt_rsa_public_key.lo gcrypt_rsa_private_key.lo \
@@ -82,6 +82,9 @@ libstrongswan_gcrypt_la_OBJECTS =  \
 libstrongswan_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_gcrypt_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_gcrypt_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_gcrypt_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -256,8 +260,10 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-gcrypt.la
-libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gcrypt.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gcrypt.la
+libstrongswan_gcrypt_la_SOURCES = \
+	gcrypt_plugin.h gcrypt_plugin.c \
 	gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \
 	gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \
 	gcrypt_dh.h gcrypt_dh.c \
@@ -301,6 +307,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -333,7 +348,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-gcrypt.la: $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_DEPENDENCIES) 
-	$(libstrongswan_gcrypt_la_LINK) -rpath $(plugindir) $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_LIBADD) $(LIBS)
+	$(libstrongswan_gcrypt_la_LINK) $(am_libstrongswan_gcrypt_la_rpath) $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -492,8 +507,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -564,18 +579,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
index 1eee6226d..5dbdde32c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -234,7 +234,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
 	err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0);
 	if (err)
 	{
-		DBG1("grcy_cipher_open(%N) failed: %s",
+		DBG1(DBG_LIB, "grcy_cipher_open(%N) failed: %s",
 			 encryption_algorithm_names, algo, gpg_strerror(err));
 		free(this);
 		return NULL;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index 59c82f1e7..08d6239ad 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2009 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -19,310 +20,6 @@
 
 #include <debug.h>
 
-/**
- * Modulus of Group 1 (MODP_768_BIT).
- */
-static u_int8_t group1_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 2 (MODP_1024_BIT).
- */
-static u_int8_t group2_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 5 (MODP_1536_BIT).
- */
-static u_int8_t group5_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-/**
- * Modulus of Group 14 (MODP_2048_BIT).
- */
-static u_int8_t group14_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 15 (MODP_3072_BIT).
- */
-static u_int8_t group15_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 16 (MODP_4096_BIT).
- */
-static u_int8_t group16_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-	0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-	0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-	0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-	0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-	0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-	0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-	0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-	0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 17 (MODP_6144_BIT).
- */
-static u_int8_t group17_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-	0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-	0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-	0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-	0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-	0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-	0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-	0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-	0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
-	0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-	0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
-	0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
-	0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-	0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
-	0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
-	0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-	0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
-	0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
-	0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-	0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
-	0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
-	0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-	0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
-	0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
-	0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 18 (MODP_8192_BIT).
- */
-static u_int8_t group18_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-	0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-	0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-	0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-	0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-	0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-	0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-	0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-	0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
-	0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-	0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
-	0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
-	0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-	0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
-	0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
-	0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-	0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
-	0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
-	0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-	0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
-	0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
-	0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-	0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
-	0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
-	0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
-	0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
-	0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
-	0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
-	0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
-	0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
-	0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
-	0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
-	0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
-	0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
-	0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
-	0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
-	0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
-	0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
-	0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
-	0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
-	0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-};
-
-typedef struct modulus_entry_t modulus_entry_t;
-
-/**
- * Entry of the modulus list.
- */
-struct modulus_entry_t {
-	/** IKEv2 DH group */
-	diffie_hellman_group_t group;
-	/** modulus */
-	chunk_t modulus;
-	/** optimum length of exponent in bytes */
-	size_t opt_len;
-	/** generator */
-	u_int16_t g;
-};
-
-/**
- * All supported modulus values - optimum exponent size according to RFC 3526.
- */
-static modulus_entry_t modulus_entries[] = {
-	{MODP_768_BIT,  {group1_modulus,  sizeof(group1_modulus)},  32, 2},
-	{MODP_1024_BIT, {group2_modulus,  sizeof(group2_modulus)},  32, 2},
-	{MODP_1536_BIT, {group5_modulus,  sizeof(group5_modulus)},  32, 2},
-	{MODP_2048_BIT, {group14_modulus, sizeof(group14_modulus)}, 48, 2},
-	{MODP_3072_BIT, {group15_modulus, sizeof(group15_modulus)}, 48, 2},
-	{MODP_4096_BIT, {group16_modulus, sizeof(group16_modulus)}, 64, 2},
-	{MODP_6144_BIT, {group17_modulus, sizeof(group17_modulus)}, 64, 2},
-	{MODP_8192_BIT, {group18_modulus, sizeof(group18_modulus)}, 64, 2},
-};
-
-/**
- * Lookup the modulus in modulo table
- */
-static modulus_entry_t *find_entry(diffie_hellman_group_t group)
-{
-	int i;
-
-	for (i = 0; i < countof(modulus_entries); i++)
-	{
-		if (modulus_entries[i].group == group)
-		{
-			return &modulus_entries[i];
-		}
-	}
-	return NULL;
-}
-
 typedef struct private_gcrypt_dh_t private_gcrypt_dh_t;
 
 /**
@@ -392,7 +89,7 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value)
 	err = gcry_mpi_scan(&this->yb, GCRYMPI_FMT_USG, value.ptr, value.len, NULL);
 	if (err)
 	{
-		DBG1("importing mpi yb failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "importing mpi yb failed: %s", gpg_strerror(err));
 		return;
 	}
 
@@ -413,7 +110,8 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value)
 	}
 	else
 	{
-		DBG1("public DH value verification failed: y < 2 || y > p - 1 ");
+		DBG1(DBG_LIB, "public DH value verification failed:"
+			 " y < 2 || y > p - 1 ");
 	}
 	gcry_mpi_release(p_min_1);
 }
@@ -485,14 +183,13 @@ static void destroy(private_gcrypt_dh_t *this)
 gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
 {
 	private_gcrypt_dh_t *this;
-	modulus_entry_t *entry;
+	diffie_hellman_params_t *params;
 	gcry_error_t err;
 	chunk_t random;
 	rng_t *rng;
-	size_t len;
 
-	entry = find_entry(group);
-	if (!entry)
+	params = diffie_hellman_get_params(group);
+	if (!params)
 	{
 		return NULL;
 	}
@@ -506,53 +203,53 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
 	this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
 
 	this->group = group;
-	this->p_len = entry->modulus.len;
+	this->p_len = params->prime.len;
 	err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG,
-						entry->modulus.ptr, entry->modulus.len, NULL);
+						params->prime.ptr, params->prime.len, NULL);
 	if (err)
 	{
-		DBG1("importing mpi modulus failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "importing mpi modulus failed: %s", gpg_strerror(err));
 		free(this);
 		return NULL;
 	}
-	if (lib->settings->get_int(lib->settings,
-								"libstrongswan.dh_exponent_ansi_x9_42", TRUE))
-	{
-		len = this->p_len;
-	}
-	else
+	err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG,
+						params->generator.ptr, params->generator.len, NULL);
+	if (err)
 	{
-		len = entry->opt_len;
+		DBG1(DBG_LIB, "importing mpi generator failed: %s", gpg_strerror(err));
+		gcry_mpi_release(this->p);
+		free(this);
+		return NULL;
 	}
 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
 	if (rng)
 	{	/* prefer external randomizer */
-		rng->allocate_bytes(rng, len, &random);
+		rng->allocate_bytes(rng, params->exp_len, &random);
 		rng->destroy(rng);
 		err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG,
 							random.ptr, random.len, NULL);
 		chunk_clear(&random);
 		if (err)
 		{
-			DBG1("importing mpi xa failed: %s", gpg_strerror(err));
+			DBG1(DBG_LIB, "importing mpi xa failed: %s", gpg_strerror(err));
 			gcry_mpi_release(this->p);
+			gcry_mpi_release(this->g);
 			free(this);
 			return NULL;
 		}
 	}
 	else
 	{	/* fallback to gcrypt internal randomizer, shouldn't ever happen */
-		this->xa = gcry_mpi_new(len * 8);
-		gcry_mpi_randomize(this->xa, len * 8, GCRY_STRONG_RANDOM);
+		this->xa = gcry_mpi_new(params->exp_len * 8);
+		gcry_mpi_randomize(this->xa, params->exp_len * 8, GCRY_STRONG_RANDOM);
 	}
-	if (len == this->p_len)
+	if (params->exp_len == this->p_len)
 	{
 		/* achieve bitsof(p)-1 by setting MSB to 0 */
-		gcry_mpi_clear_bit(this->xa, len * 8 - 1);
+		gcry_mpi_clear_bit(this->xa, params->exp_len * 8 - 1);
 	}
 
-	this->g = gcry_mpi_set_ui(NULL, entry->g);
 	this->ya = gcry_mpi_new(this->p_len * 8);
 	this->yb = NULL;
 	this->zz = NULL;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index d12fe11d5..39609c16c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -137,7 +137,7 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
 	err = gcry_md_open(&this->hd, gcrypt_alg, 0);
 	if (err)
 	{
-		DBG1("grcy_md_open(%N) failed: %s",
+		DBG1(DBG_LIB, "grcy_md_open(%N) failed: %s",
 			 hash_algorithm_names, algo, gpg_strerror(err));
 		free(this);
 		return NULL;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 8c9ea893b..039036b2c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -118,7 +118,7 @@ static void destroy(private_gcrypt_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *gcrypt_plugin_create()
 {
 	private_gcrypt_plugin_t *this;
 
@@ -126,7 +126,7 @@ plugin_t *plugin_create()
 
 	if (!gcry_check_version(GCRYPT_VERSION))
 	{
-		DBG1("libgcrypt version mismatch");
+		DBG1(DBG_LIB, "libgcrypt version mismatch");
 		return NULL;
 	}
 
@@ -190,6 +190,10 @@ plugin_t *plugin_create()
 	/* diffie hellman groups, using modp */
 	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
 					(dh_constructor_t)gcrypt_dh_create);
+	lib->crypto->add_dh(lib->crypto, MODP_2048_224,
+					(dh_constructor_t)gcrypt_dh_create);
+	lib->crypto->add_dh(lib->crypto, MODP_2048_256,
+					(dh_constructor_t)gcrypt_dh_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
 					(dh_constructor_t)gcrypt_dh_create);
 	lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
@@ -202,6 +206,8 @@ plugin_t *plugin_create()
 					(dh_constructor_t)gcrypt_dh_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
 					(dh_constructor_t)gcrypt_dh_create);
+	lib->crypto->add_dh(lib->crypto, MODP_1024_160,
+					(dh_constructor_t)gcrypt_dh_create);
 	lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
 					(dh_constructor_t)gcrypt_dh_create);
 
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
index f2247ed5c..05e5e7014 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
@@ -39,9 +39,4 @@ struct gcrypt_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a gcrypt_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** GCRYPT_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index cd156961e..2cb13c5f3 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -130,14 +130,15 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this,
 	chunk_free(&em);
 	if (err)
 	{
-		DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building signature S-expression failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 	err = gcry_pk_sign(&out, in, this->key);
 	gcry_sexp_release(in);
 	if (err)
 	{
-		DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err));
 		return FALSE;
 	}
 	*signature = gcrypt_rsa_find_token(out, "s", this->key);
@@ -176,14 +177,14 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
 	chunk_free(&hash);
 	if (err)
 	{
-		DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building signature S-expression failed: %s", gpg_strerror(err));
 		return FALSE;
 	}
 	err = gcry_pk_sign(&out, in, this->key);
 	gcry_sexp_release(in);
 	if (err)
 	{
-		DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err));
 		return FALSE;
 	}
 	*signature = gcrypt_rsa_find_token(out, "s", this->key);
@@ -222,7 +223,7 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
 		default:
-			DBG1("signature scheme %N not supported in RSA",
+			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -243,14 +244,15 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this,
 						  encrypted.len, encrypted.ptr);
 	if (err)
 	{
-		DBG1("building decryption S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building decryption S-expression failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 	err = gcry_pk_decrypt(&out, in, this->key);
 	gcry_sexp_release(in);
 	if (err)
 	{
-		DBG1("decrypting pkcs1 data failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "decrypting pkcs1 data failed: %s", gpg_strerror(err));
 		return FALSE;
 	}
 	padded.ptr = (u_char*)gcry_sexp_nth_data(out, 1, &padded.len);
@@ -269,7 +271,7 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this,
 	gcry_sexp_release(out);
 	if (!pos)
 	{
-		DBG1("decrypted data has invalid pkcs1 padding");
+		DBG1(DBG_LIB, "decrypted data has invalid pkcs1 padding");
 		return FALSE;
 	}
 	return TRUE;
@@ -329,7 +331,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
 		chunk_clear(&cp);
 		chunk_clear(&cq);
 		chunk_clear(&cd);
-		DBG1("scanning mpi for export failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "scanning mpi for export failed: %s", gpg_strerror(err));
 		return FALSE;
 	}
 
@@ -340,7 +342,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
 
 	gcry_mpi_sub_ui(q, q, 1);
 	exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
-	gcry_mpi_mod(exp1, d, q);
+	gcry_mpi_mod(exp2, d, q);
 	gcry_mpi_release(q);
 
 	err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1)
@@ -352,7 +354,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
 
 	if (err)
 	{
-		DBG1("printing mpi for export failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "printing mpi for export failed: %s", gpg_strerror(err));
 		chunk_clear(&cp);
 		chunk_clear(&cq);
 		chunk_clear(&cd);
@@ -488,7 +490,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
 	err = gcry_sexp_build(&param, NULL, "(genkey(rsa(nbits %d)))", key_size);
 	if (err)
 	{
-		DBG1("building S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building S-expression failed: %s", gpg_strerror(err));
 		return NULL;
 	}
 	this = gcrypt_rsa_private_key_create_empty();
@@ -497,7 +499,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
 	if (err)
 	{
 		free(this);
-		DBG1("generating RSA key failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "generating RSA key failed: %s", gpg_strerror(err));
 		return NULL;
 	}
 	return &this->public;
@@ -557,14 +559,14 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
 					p.len, p.ptr, q.len, q.ptr, u.len, u.ptr);
 	if (err)
 	{
-		DBG1("loading private key failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "loading private key failed: %s", gpg_strerror(err));
 		free(this);
 		return NULL;
 	}
 	err = gcry_pk_testkey(this->key);
 	if (err)
 	{
-		DBG1("private key sanity check failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "private key sanity check failed: %s", gpg_strerror(err));
 		destroy(this);
 		return NULL;
 	}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index e083fac94..5fd15d9a3 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -83,14 +83,16 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this,
 	chunk_free(&em);
 	if (err)
 	{
-		DBG1("building data S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building data S-expression failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 	err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))",
 						  signature.len, signature.ptr);
 	if (err)
 	{
-		DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building signature S-expression failed: %s",
+			 gpg_strerror(err));
 		gcry_sexp_release(in);
 		return FALSE;
 	}
@@ -99,7 +101,8 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this,
 	gcry_sexp_release(sig);
 	if (err)
 	{
-		DBG1("RSA signature verification failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "RSA signature verification failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 	return TRUE;
@@ -130,7 +133,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
 	chunk_free(&hash);
 	if (err)
 	{
-		DBG1("building data S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building data S-expression failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 
@@ -138,7 +142,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
 						  signature.len, signature.ptr);
 	if (err)
 	{
-		DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building signature S-expression failed: %s",
+			 gpg_strerror(err));
 		gcry_sexp_release(in);
 		return FALSE;
 	}
@@ -147,7 +152,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
 	gcry_sexp_release(sig);
 	if (err)
 	{
-		DBG1("RSA signature verification failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "RSA signature verification failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 	return TRUE;
@@ -184,7 +190,7 @@ static bool verify(private_gcrypt_rsa_public_key_t *this,
 		case SIGN_RSA_EMSA_PKCS1_SHA512:
 			return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
 		default:
-			DBG1("signature scheme %N not supported in RSA",
+			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -205,14 +211,16 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
 						  plain.len, plain.ptr);
 	if (err)
 	{
-		DBG1("building encryption S-expression failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "building encryption S-expression failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 	err = gcry_pk_encrypt(&out, in, this->key);
 	gcry_sexp_release(in);
 	if (err)
 	{
-		DBG1("encrypting data using pkcs1 failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "encrypting data using pkcs1 failed: %s",
+			 gpg_strerror(err));
 		return FALSE;
 	}
 	*encrypted = gcrypt_rsa_find_token(out, "a", this->key);
@@ -343,7 +351,7 @@ gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type,
 						  n.len, n.ptr, e.len, e.ptr);
 	if (err)
 	{
-		DBG1("loading public key failed: %s", gpg_strerror(err));
+		DBG1(DBG_LIB, "loading public key failed: %s", gpg_strerror(err));
 		free(this);
 		return NULL;
 	}
diff --git a/src/libstrongswan/plugins/gmp/Makefile.am b/src/libstrongswan/plugins/gmp/Makefile.am
index 1ab358328..cc8ad34db 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.am
+++ b/src/libstrongswan/plugins/gmp/Makefile.am
@@ -3,13 +3,17 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-gmp.la
+else
 plugin_LTLIBRARIES = libstrongswan-gmp.la
+endif
 
-libstrongswan_gmp_la_SOURCES = gmp_plugin.h gmp_plugin.c \
-  gmp_diffie_hellman.c gmp_diffie_hellman.h \
-  gmp_rsa_private_key.c gmp_rsa_private_key.h \
-  gmp_rsa_public_key.c gmp_rsa_public_key.h
+libstrongswan_gmp_la_SOURCES = \
+	gmp_plugin.h gmp_plugin.c \
+	gmp_diffie_hellman.c gmp_diffie_hellman.h \
+	gmp_rsa_private_key.c gmp_rsa_private_key.h \
+	gmp_rsa_public_key.c gmp_rsa_public_key.h
 
 libstrongswan_gmp_la_LDFLAGS = -module -avoid-version
-libstrongswan_gmp_la_LIBADD = -lgmp
-
+libstrongswan_gmp_la_LIBADD  = -lgmp
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 3077ea7e8..5c1a1fcd9 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_gmp_la_DEPENDENCIES =
 am_libstrongswan_gmp_la_OBJECTS = gmp_plugin.lo gmp_diffie_hellman.lo \
 	gmp_rsa_private_key.lo gmp_rsa_public_key.lo
@@ -80,6 +80,8 @@ libstrongswan_gmp_la_OBJECTS = $(am_libstrongswan_gmp_la_OBJECTS)
 libstrongswan_gmp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_gmp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_gmp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_gmp_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,11 +257,13 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-gmp.la
-libstrongswan_gmp_la_SOURCES = gmp_plugin.h gmp_plugin.c \
-  gmp_diffie_hellman.c gmp_diffie_hellman.h \
-  gmp_rsa_private_key.c gmp_rsa_private_key.h \
-  gmp_rsa_public_key.c gmp_rsa_public_key.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gmp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gmp.la
+libstrongswan_gmp_la_SOURCES = \
+	gmp_plugin.h gmp_plugin.c \
+	gmp_diffie_hellman.c gmp_diffie_hellman.h \
+	gmp_rsa_private_key.c gmp_rsa_private_key.h \
+	gmp_rsa_public_key.c gmp_rsa_public_key.h
 
 libstrongswan_gmp_la_LDFLAGS = -module -avoid-version
 libstrongswan_gmp_la_LIBADD = -lgmp
@@ -296,6 +301,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-gmp.la: $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_DEPENDENCIES) 
-	$(libstrongswan_gmp_la_LINK) -rpath $(plugindir) $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_LIBADD) $(LIBS)
+	$(libstrongswan_gmp_la_LINK) $(am_libstrongswan_gmp_la_rpath) $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -484,8 +498,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -556,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index ea7e6fdd2..4ee449890 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -1,6 +1,7 @@
 /*
  * Copyright (C) 1998-2002  D. Hugh Redelmeier.
  * Copyright (C) 1999, 2000, 2001  Henry Spencer.
+ * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -22,309 +23,10 @@
 
 #include <debug.h>
 
-
-/**
- * Modulus of Group 1 (MODP_768_BIT).
- */
-static u_int8_t group1_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 2 (MODP_1024_BIT).
- */
-static u_int8_t group2_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 5 (MODP_1536_BIT).
- */
-static u_int8_t group5_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-/**
- * Modulus of Group 14 (MODP_2048_BIT).
- */
-static u_int8_t group14_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 15 (MODP_3072_BIT).
- */
-static u_int8_t group15_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 16 (MODP_4096_BIT).
- */
-static u_int8_t group16_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-	0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-	0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-	0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-	0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-	0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-	0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-	0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-	0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 17 (MODP_6144_BIT).
- */
-static u_int8_t group17_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-	0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-	0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-	0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-	0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-	0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-	0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-	0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-	0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
-	0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-	0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
-	0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
-	0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-	0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
-	0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
-	0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-	0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
-	0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
-	0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-	0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
-	0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
-	0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-	0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
-	0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
-	0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
-};
-
-/**
- * Modulus of Group 18 (MODP_8192_BIT).
- */
-static u_int8_t group18_modulus[] = {
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-	0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-	0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-	0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-	0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-	0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-	0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-	0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-	0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-	0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-	0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-	0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-	0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
-	0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
-	0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-	0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
-	0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
-	0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-	0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
-	0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
-	0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-	0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
-	0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
-	0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-	0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
-	0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
-	0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-	0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
-	0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
-	0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-	0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
-	0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
-	0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-	0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
-	0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
-	0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-	0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
-	0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
-	0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-	0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
-	0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
-	0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-	0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
-	0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
-	0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-	0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
-	0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
-	0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
-	0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
-	0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
-	0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
-	0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
-	0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
-	0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
-	0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
-	0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
-	0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
-	0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
-	0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
-	0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
-	0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
-	0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
-	0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
-	0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-};
-
-typedef struct modulus_entry_t modulus_entry_t;
-
-/**
- * Entry of the modulus list.
- */
-struct modulus_entry_t {
-	/**
-	 * Group number as it is defined in file transform_substructure.h.
-	 */
-	diffie_hellman_group_t group;
-
-	/**
-	 * Pointer to first byte of modulus (network order).
-	 */
-	u_int8_t *modulus;
-
-	/*
-	 * Length of modulus in bytes.
-	 */
-	size_t modulus_len;
-
-	/*
-	 * Optimum length of exponent in bytes.
-	 */
-	size_t opt_exponent_len;
-
-	/*
-	 * Generator value.
-	 */
-	u_int16_t generator;
-};
-
-/**
- * All supported modulus values - optimum exponent size according to RFC 3526.
- */
-static modulus_entry_t modulus_entries[] = {
-	{MODP_768_BIT,  group1_modulus,  sizeof(group1_modulus),  32, 2},
-	{MODP_1024_BIT, group2_modulus,  sizeof(group2_modulus),  32, 2},
-	{MODP_1536_BIT, group5_modulus,  sizeof(group5_modulus),  32, 2},
-	{MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 48, 2},
-	{MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 48, 2},
-	{MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 64, 2},
-	{MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 64, 2},
-	{MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 64, 2},
-};
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
 
 typedef struct private_gmp_diffie_hellman_t private_gmp_diffie_hellman_t;
 
@@ -378,11 +80,6 @@ struct private_gmp_diffie_hellman_t {
 	size_t p_len;
 
 	/**
-	 * Optimal exponent length.
-	 */
-	size_t opt_exponent_len;
-
-	/**
 	 * True if shared secret is computed and stored in my_public_value.
 	 */
 	bool computed;
@@ -409,10 +106,20 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
 #ifdef EXTENDED_DH_TEST
 		/* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */
 		mpz_t q, one;
+		diffie_hellman_params_t *params;
 
 		mpz_init(q);
 		mpz_init(one);
-		mpz_fdiv_q_2exp(q, p_min_1, 1);
+
+		params = diffie_hellman_get_params(this->group);
+		if (!params->subgroup.len)
+		{
+			mpz_fdiv_q_2exp(q, p_min_1, 1);
+		}
+		else
+		{
+			mpz_import(q, params->subgroup.len, 1, 1, 1, 0, params->subgroup.ptr);
+		}
 		mpz_powm(one, this->yb, q, this->p);
 		mpz_clear(q);
 		if (mpz_cmp_ui(one, 1) == 0)
@@ -422,7 +129,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
 		}
 		else
 		{
-			DBG1("public DH value verification failed: y ^ q mod p != 1");
+			DBG1(DBG_LIB, "public DH value verification failed:"
+				 " y ^ q mod p != 1");
 		}
 		mpz_clear(one);
 #else
@@ -432,7 +140,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
 	}
 	else
 	{
-		DBG1("public DH value verification failed: y < 2 || y > p - 1 ");
+		DBG1(DBG_LIB, "public DH value verification failed:"
+			 " y < 2 || y > p - 1 ");
 	}
 	mpz_clear(p_min_1);
 }
@@ -477,32 +186,6 @@ static diffie_hellman_group_t get_dh_group(private_gmp_diffie_hellman_t *this)
 }
 
 /**
- * Lookup the modulus in modulo table
- */
-static status_t set_modulus(private_gmp_diffie_hellman_t *this)
-{
-	int i;
-	status_t status = NOT_FOUND;
-
-	for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
-	{
-		if (modulus_entries[i].group == this->group)
-		{
-			chunk_t chunk;
-			chunk.ptr = modulus_entries[i].modulus;
-			chunk.len = modulus_entries[i].modulus_len;
-			mpz_import(this->p, chunk.len, 1, 1, 1, 0, chunk.ptr);
-			this->p_len = chunk.len;
-			this->opt_exponent_len = modulus_entries[i].opt_exponent_len;
-			mpz_set_ui(this->g, modulus_entries[i].generator);
-			status = SUCCESS;
-			break;
-		}
-	}
-	return status;
-}
-
-/**
  * Implementation of gmp_diffie_hellman_t.destroy.
  */
 static void destroy(private_gmp_diffie_hellman_t *this)
@@ -521,11 +204,18 @@ static void destroy(private_gmp_diffie_hellman_t *this)
  */
 gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
 {
-	private_gmp_diffie_hellman_t *this = malloc_thing(private_gmp_diffie_hellman_t);
+	private_gmp_diffie_hellman_t *this;
+	diffie_hellman_params_t *params;
 	rng_t *rng;
 	chunk_t random;
-	bool ansi_x9_42;
-	size_t exponent_len;
+
+	params = diffie_hellman_get_params(group);
+	if (!params)
+	{
+		return NULL;
+	}
+
+	this = malloc_thing(private_gmp_diffie_hellman_t);
 
 	/* public functions */
 	this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
@@ -544,35 +234,31 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
 	mpz_init(this->g);
 
 	this->computed = FALSE;
+	this->p_len = params->prime.len;
+	mpz_import(this->p, params->prime.len, 1, 1, 1, 0, params->prime.ptr);
+	mpz_import(this->g, params->generator.len, 1, 1, 1, 0, params->generator.ptr);
 
-	/* find a modulus according to group */
-	if (set_modulus(this) != SUCCESS)
-	{
-		destroy(this);
-		return NULL;
-	}
 	rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
 	if (!rng)
 	{
-		DBG1("no RNG found for quality %N", rng_quality_names, RNG_STRONG);
+		DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names,
+			 RNG_STRONG);
 		destroy(this);
 		return NULL;
 	}
 
-	ansi_x9_42 = lib->settings->get_int(lib->settings,
-					 "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
-	exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len;
-	rng->allocate_bytes(rng, exponent_len, &random);
+	rng->allocate_bytes(rng, params->exp_len, &random);
 	rng->destroy(rng);
 
-	if (ansi_x9_42)
+	if (params->exp_len == this->p_len)
 	{
 		/* achieve bitsof(p)-1 by setting MSB to 0 */
 		*random.ptr &= 0x7F;
 	}
 	mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
 	chunk_free(&random);
-	DBG2("size of DH secret exponent: %u bits", mpz_sizeinbase(this->xa, 2));
+	DBG2(DBG_LIB, "size of DH secret exponent: %u bits",
+		 mpz_sizeinbase(this->xa, 2));
 
 	mpz_powm(this->ya, this->g, this->xa, this->p);
 
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index b70ff881c..fbce9732f 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -52,7 +52,7 @@ static void destroy(private_gmp_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *gmp_plugin_create()
 {
 	private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t);
 
@@ -60,6 +60,10 @@ plugin_t *plugin_create()
 
 	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
 						(dh_constructor_t)gmp_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_2048_224,
+						(dh_constructor_t)gmp_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_2048_256,
+						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
 						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
@@ -72,6 +76,8 @@ plugin_t *plugin_create()
 						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
 						(dh_constructor_t)gmp_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_1024_160,
+						(dh_constructor_t)gmp_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
 						(dh_constructor_t)gmp_diffie_hellman_create);
 
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h
index 77d53965d..e4a87c8e2 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.h
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h
@@ -39,9 +39,4 @@ struct gmp_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a gmp_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** GMP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 1829bd459..f70b0b545 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -27,6 +27,11 @@
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
 
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
 /**
  *  Public exponent to use for key generation.
  */
@@ -136,7 +141,8 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this,
 	rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
 	if (!rng)
 	{
-		DBG1("no RNG of quality %N found", rng_quality_names, RNG_TRUE);
+		DBG1(DBG_LIB, "no RNG of quality %N found", rng_quality_names,
+			 RNG_TRUE);
 		return FAILED;
 	}
 
@@ -144,8 +150,8 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this,
 	do
 	{
 		rng->allocate_bytes(rng, prime_size, &random_bytes);
-		/* make sure most significant bit is set */
-		random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
+		/* make sure the two most significant bits are set */
+		random_bytes.ptr[0] = random_bytes.ptr[0] | 0xC0;
 
 		mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
 		mpz_nextprime (*prime, *prime);
@@ -243,7 +249,8 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
 	if (data.len > this->k - 3)
 	{
 		free(digestInfo.ptr);
-		DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8);
+		DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
+			 this->k * 8);
 		return FALSE;
 	}
 
@@ -304,7 +311,7 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
 		default:
-			DBG1("signature scheme %N not supported in RSA",
+			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -327,7 +334,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto,
 	/* check for hex pattern 00 02 in decrypted message */
 	if ((*stripped.ptr++ != 0x00) || (*(stripped.ptr++) != 0x02))
 	{
-		DBG1("incorrect padding - probably wrong rsa key");
+		DBG1(DBG_LIB, "incorrect padding - probably wrong rsa key");
 		goto end;
 	}
 	stripped.len -= 2;
@@ -337,7 +344,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto,
 
 	if (stripped.len == 0)
 	{
-		DBG1("no plaintext data");
+		DBG1(DBG_LIB, "no plaintext data");
 		goto end;
 	}
 
@@ -494,14 +501,14 @@ static status_t check(private_gmp_rsa_private_key_t *this)
 	 */
 	if (this->k < 512 / BITS_PER_BYTE)
 	{
-		DBG1("key shorter than 512 bits");
+		DBG1(DBG_LIB, "key shorter than 512 bits");
 		return FAILED;
 	}
 
 	/* we picked a max modulus size to simplify buffer allocation */
 	if (this->k > 8192 / BITS_PER_BYTE)
 	{
-		DBG1("key larger than 8192 bits");
+		DBG1(DBG_LIB, "key larger than 8192 bits");
 		return FAILED;
 	}
 
@@ -575,7 +582,7 @@ static status_t check(private_gmp_rsa_private_key_t *this)
 	mpz_clear_sensitive(q1);
 	if (status != SUCCESS)
 	{
-		DBG1("key integrity tests failed");
+		DBG1(DBG_LIB, "key integrity tests failed");
 	}
 	return status;
 }
@@ -664,7 +671,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 
 	mpz_mul(n, p, q);						/* n = p*q */
 	mpz_init_set_ui(e, PUBLIC_EXPONENT);	/* assign public exponent */
-	mpz_init_set(m, p); 					/* m = p */
+	mpz_init_set(m, p);					/* m = p */
 	mpz_sub_ui(m, m, 1);					/* m = m -1 */
 	mpz_init_set(q1, q);					/* q1 = q */
 	mpz_sub_ui(q1, q1, 1);					/* q1 = q1 -1 */
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 5fea69131..98dbb1922 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -28,6 +28,11 @@
 #include <asn1/asn1_parser.h>
 #include <crypto/hashers/hasher.h>
 
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
 typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t;
 
 /**
@@ -178,8 +183,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
 	{   /* IKEv1 signatures without digestInfo */
 		if (em.len != data.len)
 		{
-			DBG1("hash size in signature is %u bytes instead of %u bytes",
-				 em.len, data.len);
+			DBG1(DBG_LIB, "hash size in signature is %u bytes instead of"
+				 " %u bytes", em.len, data.len);
 			goto end;
 		}
 		success = memeq(em.ptr, data.ptr, data.len);
@@ -191,7 +196,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
 		int objectID;
 		hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
 
-		DBG2("signature verification:");
+		DBG2(DBG_LIB, "signature verification:");
 		parser = asn1_parser_create(digestInfoObjects, em);
 
 		while (parser->iterate(parser, &objectID, &object))
@@ -202,7 +207,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
 				{
 					if (em.len > object.len)
 					{
-						DBG1("digestInfo field in signature is followed by %u surplus bytes",
+						DBG1(DBG_LIB, "digestInfo field in signature is"
+							 " followed by %u surplus bytes",
 							 em.len - object.len);
 						goto end_parser;
 					}
@@ -216,8 +222,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
 					hash_algorithm = hasher_algorithm_from_oid(hash_oid);
 					if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm)
 					{
-						DBG1("expected hash algorithm %N, but found %N (OID: %#B)",
-							 hash_algorithm_names, algorithm,
+						DBG1(DBG_LIB, "expected hash algorithm %N, but found"
+							 " %N (OID: %#B)", hash_algorithm_names, algorithm,
 							 hash_algorithm_names, hash_algorithm,  &object);
 						goto end_parser;
 					}
@@ -231,15 +237,16 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
 					hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
 					if (hasher == NULL)
 					{
-						DBG1("hash algorithm %N not supported",
+						DBG1(DBG_LIB, "hash algorithm %N not supported",
 							 hash_algorithm_names, hash_algorithm);
 						goto end_parser;
 					}
 
 					if (object.len != hasher->get_hash_size(hasher))
 					{
-						DBG1("hash size in signature is %u bytes instead of %u "
-							 "bytes", object.len, hasher->get_hash_size(hasher));
+						DBG1(DBG_LIB, "hash size in signature is %u bytes"
+							 " instead of %u bytes", object.len,
+							 hasher->get_hash_size(hasher));
 						hasher->destroy(hasher);
 						goto end_parser;
 					}
@@ -297,7 +304,7 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme
 		case SIGN_RSA_EMSA_PKCS1_SHA512:
 			return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
 		default:
-			DBG1("signature scheme %N not supported in RSA",
+			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -319,7 +326,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
 	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
 	if (rng == NULL)
 	{
-		DBG1("no random generator available");
+		DBG1(DBG_LIB, "no random generator available");
 		return FALSE;
 	}
 
@@ -327,13 +334,14 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
 	padding = this->k - plain.len - 3;
 	if (padding < MIN_PS_PADDING)
 	{
-		DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING);
+		DBG1(DBG_LIB, "pseudo-random padding must be at least %d octets",
+			 MIN_PS_PADDING);
 		return FALSE;
 	}
 
 	/* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
-	DBG2("padding %u bytes of data to the rsa modulus size of %u bytes",
-		 plain.len, this->k);
+	DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of"
+		 " %u bytes", plain.len, this->k);
 	em.len = this->k;
 	em.ptr = malloc(em.len);
 	pos = em.ptr;
@@ -359,11 +367,11 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
 
 	/* now add the data */
 	memcpy(pos, plain.ptr, plain.len);
-	DBG3("padded data before rsa encryption: %B", &em);
+	DBG3(DBG_LIB, "padded data before rsa encryption: %B", &em);
 
 	/* rsa encryption using PKCS#1 RSAEP */
 	*crypto = rsaep(this, em);
-	DBG3("rsa encrypted data: %B", crypto);
+	DBG3(DBG_LIB, "rsa encrypted data: %B", crypto);
 	chunk_clear(&em);
 	return TRUE;
 }
diff --git a/src/libstrongswan/plugins/hmac/Makefile.am b/src/libstrongswan/plugins/hmac/Makefile.am
index 1856cad2d..77aa0ffd1 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.am
+++ b/src/libstrongswan/plugins/hmac/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-hmac.la
+else
 plugin_LTLIBRARIES = libstrongswan-hmac.la
+endif
 
-libstrongswan_hmac_la_SOURCES = hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
+libstrongswan_hmac_la_SOURCES = \
+	hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
 	hmac_prf.h hmac_prf.c hmac_signer.h hmac_signer.c
-libstrongswan_hmac_la_LDFLAGS = -module -avoid-version
 
+libstrongswan_hmac_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 7dc8269a4..c965f7392 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_hmac_la_LIBADD =
 am_libstrongswan_hmac_la_OBJECTS = hmac_plugin.lo hmac.lo hmac_prf.lo \
 	hmac_signer.lo
@@ -80,6 +80,8 @@ libstrongswan_hmac_la_OBJECTS = $(am_libstrongswan_hmac_la_OBJECTS)
 libstrongswan_hmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_hmac_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_hmac_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_hmac_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-hmac.la
-libstrongswan_hmac_la_SOURCES = hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-hmac.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-hmac.la
+libstrongswan_hmac_la_SOURCES = \
+	hmac_plugin.h hmac_plugin.c hmac.h hmac.c \
 	hmac_prf.h hmac_prf.c hmac_signer.h hmac_signer.c
 
 libstrongswan_hmac_la_LDFLAGS = -module -avoid-version
@@ -293,6 +298,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-hmac.la: $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_DEPENDENCIES) 
-	$(libstrongswan_hmac_la_LINK) -rpath $(plugindir) $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_LIBADD) $(LIBS)
+	$(libstrongswan_hmac_la_LINK) $(am_libstrongswan_hmac_la_rpath) $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +495,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index 94332ee36..e6b9f7a74 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -47,7 +47,7 @@ static void destroy(private_hmac_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *hmac_plugin_create()
 {
 	private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t);
 
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.h b/src/libstrongswan/plugins/hmac/hmac_plugin.h
index 5c3afa7d6..03d1d1cf9 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.h
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.h
@@ -39,9 +39,4 @@ struct hmac_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a hmac_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** HMAC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/ldap/Makefile.am b/src/libstrongswan/plugins/ldap/Makefile.am
index 6ad073d97..2b2f7d31d 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.am
+++ b/src/libstrongswan/plugins/ldap/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ldap.la
+else
 plugin_LTLIBRARIES = libstrongswan-ldap.la
+endif
+
+libstrongswan_ldap_la_SOURCES = \
+	ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
 
-libstrongswan_ldap_la_SOURCES = ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
 libstrongswan_ldap_la_LDFLAGS = -module -avoid-version
 libstrongswan_ldap_la_LIBADD  = -lldap -llber
-
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index d9ebb0147..3b69f082f 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_ldap_la_DEPENDENCIES =
 am_libstrongswan_ldap_la_OBJECTS = ldap_plugin.lo ldap_fetcher.lo
 libstrongswan_ldap_la_OBJECTS = $(am_libstrongswan_ldap_la_OBJECTS)
 libstrongswan_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_ldap_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ldap_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ldap_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-ldap.la
-libstrongswan_ldap_la_SOURCES = ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ldap.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ldap.la
+libstrongswan_ldap_la_SOURCES = \
+	ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c
+
 libstrongswan_ldap_la_LDFLAGS = -module -avoid-version
 libstrongswan_ldap_la_LIBADD = -lldap -llber
 all: all-am
@@ -291,6 +297,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -323,7 +338,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-ldap.la: $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_DEPENDENCIES) 
-	$(libstrongswan_ldap_la_LINK) -rpath $(plugindir) $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_LIBADD) $(LIBS)
+	$(libstrongswan_ldap_la_LINK) $(am_libstrongswan_ldap_la_rpath) $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -477,8 +492,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -549,18 +564,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index ce5b7d56b..59e655cd5 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -73,27 +73,27 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response)
 				}
 				else
 				{
-					DBG1("LDAP response contains no values");
+					DBG1(DBG_LIB, "LDAP response contains no values");
 				}
 				ldap_value_free_len(values);
 			}
 			else
 			{
-				DBG1("getting LDAP values failed: %s",
+				DBG1(DBG_LIB, "getting LDAP values failed: %s",
 					 ldap_err2string(ldap_result2error(ldap, entry, 0)));
 			}
 			ldap_memfree(attr);
 		}
 		else
 		{
-			DBG1("finding LDAP attributes failed: %s",
+			DBG1(DBG_LIB, "finding LDAP attributes failed: %s",
 				 ldap_err2string(ldap_result2error(ldap, entry, 0)));
 		}
 		ber_free(ber, 0);
 	}
 	else
 	{
-		DBG1("finding first LDAP entry failed: %s",
+		DBG1(DBG_LIB, "finding first LDAP entry failed: %s",
 			 ldap_err2string(ldap_result2error(ldap, entry, 0)));
 	}
 	return success;
@@ -122,7 +122,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url,
 	ldap = ldap_init(lurl->lud_host, lurl->lud_port);
 	if (ldap == NULL)
 	{
-		DBG1("LDAP initialization failed: %s", strerror(errno));
+		DBG1(DBG_LIB, "LDAP initialization failed: %s", strerror(errno));
 		ldap_free_urldesc(lurl);
 		return FAILED;
 	}
@@ -133,7 +133,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url,
 	ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version);
 	ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
 
-	DBG2("sending LDAP request to '%s'...", url);
+	DBG2(DBG_LIB, "sending LDAP request to '%s'...", url);
 
 	res = ldap_simple_bind_s(ldap, NULL, NULL);
 	if (res == LDAP_SUCCESS)
@@ -152,12 +152,13 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url,
 		}
 		else
 		{
-			DBG1("LDAP search failed: %s", ldap_err2string(res));
+			DBG1(DBG_LIB, "LDAP search failed: %s", ldap_err2string(res));
 		}
 	}
 	else
 	{
-		DBG1("LDAP bind to '%s' failed: %s", url, ldap_err2string(res));
+		DBG1(DBG_LIB, "LDAP bind to '%s' failed: %s", url,
+			 ldap_err2string(res));
 	}
 	ldap_unbind_s(ldap);
 	ldap_free_urldesc(lurl);
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c
index a31308bbf..372ac9f93 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.c
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_ldap_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *ldap_plugin_create()
 {
 	private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t);
 
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.h b/src/libstrongswan/plugins/ldap/ldap_plugin.h
index de4ff3422..e4fcebaa3 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.h
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.h
@@ -39,9 +39,4 @@ struct ldap_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a ldap_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** LDAP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/md4/Makefile.am b/src/libstrongswan/plugins/md4/Makefile.am
index a47da2e8e..904af70c0 100644
--- a/src/libstrongswan/plugins/md4/Makefile.am
+++ b/src/libstrongswan/plugins/md4/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-md4.la
+else
 plugin_LTLIBRARIES = libstrongswan-md4.la
+endif
 
-libstrongswan_md4_la_SOURCES = md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
-libstrongswan_md4_la_LDFLAGS = -module -avoid-version
+libstrongswan_md4_la_SOURCES = \
+	md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
 
+libstrongswan_md4_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 6014ddcf8..cb3307bbc 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_md4_la_LIBADD =
 am_libstrongswan_md4_la_OBJECTS = md4_plugin.lo md4_hasher.lo
 libstrongswan_md4_la_OBJECTS = $(am_libstrongswan_md4_la_OBJECTS)
 libstrongswan_md4_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_md4_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_md4_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_md4_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-md4.la
-libstrongswan_md4_la_SOURCES = md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-md4.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-md4.la
+libstrongswan_md4_la_SOURCES = \
+	md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h
+
 libstrongswan_md4_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -290,6 +296,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-md4.la: $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_DEPENDENCIES) 
-	$(libstrongswan_md4_la_LINK) -rpath $(plugindir) $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_LIBADD) $(LIBS)
+	$(libstrongswan_md4_la_LINK) $(am_libstrongswan_md4_la_rpath) $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c
index ba4041d2d..38ae0d4bc 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.c
+++ b/src/libstrongswan/plugins/md4/md4_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_md4_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *md4_plugin_create()
 {
 	private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t);
 
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.h b/src/libstrongswan/plugins/md4/md4_plugin.h
index b13002d7b..9fde665e6 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.h
+++ b/src/libstrongswan/plugins/md4/md4_plugin.h
@@ -39,9 +39,4 @@ struct md4_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a md4_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** MD4_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/md5/Makefile.am b/src/libstrongswan/plugins/md5/Makefile.am
index ce0611c13..b2eb2abd2 100644
--- a/src/libstrongswan/plugins/md5/Makefile.am
+++ b/src/libstrongswan/plugins/md5/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-md5.la
+else
 plugin_LTLIBRARIES = libstrongswan-md5.la
+endif
 
-libstrongswan_md5_la_SOURCES = md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
-libstrongswan_md5_la_LDFLAGS = -module -avoid-version
+libstrongswan_md5_la_SOURCES = \
+	md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
 
+libstrongswan_md5_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index fcb921316..8948ddcc5 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_md5_la_LIBADD =
 am_libstrongswan_md5_la_OBJECTS = md5_plugin.lo md5_hasher.lo
 libstrongswan_md5_la_OBJECTS = $(am_libstrongswan_md5_la_OBJECTS)
 libstrongswan_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_md5_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_md5_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_md5_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-md5.la
-libstrongswan_md5_la_SOURCES = md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-md5.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-md5.la
+libstrongswan_md5_la_SOURCES = \
+	md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h
+
 libstrongswan_md5_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -290,6 +296,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-md5.la: $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_DEPENDENCIES) 
-	$(libstrongswan_md5_la_LINK) -rpath $(plugindir) $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_LIBADD) $(LIBS)
+	$(libstrongswan_md5_la_LINK) $(am_libstrongswan_md5_la_rpath) $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c
index 7592c20df..cfbf6acea 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.c
+++ b/src/libstrongswan/plugins/md5/md5_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_md5_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *md5_plugin_create()
 {
 	private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t);
 
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.h b/src/libstrongswan/plugins/md5/md5_plugin.h
index 057689ad3..c4ca619dc 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.h
+++ b/src/libstrongswan/plugins/md5/md5_plugin.h
@@ -39,9 +39,4 @@ struct md5_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a md5_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** MD5_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/mysql/Makefile.am b/src/libstrongswan/plugins/mysql/Makefile.am
index c64481fd5..801a7a7be 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.am
+++ b/src/libstrongswan/plugins/mysql/Makefile.am
@@ -3,10 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic $(MYSQLCFLAG)
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-mysql.la
+else
 plugin_LTLIBRARIES = libstrongswan-mysql.la
+endif
 
-libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c  \
+libstrongswan_mysql_la_SOURCES = \
+	mysql_plugin.h mysql_plugin.c  \
 	mysql_database.h mysql_database.c
+
 libstrongswan_mysql_la_LDFLAGS = -module -avoid-version
-libstrongswan_mysql_la_LIBADD = $(MYSQLLIB)
+libstrongswan_mysql_la_LIBADD  = $(MYSQLLIB)
 
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index dc56940d2..1a97c620e 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 am__DEPENDENCIES_1 =
 libstrongswan_mysql_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
 am_libstrongswan_mysql_la_OBJECTS = mysql_plugin.lo mysql_database.lo
@@ -80,6 +80,9 @@ libstrongswan_mysql_la_OBJECTS = $(am_libstrongswan_mysql_la_OBJECTS)
 libstrongswan_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_mysql_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_mysql_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_mysql_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,8 +258,10 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic $(MYSQLCFLAG)
-plugin_LTLIBRARIES = libstrongswan-mysql.la
-libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c  \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-mysql.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-mysql.la
+libstrongswan_mysql_la_SOURCES = \
+	mysql_plugin.h mysql_plugin.c  \
 	mysql_database.h mysql_database.c
 
 libstrongswan_mysql_la_LDFLAGS = -module -avoid-version
@@ -294,6 +300,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-mysql.la: $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_DEPENDENCIES) 
-	$(libstrongswan_mysql_la_LINK) -rpath $(plugindir) $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_LIBADD) $(LIBS)
+	$(libstrongswan_mysql_la_LINK) $(am_libstrongswan_mysql_la_rpath) $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -480,8 +495,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -552,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c
index 2338428f2..8005b9149 100644
--- a/src/libstrongswan/plugins/mysql/mysql_database.c
+++ b/src/libstrongswan/plugins/mysql/mysql_database.c
@@ -203,7 +203,7 @@ static conn_t *conn_get(private_mysql_database_t *this)
 								this->password, this->database, this->port,
 								NULL, 0))
 		{
-			DBG1("connecting to mysql://%s:***@%s:%d/%s failed: %s",
+			DBG1(DBG_LIB, "connecting to mysql://%s:***@%s:%d/%s failed: %s",
 				 this->username, this->host, this->port, this->database,
 				 mysql_error(found->mysql));
 			conn_destroy(found);
@@ -213,7 +213,7 @@ static conn_t *conn_get(private_mysql_database_t *this)
 		{
 			this->mutex->lock(this->mutex);
 			this->pool->insert_last(this->pool, found);
-			DBG2("increased MySQL connection pool size to %d",
+			DBG2(DBG_LIB, "increased MySQL connection pool size to %d",
 				 this->pool->get_count(this->pool));
 			this->mutex->unlock(this->mutex);
 		}
@@ -232,12 +232,14 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args)
 	stmt = mysql_stmt_init(mysql);
 	if (stmt == NULL)
 	{
-		DBG1("creating MySQL statement failed: %s", mysql_error(mysql));
+		DBG1(DBG_LIB, "creating MySQL statement failed: %s",
+			 mysql_error(mysql));
 		return NULL;
 	}
 	if (mysql_stmt_prepare(stmt, sql, strlen(sql)))
 	{
-		DBG1("preparing MySQL statement failed: %s", mysql_stmt_error(stmt));
+		DBG1(DBG_LIB, "preparing MySQL statement failed: %s",
+			 mysql_stmt_error(stmt));
 		mysql_stmt_close(stmt);
 		return NULL;
 	}
@@ -303,21 +305,23 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args)
 					break;
 				}
 				default:
-					DBG1("invalid data type supplied");
+					DBG1(DBG_LIB, "invalid data type supplied");
 					mysql_stmt_close(stmt);
 					return NULL;
 			}
 		}
 		if (mysql_stmt_bind_param(stmt, bind))
 		{
-			DBG1("binding MySQL param failed: %s", mysql_stmt_error(stmt));
+			DBG1(DBG_LIB, "binding MySQL param failed: %s",
+				 mysql_stmt_error(stmt));
 			mysql_stmt_close(stmt);
 			return NULL;
 		}
 	}
 	if (mysql_stmt_execute(stmt))
 	{
-		DBG1("executing MySQL statement failed: %s", mysql_stmt_error(stmt));
+		DBG1(DBG_LIB, "executing MySQL statement failed: %s",
+			 mysql_stmt_error(stmt));
 		mysql_stmt_close(stmt);
 		return NULL;
 	}
@@ -413,7 +417,8 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...)
 		case MYSQL_NO_DATA:
 			return FALSE;
 		default:
-			DBG1("fetching MySQL row failed: %s", mysql_stmt_error(this->stmt));
+			DBG1(DBG_LIB, "fetching MySQL row failed: %s",
+				 mysql_stmt_error(this->stmt));
 			return FALSE;
 	}
 
@@ -536,7 +541,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...)
 					break;
 				}
 				default:
-					DBG1("invalid result data type supplied");
+					DBG1(DBG_LIB, "invalid result data type supplied");
 					mysql_enumerator_destroy(enumerator);
 					va_end(args);
 					return NULL;
@@ -544,7 +549,8 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...)
 		}
 		if (mysql_stmt_bind_result(stmt, enumerator->bind))
 		{
-			DBG1("binding MySQL result failed: %s", mysql_stmt_error(stmt));
+			DBG1(DBG_LIB, "binding MySQL result failed: %s",
+				 mysql_stmt_error(stmt));
 			mysql_enumerator_destroy(enumerator);
 			enumerator = NULL;
 		}
@@ -653,7 +659,7 @@ static bool parse_uri(private_mysql_database_t *this, char *uri)
 			}
 		}
 	}
-	DBG1("parsing MySQL database uri '%s' failed", uri);
+	DBG1(DBG_LIB, "parsing MySQL database uri '%s' failed", uri);
 	return FALSE;
 }
 
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c
index 0e64bbc3d..a13aa8091 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.c
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c
@@ -46,13 +46,13 @@ static void destroy(private_mysql_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *mysql_plugin_create()
 {
 	private_mysql_plugin_t *this;
 
 	if (!mysql_database_init())
 	{
-		DBG1("MySQL client library initialization failed");
+		DBG1(DBG_LIB, "MySQL client library initialization failed");
 		return NULL;
 	}
 
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.h b/src/libstrongswan/plugins/mysql/mysql_plugin.h
index fa53c2b7a..d1f21870c 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.h
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.h
@@ -39,9 +39,4 @@ struct mysql_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a mysql_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** MYSQL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am
index 25cc5aa1d..a50799798 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.am
+++ b/src/libstrongswan/plugins/openssl/Makefile.am
@@ -3,12 +3,18 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-openssl.la
+else
 plugin_LTLIBRARIES = libstrongswan-openssl.la
+endif
 
-libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
+libstrongswan_openssl_la_SOURCES = \
+	openssl_plugin.h openssl_plugin.c \
 	openssl_util.c openssl_util.h \
 	openssl_crypter.c openssl_crypter.h \
 	openssl_hasher.c openssl_hasher.h \
+	openssl_sha1_prf.c openssl_sha1_prf.h \
 	openssl_diffie_hellman.c openssl_diffie_hellman.h \
 	openssl_rsa_private_key.c openssl_rsa_private_key.h \
 	openssl_rsa_public_key.c openssl_rsa_public_key.h \
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index aa8ecf06c..a2a931d42 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -72,18 +72,22 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_openssl_la_DEPENDENCIES =
 am_libstrongswan_openssl_la_OBJECTS = openssl_plugin.lo \
 	openssl_util.lo openssl_crypter.lo openssl_hasher.lo \
-	openssl_diffie_hellman.lo openssl_rsa_private_key.lo \
-	openssl_rsa_public_key.lo openssl_ec_diffie_hellman.lo \
-	openssl_ec_private_key.lo openssl_ec_public_key.lo
+	openssl_sha1_prf.lo openssl_diffie_hellman.lo \
+	openssl_rsa_private_key.lo openssl_rsa_public_key.lo \
+	openssl_ec_diffie_hellman.lo openssl_ec_private_key.lo \
+	openssl_ec_public_key.lo
 libstrongswan_openssl_la_OBJECTS =  \
 	$(am_libstrongswan_openssl_la_OBJECTS)
 libstrongswan_openssl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_openssl_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_openssl_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_openssl_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -222,6 +226,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -258,11 +263,14 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-openssl.la
-libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-openssl.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-openssl.la
+libstrongswan_openssl_la_SOURCES = \
+	openssl_plugin.h openssl_plugin.c \
 	openssl_util.c openssl_util.h \
 	openssl_crypter.c openssl_crypter.h \
 	openssl_hasher.c openssl_hasher.h \
+	openssl_sha1_prf.c openssl_sha1_prf.h \
 	openssl_diffie_hellman.c openssl_diffie_hellman.h \
 	openssl_rsa_private_key.c openssl_rsa_private_key.h \
 	openssl_rsa_public_key.c openssl_rsa_public_key.h \
@@ -306,6 +314,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -338,7 +355,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-openssl.la: $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_DEPENDENCIES) 
-	$(libstrongswan_openssl_la_LINK) -rpath $(plugindir) $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_LIBADD) $(LIBS)
+	$(libstrongswan_openssl_la_LINK) $(am_libstrongswan_openssl_la_rpath) $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -355,6 +372,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_plugin.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_rsa_private_key.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_rsa_public_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_sha1_prf.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_util.Plo@am__quote@
 
 .c.o:
@@ -500,8 +518,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -572,18 +590,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 80a1ee878..9a032c54f 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2008-2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -20,47 +20,6 @@
 
 #include <debug.h>
 
-typedef struct modulus_entry_t modulus_entry_t;
-
-/**
- * Entry of the modulus list.
- */
-struct modulus_entry_t {
-	/**
-	 * Group number as it is defined in file transform_substructure.h.
-	 */
-	diffie_hellman_group_t group;
-
-	/**
-	 * Pointer to the function to get the modulus.
-	 */
-	BIGNUM *(*get_prime)(BIGNUM *bn);
-
-	/*
-	 * Optimum length of exponent in bits.
-	 */
-	long opt_exponent_len;
-
-	/*
-	 * Generator value.
-	 */
-	u_int16_t generator;
-};
-
-/**
- * All supported modulus values - optimum exponent size according to RFC 3526.
- */
-static modulus_entry_t modulus_entries[] = {
-	{MODP_768_BIT,  get_rfc2409_prime_768,  256, 2},
-	{MODP_1024_BIT, get_rfc2409_prime_1024, 256, 2},
-	{MODP_1536_BIT, get_rfc3526_prime_1536, 256, 2},
-	{MODP_2048_BIT, get_rfc3526_prime_2048, 384, 2},
-	{MODP_3072_BIT, get_rfc3526_prime_3072, 384, 2},
-	{MODP_4096_BIT, get_rfc3526_prime_4096, 512, 2},
-	{MODP_6144_BIT, get_rfc3526_prime_6144, 512, 2},
-	{MODP_8192_BIT, get_rfc3526_prime_8192, 512, 2},
-};
-
 typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t;
 
 /**
@@ -125,7 +84,6 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
 	memset(secret->ptr, 0, secret->len);
 	memcpy(secret->ptr + secret->len - this->shared_secret.len,
 		   this->shared_secret.ptr, this->shared_secret.len);
-
 	return SUCCESS;
 }
 
@@ -145,7 +103,7 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this,
 	len = DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh);
 	if (len < 0)
 	{
-		DBG1("DH shared secret computation failed");
+		DBG1(DBG_LIB, "DH shared secret computation failed");
 		return;
 	}
 	this->shared_secret.len = len;
@@ -165,27 +123,18 @@ static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *thi
  */
 static status_t set_modulus(private_openssl_diffie_hellman_t *this)
 {
-	int i;
-	bool ansi_x9_42;
-
-	ansi_x9_42 = lib->settings->get_bool(lib->settings,
-										 "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
-
-	for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
+	diffie_hellman_params_t *params = diffie_hellman_get_params(this->group);
+	if (!params)
 	{
-		if (modulus_entries[i].group == this->group)
-		{
-			this->dh->p = modulus_entries[i].get_prime(NULL);
-			this->dh->g = BN_new();
-			BN_set_word(this->dh->g, modulus_entries[i].generator);
-			if (!ansi_x9_42)
-			{
-				this->dh->length = modulus_entries[i].opt_exponent_len;
-			}
-			return SUCCESS;
-		}
+		return NOT_FOUND;
 	}
-	return NOT_FOUND;
+	this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL);
+	this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL);
+	if (params->exp_len != params->prime.len)
+	{
+		this->dh->length = params->exp_len * 8;
+	}
+	return SUCCESS;
 }
 
 /**
@@ -237,7 +186,8 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
 		destroy(this);
 		return NULL;
 	}
-	DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key));
+	DBG2(DBG_LIB, "size of DH secret exponent: %d bits",
+		 BN_num_bits(this->dh->priv_key));
 
 	return &this->public;
 }
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 671fa41e2..faec411cd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -212,14 +212,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch
 {
 	if (!chunk2ecp(this->ec_group, value, this->pub_key))
 	{
-		DBG1("ECDH public value is malformed");
+		DBG1(DBG_LIB, "ECDH public value is malformed");
 		return;
 	}
 
 	chunk_free(&this->shared_secret);
 
 	if (!compute_shared_key(this, &this->shared_secret)) {
-		DBG1("ECDH shared secret computation failed");
+		DBG1(DBG_LIB, "ECDH shared secret computation failed");
 		return;
 	}
 
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 89ced5a9a..bdcfda974 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -84,14 +84,14 @@ static bool build_curve_signature(private_openssl_ec_private_key_t *this,
 	req_group = EC_GROUP_new_by_curve_name(nid_curve);
 	if (!req_group)
 	{
-		DBG1("signature scheme %N not supported in EC (required curve "
+		DBG1(DBG_LIB, "signature scheme %N not supported in EC (required curve "
 			 "not supported)", signature_scheme_names, scheme);
 		return FALSE;
 	}
 	my_group = EC_KEY_get0_group(this->ec);
 	if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
 	{
-		DBG1("signature scheme %N not supported by private key",
+		DBG1(DBG_LIB, "signature scheme %N not supported by private key",
 			 signature_scheme_names, scheme);
 		return FALSE;
 	}
@@ -162,7 +162,7 @@ static bool sign(private_openssl_ec_private_key_t *this,
 			return build_curve_signature(this, scheme, NID_sha512,
 										 NID_secp521r1, data, signature);
 		default:
-			DBG1("signature scheme %N not supported",
+			DBG1(DBG_LIB, "signature scheme %N not supported",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -174,7 +174,7 @@ static bool sign(private_openssl_ec_private_key_t *this,
 static bool decrypt(private_openssl_ec_private_key_t *this,
 					chunk_t crypto, chunk_t *plain)
 {
-	DBG1("EC private key decryption not implemented");
+	DBG1(DBG_LIB, "EC private key decryption not implemented");
 	return FALSE;
 }
 
@@ -233,11 +233,24 @@ static bool get_encoding(private_openssl_ec_private_key_t *this,
 	switch (type)
 	{
 		case KEY_PRIV_ASN1_DER:
+		case KEY_PRIV_PEM:
 		{
+			bool success = TRUE;
+
 			*encoding = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL));
 			p = encoding->ptr;
 			i2d_ECPrivateKey(this->ec, &p);
-			return TRUE;
+
+			if (type == KEY_PRIV_PEM)
+			{
+				chunk_t asn1_encoding = *encoding;
+
+				success = lib->encoding->encode(lib->encoding, KEY_PRIV_PEM,
+								NULL, encoding, KEY_PART_ECDSA_PRIV_ASN1_DER,
+								asn1_encoding, KEY_PART_END);
+				chunk_clear(&asn1_encoding);
+			}
+			return success;
 		}
 		default:
 			return FALSE;
@@ -335,13 +348,13 @@ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type,
 			this->ec = EC_KEY_new_by_curve_name(NID_secp521r1);
 			break;
 		default:
-			DBG1("EC private key size %d not supported", key_size);
+			DBG1(DBG_LIB, "EC private key size %d not supported", key_size);
 			destroy(this);
 			return NULL;
 	}
 	if (EC_KEY_generate_key(this->ec) != 1)
 	{
-		DBG1("EC private key generation failed", key_size);
+		DBG1(DBG_LIB, "EC private key generation failed", key_size);
 		destroy(this);
 		return NULL;
 	}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index f37c736b1..790a8487d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -82,14 +82,14 @@ static bool verify_curve_signature(private_openssl_ec_public_key_t *this,
 	req_group = EC_GROUP_new_by_curve_name(nid_curve);
 	if (!req_group)
 	{
-		DBG1("signature scheme %N not supported in EC (required curve "
+		DBG1(DBG_LIB, "signature scheme %N not supported in EC (required curve "
 			 "not supported)", signature_scheme_names, scheme);
 		return FALSE;
 	}
 	my_group = EC_KEY_get0_group(this->ec);
 	if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
 	{
-		DBG1("signature scheme %N not supported by private key",
+		DBG1(DBG_LIB, "signature scheme %N not supported by private key",
 			 signature_scheme_names, scheme);
 		return FALSE;
 	}
@@ -162,7 +162,7 @@ static bool verify(private_openssl_ec_public_key_t *this,
 			return verify_curve_signature(this, scheme, NID_sha512,
 										  NID_secp521r1, data, signature);
 		default:
-			DBG1("signature scheme %N not supported in EC",
+			DBG1(DBG_LIB, "signature scheme %N not supported in EC",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -174,7 +174,7 @@ static bool verify(private_openssl_ec_public_key_t *this,
 static bool encrypt_(private_openssl_ec_public_key_t *this,
 					 chunk_t crypto, chunk_t *plain)
 {
-	DBG1("EC public key encryption not implemented");
+	DBG1(DBG_LIB, "EC public key encryption not implemented");
 	return FALSE;
 }
 
@@ -217,7 +217,7 @@ bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp)
 	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 	if (!hasher)
 	{
-		DBG1("SHA1 hash algorithm not supported, fingerprinting failed");
+		DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
 		free(key.ptr);
 		return FALSE;
 	}
@@ -248,11 +248,24 @@ static bool get_encoding(private_openssl_ec_public_key_t *this,
 	switch (type)
 	{
 		case KEY_PUB_SPKI_ASN1_DER:
+		case KEY_PUB_PEM:
 		{
+			bool success = TRUE;
+
 			*encoding = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL));
 			p = encoding->ptr;
 			i2d_EC_PUBKEY(this->ec, &p);
-			return TRUE;
+
+			if (type == KEY_PUB_PEM)
+			{
+				chunk_t asn1_encoding = *encoding;
+
+				success = lib->encoding->encode(lib->encoding, KEY_PUB_PEM,
+								NULL, encoding, KEY_PART_ECDSA_PUB_ASN1_DER,
+								asn1_encoding, KEY_PART_END);
+				chunk_clear(&asn1_encoding);
+			}
+			return success;
 		}
 		default:
 			return FALSE;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 548a76bb4..c1545ffb8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -27,6 +27,7 @@
 #include "openssl_util.h"
 #include "openssl_crypter.h"
 #include "openssl_hasher.h"
+#include "openssl_sha1_prf.h"
 #include "openssl_diffie_hellman.h"
 #include "openssl_ec_diffie_hellman.h"
 #include "openssl_rsa_private_key.h"
@@ -170,6 +171,8 @@ static void destroy(private_openssl_plugin_t *this)
 					(crypter_constructor_t)openssl_crypter_create);
 	lib->crypto->remove_hasher(lib->crypto,
 					(hasher_constructor_t)openssl_hasher_create);
+	lib->crypto->remove_prf(lib->crypto,
+					(prf_constructor_t)openssl_sha1_prf_create);
 	lib->crypto->remove_dh(lib->crypto,
 					(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->remove_dh(lib->crypto,
@@ -201,7 +204,7 @@ static void destroy(private_openssl_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *openssl_plugin_create()
 {
 	private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t);
 
@@ -256,9 +259,17 @@ plugin_t *plugin_create()
 	lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
 					(hasher_constructor_t)openssl_hasher_create);
 
+	/* prf */
+	lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1,
+					(prf_constructor_t)openssl_sha1_prf_create);
+
 	/* (ec) diffie hellman */
 	lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
 						(dh_constructor_t)openssl_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_2048_224,
+						(dh_constructor_t)openssl_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_2048_256,
+						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
 						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, ECP_256_BIT,
@@ -281,6 +292,8 @@ plugin_t *plugin_create()
 						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
 						(dh_constructor_t)openssl_diffie_hellman_create);
+	lib->crypto->add_dh(lib->crypto, MODP_1024_160,
+						(dh_constructor_t)openssl_diffie_hellman_create);
 	lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
 						(dh_constructor_t)openssl_diffie_hellman_create);
 
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h
index 9f422c9d0..0762c37b9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.h
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h
@@ -39,9 +39,4 @@ struct openssl_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a openssl_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** OPENSSL_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 078f889a6..de751fe89 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -160,7 +160,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
 		default:
-			DBG1("signature scheme %N not supported in RSA",
+			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -172,7 +172,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
 static bool decrypt(private_openssl_rsa_private_key_t *this,
 					chunk_t crypto, chunk_t *plain)
 {
-	DBG1("RSA private key decryption not implemented");
+	DBG1(DBG_LIB, "RSA private key decryption not implemented");
 	return FALSE;
 }
 
@@ -226,11 +226,24 @@ static bool get_encoding(private_openssl_rsa_private_key_t *this,
 	switch (type)
 	{
 		case KEY_PRIV_ASN1_DER:
+		case KEY_PRIV_PEM:
 		{
+			bool success = TRUE;
+
 			*encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
 			p = encoding->ptr;
 			i2d_RSAPrivateKey(this->rsa, &p);
-			return TRUE;
+
+			if (type == KEY_PRIV_PEM)
+			{
+				chunk_t asn1_encoding = *encoding;
+
+				success = lib->encoding->encode(lib->encoding, KEY_PRIV_PEM,
+								NULL, encoding, KEY_PART_RSA_PRIV_ASN1_DER,
+								asn1_encoding, KEY_PART_END);
+				chunk_clear(&asn1_encoding);
+			}
+			return success;
 		}
 		default:
 			return FALSE;
@@ -296,6 +309,8 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
 {
 	private_openssl_rsa_private_key_t *this;
 	u_int key_size = 0;
+	RSA *rsa = NULL;
+	BIGNUM *e = NULL;
 
 	while (TRUE)
 	{
@@ -315,10 +330,31 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
 	{
 		return NULL;
 	}
+	e = BN_new();
+	if (!e || !BN_set_word(e, PUBLIC_EXPONENT))
+	{
+		goto error;
+	}
+	rsa = RSA_new();
+	if (!rsa || !RSA_generate_key_ex(rsa, key_size, e, NULL))
+	{
+		goto error;
+	}
 	this = create_empty();
-	this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL);
-
+	this->rsa = rsa;
+	BN_free(e);
 	return &this->public;
+
+error:
+	if (e)
+	{
+		BN_free(e);
+	}
+	if (rsa)
+	{
+		RSA_free(rsa);
+	}
+	return NULL;
 }
 
 /**
@@ -440,22 +476,22 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
 	}
 
 	engine_id = lib->settings->get_str(lib->settings,
-								"library.plugins.openssl.engine_id", "pkcs11");
+						"libstrongswan.plugins.openssl.engine_id", "pkcs11");
 	engine = ENGINE_by_id(engine_id);
 	if (!engine)
 	{
-		DBG1("engine '%s' is not available", engine_id);
+		DBG1(DBG_LIB, "engine '%s' is not available", engine_id);
 		return NULL;
 	}
 	if (!ENGINE_init(engine))
 	{
-		DBG1("failed to initialize engine '%s'", engine_id);
+		DBG1(DBG_LIB, "failed to initialize engine '%s'", engine_id);
 		ENGINE_free(engine);
 		return NULL;
 	}
 	if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
 	{
-		DBG1("failed to set PIN on engine '%s'", engine_id);
+		DBG1(DBG_LIB, "failed to set PIN on engine '%s'", engine_id);
 		ENGINE_free(engine);
 		return NULL;
 	}
@@ -463,8 +499,8 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
 	key = ENGINE_load_private_key(engine, keyid, NULL, NULL);
 	if (!key)
 	{
-		DBG1("failed to load private key with ID '%s' from engine '%s'",
-			 keyid, engine_id);
+		DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
+			 "engine '%s'", keyid, engine_id);
 		ENGINE_free(engine);
 		return NULL;
 	}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 422262b19..ffa575a97 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -145,7 +145,7 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
 		case SIGN_RSA_EMSA_PKCS1_MD5:
 			return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
 		default:
-			DBG1("signature scheme %N not supported in RSA",
+			DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
 				 signature_scheme_names, scheme);
 			return FALSE;
 	}
@@ -157,7 +157,7 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
 static bool encrypt_(private_openssl_rsa_public_key_t *this,
 					 chunk_t crypto, chunk_t *plain)
 {
-	DBG1("RSA public key encryption not implemented");
+	DBG1(DBG_LIB, "RSA public key encryption not implemented");
 	return FALSE;
 }
 
@@ -200,7 +200,7 @@ bool openssl_rsa_fingerprint(RSA *rsa, key_encoding_type_t type, chunk_t *fp)
 	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 	if (!hasher)
 	{
-		DBG1("SHA1 hash algorithm not supported, fingerprinting failed");
+		DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
 		free(key.ptr);
 		return FALSE;
 	}
@@ -231,11 +231,24 @@ static bool get_encoding(private_openssl_rsa_public_key_t *this,
 	switch (type)
 	{
 		case KEY_PUB_SPKI_ASN1_DER:
+		case KEY_PUB_PEM:
 		{
+			bool success = TRUE;
+
 			*encoding = chunk_alloc(i2d_RSA_PUBKEY(this->rsa, NULL));
 			p = encoding->ptr;
 			i2d_RSA_PUBKEY(this->rsa, &p);
-			return TRUE;
+
+			if (type == KEY_PUB_PEM)
+			{
+				chunk_t asn1_encoding = *encoding;
+
+				success = lib->encoding->encode(lib->encoding, KEY_PUB_PEM,
+								NULL, encoding, KEY_PART_RSA_PUB_ASN1_DER,
+								asn1_encoding, KEY_PART_END);
+				chunk_clear(&asn1_encoding);
+			}
+			return success;
 		}
 		case KEY_PUB_ASN1_DER:
 		{
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
new file mode 100644
index 000000000..b65388010
--- /dev/null
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "openssl_sha1_prf.h"
+
+#include <openssl/sha.h>
+
+typedef struct private_openssl_sha1_prf_t private_openssl_sha1_prf_t;
+
+/**
+ * Private data of an openssl_sha1_prf_t object.
+ */
+struct private_openssl_sha1_prf_t {
+
+	/**
+	 * Public openssl_sha1_prf_t interface.
+	 */
+	openssl_sha1_prf_t public;
+
+	/**
+	 * SHA1 context
+	 */
+	SHA_CTX ctx;
+};
+
+METHOD(prf_t, get_bytes, void,
+	private_openssl_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
+{
+	SHA1_Update(&this->ctx, seed.ptr, seed.len);
+
+	if (bytes)
+	{
+		u_int32_t *hash = (u_int32_t*)bytes;
+
+		hash[0] = htonl(this->ctx.h0);
+		hash[1] = htonl(this->ctx.h1);
+		hash[2] = htonl(this->ctx.h2);
+		hash[3] = htonl(this->ctx.h3);
+		hash[4] = htonl(this->ctx.h4);
+	}
+}
+
+METHOD(prf_t, get_block_size, size_t,
+	private_openssl_sha1_prf_t *this)
+{
+	return HASH_SIZE_SHA1;
+}
+
+METHOD(prf_t, allocate_bytes, void,
+	private_openssl_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
+{
+	if (chunk)
+	{
+		*chunk = chunk_alloc(HASH_SIZE_SHA1);
+		get_bytes(this, seed, chunk->ptr);
+	}
+	else
+	{
+		get_bytes(this, seed, NULL);
+	}
+}
+
+METHOD(prf_t, get_key_size, size_t,
+	private_openssl_sha1_prf_t *this)
+{
+	return HASH_SIZE_SHA1;
+}
+
+METHOD(prf_t, set_key, void,
+	private_openssl_sha1_prf_t *this, chunk_t key)
+{
+	SHA1_Init(&this->ctx);
+
+	if (key.len >= 4)
+	{
+		this->ctx.h0 ^= untoh32(key.ptr);
+	}
+	if (key.len >= 8)
+	{
+		this->ctx.h1 ^= untoh32(key.ptr + 4);
+	}
+	if (key.len >= 12)
+	{
+		this->ctx.h2 ^= untoh32(key.ptr + 8);
+	}
+	if (key.len >= 16)
+	{
+		this->ctx.h3 ^= untoh32(key.ptr + 12);
+	}
+	if (key.len >= 20)
+	{
+		this->ctx.h4 ^= untoh32(key.ptr + 16);
+	}
+}
+
+METHOD(prf_t, destroy, void,
+	private_openssl_sha1_prf_t *this)
+{
+	free(this);
+}
+
+/**
+ * See header
+ */
+openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo)
+{
+	private_openssl_sha1_prf_t *this;
+
+	if (algo != PRF_KEYED_SHA1)
+	{
+		return NULL;
+	}
+
+	INIT(this,
+		.public.prf = {
+			.get_block_size = _get_block_size,
+			.get_bytes = _get_bytes,
+			.allocate_bytes = _allocate_bytes,
+			.get_key_size = _get_key_size,
+			.set_key = _set_key,
+			.destroy = _destroy,
+		},
+	);
+
+	return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
new file mode 100644
index 000000000..9a24e7ee1
--- /dev/null
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup openssl_sha1_prf openssl_sha1_prf
+ * @{ @ingroup sha1_p
+ */
+
+#ifndef OPENSSL_SHA1_PRF_H_
+#define OPENSSL_SHA1_PRF_H_
+
+typedef struct openssl_sha1_prf_t openssl_sha1_prf_t;
+
+#include <crypto/prfs/prf.h>
+
+/**
+ * Implementation of prf_t interface using keyed SHA1 algorithm as used
+ * in EAP-AKA/FIPS_PRF.
+ */
+struct openssl_sha1_prf_t {
+
+	/**
+	 * Implements prf_t interface.
+	 */
+	prf_t prf;
+};
+
+/**
+ * Creates a new openssl_sha1_prf_t.
+ *
+ * @param algo		algorithm, must be PRF_KEYED_SHA1
+ * @return			sha1_keyed_prf_tobject
+ */
+openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo);
+
+#endif /** OPENSSL_SHA1_PRF_H_ @}*/
diff --git a/src/libstrongswan/plugins/padlock/Makefile.am b/src/libstrongswan/plugins/padlock/Makefile.am
index b2b1f9d85..6706d26cb 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.am
+++ b/src/libstrongswan/plugins/padlock/Makefile.am
@@ -3,11 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-padlock.la
+else
 plugin_LTLIBRARIES = libstrongswan-padlock.la
+endif
 
-libstrongswan_padlock_la_SOURCES = padlock_plugin.h padlock_plugin.c \
+libstrongswan_padlock_la_SOURCES = \
+	padlock_plugin.h padlock_plugin.c \
 	padlock_aes_crypter.c padlock_aes_crypter.h \
 	padlock_sha1_hasher.c padlock_sha1_hasher.h \
 	padlock_rng.c padlock_rng.h
-libstrongswan_padlock_la_LDFLAGS = -module -avoid-version
 
+libstrongswan_padlock_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 59ea98799..84c2ef2fb 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_padlock_la_LIBADD =
 am_libstrongswan_padlock_la_OBJECTS = padlock_plugin.lo \
 	padlock_aes_crypter.lo padlock_sha1_hasher.lo padlock_rng.lo
@@ -81,6 +81,9 @@ libstrongswan_padlock_la_OBJECTS =  \
 libstrongswan_padlock_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_padlock_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_padlock_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_padlock_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,8 +259,10 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-padlock.la
-libstrongswan_padlock_la_SOURCES = padlock_plugin.h padlock_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-padlock.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-padlock.la
+libstrongswan_padlock_la_SOURCES = \
+	padlock_plugin.h padlock_plugin.c \
 	padlock_aes_crypter.c padlock_aes_crypter.h \
 	padlock_sha1_hasher.c padlock_sha1_hasher.h \
 	padlock_rng.c padlock_rng.h
@@ -296,6 +302,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-padlock.la: $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_DEPENDENCIES) 
-	$(libstrongswan_padlock_la_LINK) -rpath $(plugindir) $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_LIBADD) $(LIBS)
+	$(libstrongswan_padlock_la_LINK) $(am_libstrongswan_padlock_la_rpath) $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -484,8 +499,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -556,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c
index 32b18ec4b..c9606ae15 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.c
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c
@@ -97,7 +97,7 @@ static padlock_feature_t get_padlock_features()
 			return d;
 		}
 	}
-	DBG1("Padlock not found, CPU is %s", vendor);
+	DBG1(DBG_LIB, "Padlock not found, CPU is %s", vendor);
 	return 0;
 }
 
@@ -131,7 +131,7 @@ static void destroy(private_padlock_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *padlock_plugin_create()
 {
 	private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t);
 
@@ -143,7 +143,7 @@ plugin_t *plugin_create()
 		free(this);
 		return NULL;
 	}
-	DBG1("Padlock found, supports:%s%s%s%s%s, enabled:%s%s%s%s%s",
+	DBG1(DBG_LIB, "Padlock found, supports:%s%s%s%s%s, enabled:%s%s%s%s%s",
 		 this->features & PADLOCK_RNG_AVAILABLE ? " RNG" : "",
 		 this->features & PADLOCK_ACE_AVAILABLE ? " ACE" : "",
 		 this->features & PADLOCK_ACE2_AVAILABLE ? " ACE2" : "",
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.h b/src/libstrongswan/plugins/padlock/padlock_plugin.h
index 76f4d1135..d99d4db0f 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.h
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.h
@@ -39,9 +39,4 @@ struct padlock_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a padlock_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** PADLOCK_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pem/Makefile.am b/src/libstrongswan/plugins/pem/Makefile.am
index 98f356aaf..b815b1e0b 100644
--- a/src/libstrongswan/plugins/pem/Makefile.am
+++ b/src/libstrongswan/plugins/pem/Makefile.am
@@ -3,10 +3,15 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pem.la
+else
 plugin_LTLIBRARIES = libstrongswan-pem.la
+endif
 
-libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \
-  pem_builder.c pem_builder.h
+libstrongswan_pem_la_SOURCES = \
+	pem_plugin.h pem_plugin.c \
+	pem_builder.c pem_builder.h \
+	pem_encoder.c pem_encoder.h
 
 libstrongswan_pem_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index e81b4f78f..4e39c8f7b 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -72,13 +72,16 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_pem_la_LIBADD =
-am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo
+am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo \
+	pem_encoder.lo
 libstrongswan_pem_la_OBJECTS = $(am_libstrongswan_pem_la_OBJECTS)
 libstrongswan_pem_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_pem_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pem_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pem_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,9 +257,12 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pem.la
-libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \
-  pem_builder.c pem_builder.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pem.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pem.la
+libstrongswan_pem_la_SOURCES = \
+	pem_plugin.h pem_plugin.c \
+	pem_builder.c pem_builder.h \
+	pem_encoder.c pem_encoder.h
 
 libstrongswan_pem_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -292,6 +299,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-pem.la: $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_DEPENDENCIES) 
-	$(libstrongswan_pem_la_LINK) -rpath $(plugindir) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS)
+	$(libstrongswan_pem_la_LINK) $(am_libstrongswan_pem_la_rpath) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -333,6 +349,7 @@ distclean-compile:
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_builder.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_encoder.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_plugin.Plo@am__quote@
 
 .c.o:
@@ -478,8 +495,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -550,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index 2f285e9bc..65be9501b 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -73,7 +73,7 @@ static bool find_boundary(char* tag, chunk_t *line)
 	{
 		if (present("-----", line))
 		{
-			DBG2("  -----%s %.*s-----", tag, (int)name.len, name.ptr);
+			DBG2(DBG_LIB, "  -----%s %.*s-----", tag, (int)name.len, name.ptr);
 			return TRUE;
 		}
 		line->ptr++;  line->len--;  name.len++;
@@ -99,7 +99,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 	hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
 	if (hasher == NULL)
 	{
-		DBG1("  MD5 hash algorithm not available");
+		DBG1(DBG_LIB, "  MD5 hash algorithm not available");
 		return NOT_SUPPORTED;
 	}
 	hash.len = hasher->get_hash_size(hasher);
@@ -121,7 +121,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 	crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
 	if (crypter == NULL)
 	{
-		DBG1("  %N encryption algorithm not available",
+		DBG1(DBG_LIB, "  %N encryption algorithm not available",
 			 encryption_algorithm_names, alg);
 		return NOT_SUPPORTED;
 	}
@@ -131,7 +131,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 		blob->len % iv.len)
 	{
 		crypter->destroy(crypter);
-		DBG1("  data size is not multiple of block size");
+		DBG1(DBG_LIB, "  data size is not multiple of block size");
 		return PARSE_ERROR;
 	}
 	crypter->decrypt(crypter, *blob, iv, &decrypted);
@@ -155,7 +155,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 	{
 		if (*last_padding_pos != padding)
 		{
-			DBG1("  invalid passphrase");
+			DBG1(DBG_LIB, "  invalid passphrase");
 			return INVALID_ARG;
 		}
 	}
@@ -234,7 +234,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
 				}
 
 				/* we are looking for a parameter: value pair */
-				DBG2("  %.*s", (int)line.len, line.ptr);
+				DBG2(DBG_LIB, "  %.*s", (int)line.len, line.ptr);
 				ugh = extract_parameter_value(&name, &value, &line);
 				if (ugh != NULL)
 				{
@@ -274,8 +274,8 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
 					}
 					else
 					{
-						DBG1("  encryption algorithm '%.*s' not supported",
-							 dek.len, dek.ptr);
+						DBG1(DBG_LIB, "  encryption algorithm '%.*s'"
+							 " not supported", dek.len, dek.ptr);
 						return NOT_SUPPORTED;
 					}
 					eat_whitespace(&value);
@@ -298,7 +298,8 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
 					*pgp = TRUE;
 					data.ptr++;
 					data.len--;
-					DBG2("  armor checksum: %.*s", (int)data.len, data.ptr);
+					DBG2(DBG_LIB, "  armor checksum: %.*s", (int)data.len,
+						 data.ptr);
 					continue;
 				}
 
@@ -318,7 +319,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
 
 	if (state != PEM_POST)
 	{
-		DBG1("  file coded in unknown format, discarded");
+		DBG1(DBG_LIB, "  file coded in unknown format, discarded");
 		return PARSE_ERROR;
 	}
 	if (!encrypted)
@@ -327,7 +328,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
 	}
 	if (!cb)
 	{
-		DBG1("  missing passphrase");
+		DBG1(DBG_LIB, "  missing passphrase");
 		return INVALID_ARG;
 	}
 	while (TRUE)
@@ -404,13 +405,14 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
 	fd = open(file, O_RDONLY);
 	if (fd == -1)
 	{
-		DBG1("  opening '%s' failed: %s", file, strerror(errno));
+		DBG1(DBG_LIB, "  opening '%s' failed: %s", file, strerror(errno));
 		return NULL;
 	}
 
 	if (fstat(fd, &sb) == -1)
 	{
-		DBG1("  getting file size of '%s' failed: %s", file, strerror(errno));
+		DBG1(DBG_LIB, "  getting file size of '%s' failed: %s", file,
+			 strerror(errno));
 		close(fd);
 		return NULL;
 	}
@@ -418,7 +420,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
 	addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
 	if (addr == MAP_FAILED)
 	{
-		DBG1("  mapping '%s' failed: %s", file, strerror(errno));
+		DBG1(DBG_LIB, "  mapping '%s' failed: %s", file, strerror(errno));
 		close(fd);
 		return NULL;
 	}
@@ -447,7 +449,8 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
 		len = read(fd, pos, buf + sizeof(buf) - pos);
 		if (len < 0)
 		{
-			DBG1("reading from file descriptor failed: %s", strerror(errno));
+			DBG1(DBG_LIB, "reading from file descriptor failed: %s",
+				 strerror(errno));
 			return NULL;
 		}
 		if (len == 0)
@@ -457,7 +460,7 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
 		total += len;
 		if (total == sizeof(buf))
 		{
-			DBG1("buffer too small to read from file descriptor");
+			DBG1(DBG_LIB, "buffer too small to read from file descriptor");
 			return NULL;
 		}
 	}
diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h
index 189a5430f..87f5a2c69 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.h
+++ b/src/libstrongswan/plugins/pem/pem_builder.h
@@ -18,8 +18,8 @@
  * @{ @ingroup pem_p
  */
 
-#ifndef PEM_PRIVATE_KEY_H_
-#define PEM_PRIVATE_KEY_H_
+#ifndef PEM_BUILDER_H_
+#define PEM_BUILDER_H_
 
 #include <credentials/builder.h>
 #include <credentials/credential_factory.h>
@@ -53,5 +53,5 @@ public_key_t *pem_public_key_load(key_type_t type, va_list args);
  */
 certificate_t *pem_certificate_load(certificate_type_t type, va_list args);
 
-#endif /** PEM_PRIVATE_KEY_H_ @}*/
+#endif /** PEM_BUILDER_H_ @}*/
 
diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c
new file mode 100644
index 000000000..13c99a958
--- /dev/null
+++ b/src/libstrongswan/plugins/pem/pem_encoder.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "pem_encoder.h"
+
+#define BYTES_PER_LINE	48
+
+/**
+ * See header.
+ */
+bool pem_encoder_encode(key_encoding_type_t type, chunk_t *encoding,
+						va_list args)
+{
+	chunk_t asn1;
+	char *label;
+	u_char *pos;
+	size_t len, written, pem_chars, pem_lines;
+	chunk_t n, e, d, p, q, exp1, exp2, coeff, to_free = chunk_empty;
+
+	switch (type)
+	{
+		case KEY_PUB_PEM:
+			label ="PUBLIC KEY";
+			/* direct PKCS#1 PEM encoding */
+			if (key_encoding_args(args, KEY_PART_RSA_PUB_ASN1_DER,
+									&asn1, KEY_PART_END) ||
+				key_encoding_args(args, KEY_PART_ECDSA_PUB_ASN1_DER,
+									&asn1, KEY_PART_END))
+			{
+				break;
+			}
+			/* indirect PEM encoding from components */
+			if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n,
+									KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END))
+			{
+				if (lib->encoding->encode(lib->encoding, KEY_PUB_SPKI_ASN1_DER,
+									NULL, &asn1, KEY_PART_RSA_MODULUS, n,
+									KEY_PART_RSA_PUB_EXP, e, KEY_PART_END))
+				{
+					to_free = asn1;
+					break;
+				}
+			}
+			return FALSE;
+		case KEY_PRIV_PEM:
+			label ="RSA PRIVATE KEY";
+			/* direct PKCS#1 PEM encoding */
+			if (key_encoding_args(args, KEY_PART_RSA_PRIV_ASN1_DER,
+									&asn1, KEY_PART_END))
+			{
+				break;
+			}
+			/* indirect PEM encoding from components */
+			if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n,
+							KEY_PART_RSA_PUB_EXP, &e, KEY_PART_RSA_PRIV_EXP, &d,
+							KEY_PART_RSA_PRIME1, &p, KEY_PART_RSA_PRIME2, &q,
+							KEY_PART_RSA_EXP1, &exp1, KEY_PART_RSA_EXP2, &exp2,
+							KEY_PART_RSA_COEFF, &coeff, KEY_PART_END))
+			{
+				if (lib->encoding->encode(lib->encoding, KEY_PRIV_ASN1_DER, NULL,
+							&asn1, KEY_PART_RSA_MODULUS, n,
+							KEY_PART_RSA_PUB_EXP, e, KEY_PART_RSA_PRIV_EXP, d,
+							KEY_PART_RSA_PRIME1, p, KEY_PART_RSA_PRIME2, q,
+							KEY_PART_RSA_EXP1, exp1, KEY_PART_RSA_EXP2, exp2,
+							KEY_PART_RSA_COEFF, coeff, KEY_PART_END))
+				{
+					to_free = asn1;
+					break;
+				}
+			}
+			if (key_encoding_args(args, KEY_PART_ECDSA_PRIV_ASN1_DER,
+								   &asn1, KEY_PART_END))
+			{
+				label ="EC PRIVATE KEY";
+				break;
+			}
+			return FALSE;
+		default:
+			return FALSE;
+	}
+
+	/* compute and allocate maximum size of PEM object */
+	pem_chars = 4*(asn1.len + 2)/3;
+	pem_lines = (asn1.len + BYTES_PER_LINE - 1) / BYTES_PER_LINE;
+	*encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines);
+	pos = encoding->ptr;
+	len = encoding->len;
+
+	/* write PEM header */
+	written = snprintf(pos, len, "-----BEGIN %s-----\n", label);
+	pos += written;
+	len -= written;
+
+	/* write PEM body */
+	while (pem_lines--)
+	{
+		chunk_t asn1_line, pem_line;
+
+		asn1_line = chunk_create(asn1.ptr, min(asn1.len, BYTES_PER_LINE));
+		asn1.ptr += asn1_line.len;
+		asn1.len -= asn1_line.len;
+		pem_line =  chunk_to_base64(asn1_line, pos);
+		pos += pem_line.len;
+		len -= pem_line.len;
+		*pos = '\n';
+		pos++;
+		len--;
+	}
+
+	chunk_clear(&to_free);
+
+	/* write PEM trailer */
+	written = snprintf(pos, len, "-----END %s-----", label);
+	pos += written;
+	len -= written;
+
+	/* replace termination null character with newline */
+	*pos = '\n';
+	pos++;
+	len--;
+
+	/* compute effective length of PEM object */
+	encoding->len = pos - encoding->ptr;
+	return TRUE;
+}
+
diff --git a/src/libstrongswan/plugins/pem/pem_encoder.h b/src/libstrongswan/plugins/pem/pem_encoder.h
new file mode 100644
index 000000000..a181133b7
--- /dev/null
+++ b/src/libstrongswan/plugins/pem/pem_encoder.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2010 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pem_encoder pem_encoder
+ * @{ @ingroup pem_p
+ */
+
+#ifndef PEM_ENCODER_H_
+#define PEM_ENCODER_H_
+
+#include <credentials/keys/key_encoding.h>
+
+/**
+ * Encoding from ASN.1 to PEM format.
+ */
+bool pem_encoder_encode(key_encoding_type_t type, chunk_t *encoding,
+						va_list args);
+
+#endif /** PEM_ENCODER_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c
index 5a5149ca8..810901b7a 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.c
+++ b/src/libstrongswan/plugins/pem/pem_plugin.c
@@ -16,7 +16,9 @@
 #include "pem_plugin.h"
 
 #include <library.h>
+
 #include "pem_builder.h"
+#include "pem_encoder.h"
 
 typedef struct private_pem_plugin_t private_pem_plugin_t;
 
@@ -48,7 +50,7 @@ static void destroy(private_pem_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *pem_plugin_create()
 {
 	private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t);
 
@@ -100,6 +102,9 @@ plugin_t *plugin_create()
 	lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL,
 							(builder_function_t)pem_certificate_load);
 
+	/* register PEM encoder */
+	lib->encoding->add_encoder(lib->encoding, pem_encoder_encode);
+
 	return &this->public.plugin;
 }
 
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.h b/src/libstrongswan/plugins/pem/pem_plugin.h
index 75616c496..944a3fc85 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.h
+++ b/src/libstrongswan/plugins/pem/pem_plugin.h
@@ -39,9 +39,4 @@ struct pem_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a pem_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** PEM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pgp/Makefile.am b/src/libstrongswan/plugins/pgp/Makefile.am
index c232971bb..4b414616d 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.am
+++ b/src/libstrongswan/plugins/pgp/Makefile.am
@@ -3,13 +3,17 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pgp.la
+else
 plugin_LTLIBRARIES = libstrongswan-pgp.la
+endif
 
-libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \
-  pgp_utils.h pgp_utils.c \
-  pgp_cert.h pgp_cert.c \
-  pgp_encoder.h pgp_encoder.c \
-  pgp_builder.h pgp_builder.c
+libstrongswan_pgp_la_SOURCES = \
+	pgp_plugin.h pgp_plugin.c \
+	pgp_utils.h pgp_utils.c \
+	pgp_cert.h pgp_cert.c \
+	pgp_encoder.h pgp_encoder.c \
+	pgp_builder.h pgp_builder.c
 
 libstrongswan_pgp_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 70840c400..5d487364f 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_pgp_la_LIBADD =
 am_libstrongswan_pgp_la_OBJECTS = pgp_plugin.lo pgp_utils.lo \
 	pgp_cert.lo pgp_encoder.lo pgp_builder.lo
@@ -80,6 +80,8 @@ libstrongswan_pgp_la_OBJECTS = $(am_libstrongswan_pgp_la_OBJECTS)
 libstrongswan_pgp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_pgp_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pgp_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pgp_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,12 +257,14 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pgp.la
-libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \
-  pgp_utils.h pgp_utils.c \
-  pgp_cert.h pgp_cert.c \
-  pgp_encoder.h pgp_encoder.c \
-  pgp_builder.h pgp_builder.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pgp.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pgp.la
+libstrongswan_pgp_la_SOURCES = \
+	pgp_plugin.h pgp_plugin.c \
+	pgp_utils.h pgp_utils.c \
+	pgp_cert.h pgp_cert.c \
+	pgp_encoder.h pgp_encoder.c \
+	pgp_builder.h pgp_builder.c
 
 libstrongswan_pgp_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -296,6 +301,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-pgp.la: $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_DEPENDENCIES) 
-	$(libstrongswan_pgp_la_LINK) -rpath $(plugindir) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS)
+	$(libstrongswan_pgp_la_LINK) $(am_libstrongswan_pgp_la_rpath) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -485,8 +499,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -557,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index d262d18ff..84c9bfddd 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -41,7 +41,7 @@ static public_key_t *parse_public_key(chunk_t blob)
 									 BUILD_BLOB_PGP, blob, BUILD_END);
 			break;
 		default:
-			DBG1("PGP public key algorithm %N not supported",
+			DBG1(DBG_LIB, "PGP public key algorithm %N not supported",
 				 pgp_pubkey_alg_names, alg);
 			return NULL;
 	}
@@ -90,12 +90,13 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
 	}
 	if (s2k == 255 || s2k == 254)
 	{
-		DBG1("string-to-key specifiers not supported");
+		DBG1(DBG_LIB, "string-to-key specifiers not supported");
 		return NULL;
 	}
 	if (s2k != PGP_SYM_ALG_PLAIN)
 	{
-		DBG1("%N private key encryption not supported", pgp_sym_alg_names, s2k);
+		DBG1(DBG_LIB, "%N private key encryption not supported",
+			 pgp_sym_alg_names, s2k);
 		return NULL;
 	}
 
@@ -121,7 +122,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
 static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
 							 chunk_t data, chunk_t *signature)
 {
-	DBG1("signing failed - decryption only key");
+	DBG1(DBG_LIB, "signing failed - decryption only key");
 	return FALSE;
 }
 
@@ -131,7 +132,7 @@ static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
 static bool decrypt_not_allowed(private_key_t *this,
 								chunk_t crypto, chunk_t *plain)
 {
-	DBG1("decryption failed - signature only key");
+	DBG1(DBG_LIB, "decryption failed - signature only key");
 	return FALSE;
 }
 
@@ -164,7 +165,7 @@ static private_key_t *parse_private_key(chunk_t blob)
 		case 4:
 			break;
 		default:
-			DBG1("PGP packet version V%d not supported", version);
+			DBG1(DBG_LIB, "PGP packet version V%d not supported", version);
 			return FALSE;
 	}
 	if (!pgp_read_scalar(&packet, 4, &created))
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index fa2612285..cd04f3d1a 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -198,9 +198,9 @@ static bool is_newer(certificate_t *this, certificate_t *that)
 	this->get_validity(this, &now, &this_update, NULL);
 	that->get_validity(that, &now, &that_update, NULL);
 	new = this_update > that_update;
-	DBG1("  certificate from %T is %s - existing certificate from %T %s",
-				&this_update, FALSE, new ? "newer":"not newer",
-				&that_update, FALSE, new ? "replaced":"retained");
+	DBG1(DBG_LIB, "  certificate from %T is %s - existing certificate"
+		 " from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
+		 &that_update, FALSE, new ? "replaced" : "retained");
 	return new;
 }
 
@@ -322,16 +322,18 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
 			}
 			break;
 		default:
-			DBG1("PGP packet version V%d not supported", this->version);
+			DBG1(DBG_LIB, "PGP packet version V%d not supported",
+				 this->version);
 			return FALSE;
 	}
 	if (this->valid)
 	{
-		DBG2("L2 - created %T, valid %d days", &this->created, FALSE, this->valid);
+		DBG2(DBG_LIB, "L2 - created %T, valid %d days", &this->created, FALSE,
+			 this->valid);
 	}
 	else
 	{
-		DBG2("L2 - created %T, never expires", &this->created, FALSE);
+		DBG2(DBG_LIB, "L2 - created %T, never expires", &this->created, FALSE);
 	}
 	DESTROY_IF(this->key);
 	this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
@@ -352,13 +354,13 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
 		hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 		if (hasher == NULL)
 		{
-			DBG1("no SHA-1 hasher available");
+			DBG1(DBG_LIB, "no SHA-1 hasher available");
 			return FALSE;
 		}
 		hasher->allocate_hash(hasher, pubkey_packet_header, NULL);
 		hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint);
 		hasher->destroy(hasher);
-		DBG2("L2 - v4 fingerprint %#B", &this->fingerprint);
+		DBG2(DBG_LIB, "L2 - v4 fingerprint %#B", &this->fingerprint);
 	}
 	else
 	{
@@ -369,7 +371,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
 			return FALSE;
 		}
 		this->fingerprint = chunk_clone(this->fingerprint);
-		DBG2("L2 - v3 fingerprint %#B", &this->fingerprint);
+		DBG2(DBG_LIB, "L2 - v3 fingerprint %#B", &this->fingerprint);
 	}
 	return TRUE;
 }
@@ -389,7 +391,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
 	/* we parse only v3 or v4 signature packets */
 	if (version != 3 && version != 4)
 	{
-		DBG2("L2 - v%d signature ignored", version);
+		DBG2(DBG_LIB, "L2 - v%d signature ignored", version);
 		return TRUE;
 	}
 	if (version == 4)
@@ -398,7 +400,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
 		{
 			return FALSE;
 		}
-		DBG2("L2 - v%d signature of type 0x%02x", version, type);
+		DBG2(DBG_LIB, "L2 - v%d signature of type 0x%02x", version, type);
 	}
 	else
 	{
@@ -411,8 +413,8 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
 		{
 			return FALSE;
 		}
-		DBG2("L2 - v3 signature of type 0x%02x, created %T", type,
-												&created, FALSE);
+		DBG2(DBG_LIB, "L2 - v3 signature of type 0x%02x, created %T", type,
+			 &created, FALSE);
 	}
 	/* TODO: parse and save signature to a list */
 	return TRUE;
@@ -425,7 +427,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet)
 {
 	DESTROY_IF(this->user_id);
 	this->user_id = identification_create_from_encoding(ID_KEY_ID, packet);
-	DBG2("L2 - '%Y'", this->user_id);
+	DBG2(DBG_LIB, "L2 - '%Y'", this->user_id);
 	return TRUE;
 }
 
@@ -486,7 +488,7 @@ pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args)
 				}
 				break;
 			default:
-				DBG1("ignoring %N packet in PGP certificate",
+				DBG1(DBG_LIB, "ignoring %N packet in PGP certificate",
 					 pgp_packet_tag_names, tag);
 				break;
 		}
diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c
index 56acac597..d5c3df590 100644
--- a/src/libstrongswan/plugins/pgp/pgp_encoder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c
@@ -31,7 +31,8 @@ static bool build_v3_fingerprint(chunk_t *encoding, va_list args)
 		hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
 		if (!hasher)
 		{
-			DBG1("MD5 hash algorithm not supported, PGP fingerprinting failed");
+			DBG1(DBG_LIB, "MD5 hash algorithm not supported, PGP"
+				 " fingerprinting failed");
 			return FALSE;
 		}
 		/* remove leading zero bytes before hashing modulus and exponent */
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index eabb3695f..3ed1faf01 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -54,7 +54,7 @@ static void destroy(private_pgp_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *pgp_plugin_create()
 {
 	private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t);
 
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.h b/src/libstrongswan/plugins/pgp/pgp_plugin.h
index 95765cd76..8a0ab89d6 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.h
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.h
@@ -39,9 +39,4 @@ struct pgp_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a pgp_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** PGP_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c
index 1658f3232..2d85cc0c8 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.c
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.c
@@ -79,7 +79,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar)
 
 	if (bytes > blob->len)
 	{
-		DBG1("PGP data too short to read %d byte scalar", bytes);
+		DBG1(DBG_LIB, "PGP data too short to read %d byte scalar", bytes);
 		return FALSE;
 	}
 	while (bytes-- > 0)
@@ -100,13 +100,13 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi)
 
 	if (!pgp_read_scalar(blob, 2, &bits))
 	{
-		DBG1("PGP data too short to read MPI length");
+		DBG1(DBG_LIB, "PGP data too short to read MPI length");
 		return FALSE;
 	}
 	bytes = (bits + 7) / 8;
 	if (bytes > blob->len)
 	{
-		DBG1("PGP data too short to read %d byte MPI", bytes);
+		DBG1(DBG_LIB, "PGP data too short to read %d byte MPI", bytes);
 		return FALSE;
 	}
 	*mpi = chunk_create(blob->ptr, bytes);
@@ -146,7 +146,7 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
 
 	if (!blob->len)
 	{
-		DBG1("missing input");
+		DBG1(DBG_LIB, "missing input");
 		return FALSE;
 	}
 	t = blob->ptr[0];
@@ -154,27 +154,27 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
 	/* bit 7 must be set */
 	if (!(t & 0x80))
 	{
-		DBG1("invalid packet tag");
+		DBG1(DBG_LIB, "invalid packet tag");
 		return FALSE;
 	}
 	/* bit 6 set defines new packet format */
 	if (t & 0x40)
 	{
-		DBG1("new PGP packet format not supported");
+		DBG1(DBG_LIB, "new PGP packet format not supported");
 		return FALSE;
 	}
 
 	t = (t & 0x3C) >> 2;
 	if (!pgp_old_packet_length(blob, &len) || len > blob->len)
 	{
-		DBG1("invalid packet length");
+		DBG1(DBG_LIB, "invalid packet length");
 		return FALSE;
 	}
 	*data = chunk_create(blob->ptr, len);
 	*blob = chunk_skip(*blob, len);
 	*tag = t;
-	DBG2("L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
-	DBG3("%B", data);
+	DBG2(DBG_LIB, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
+	DBG3(DBG_LIB, "%B", data);
 	return TRUE;
 }
 
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.am b/src/libstrongswan/plugins/pkcs1/Makefile.am
index 88d25a26b..bd3203dae 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.am
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.am
@@ -3,11 +3,15 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pkcs1.la
+else
 plugin_LTLIBRARIES = libstrongswan-pkcs1.la
+endif
 
-libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \
-  pkcs1_encoder.h pkcs1_encoder.c \
-  pkcs1_builder.h pkcs1_builder.c
+libstrongswan_pkcs1_la_SOURCES = \
+	pkcs1_plugin.h pkcs1_plugin.c \
+	pkcs1_encoder.h pkcs1_encoder.c \
+	pkcs1_builder.h pkcs1_builder.c
 
 libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 4439cd60f..3fdcd0590 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_pkcs1_la_LIBADD =
 am_libstrongswan_pkcs1_la_OBJECTS = pkcs1_plugin.lo pkcs1_encoder.lo \
 	pkcs1_builder.lo
@@ -80,6 +80,9 @@ libstrongswan_pkcs1_la_OBJECTS = $(am_libstrongswan_pkcs1_la_OBJECTS)
 libstrongswan_pkcs1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_pkcs1_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pkcs1_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pkcs1_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,10 +258,12 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pkcs1.la
-libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \
-  pkcs1_encoder.h pkcs1_encoder.c \
-  pkcs1_builder.h pkcs1_builder.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs1.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs1.la
+libstrongswan_pkcs1_la_SOURCES = \
+	pkcs1_plugin.h pkcs1_plugin.c \
+	pkcs1_encoder.h pkcs1_encoder.c \
+	pkcs1_builder.h pkcs1_builder.c
 
 libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -294,6 +300,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-pkcs1.la: $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_DEPENDENCIES) 
-	$(libstrongswan_pkcs1_la_LINK) -rpath $(plugindir) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS)
+	$(libstrongswan_pkcs1_la_LINK) $(am_libstrongswan_pkcs1_la_rpath) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +496,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +568,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index fbd35e830..88c848899 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -81,10 +81,10 @@ static public_key_t *parse_public_key(chunk_t blob)
 					/* skip initial bit string octet defining 0 unused bits */
 					object = chunk_skip(object, 1);
 				}
-				DBG2("-- > --");
+				DBG2(DBG_LIB, "-- > --");
 				key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type,
 										 BUILD_BLOB_ASN1_DER, object, BUILD_END);
-				DBG2("-- < --");
+				DBG2(DBG_LIB, "-- < --");
 				break;
 		}
 	}
@@ -197,7 +197,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
 			case PRIV_KEY_VERSION:
 				if (object.len > 0 && *object.ptr != 0)
 				{
-					DBG1("PKCS#1 private key format is not version 1");
+					DBG1(DBG_LIB, "PKCS#1 private key format is not version 1");
 					goto end;
 				}
 				break;
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
index 62ca9f351..9f251833e 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h
@@ -14,7 +14,7 @@
  */
 
 /**
- * @defgroup pkcs1_public_key pkcs1_public_key
+ * @defgroup pkcs1_builder pkcs1_builder
  * @{ @ingroup pkcs1
  */
 
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
index 0a8da815a..e46062d97 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
@@ -97,7 +97,8 @@ static bool hash_pubkey(chunk_t pubkey, chunk_t *hash)
 	if (hasher == NULL)
 	{
 		chunk_free(&pubkey);
-		DBG1("SHA1 hash algorithm not supported, fingerprinting failed");
+		DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
+			 "fingerprinting failed");
 		return FALSE;
 	}
 	hasher->allocate_hash(hasher, pubkey, hash);
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index 9d71e1388..35ec2d2bf 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -50,7 +50,7 @@ static void destroy(private_pkcs1_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *pkcs1_plugin_create()
 {
 	private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t);
 
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
index 465c7ef2c..588bde559 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h
@@ -39,9 +39,4 @@ struct pkcs1_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a pkcs1_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** PKCS1_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h
index 28c800c0c..6d8a370fb 100644
--- a/src/libstrongswan/plugins/plugin.h
+++ b/src/libstrongswan/plugins/plugin.h
@@ -38,9 +38,9 @@ struct plugin_t {
 /**
  * Plugin constructor function definiton.
  *
- * Each plugin has a constructor functions. This function is called on daemon
+ * Each plugin has a constructor function. This function is called on daemon
  * startup to initialize each plugin.
- * The plugin function is named plugin_create().
+ * The plugin function is named plugin_name_plugin_create().
  *
  * @return				plugin_t instance
  */
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index d4513f25a..cad279a9d 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2010 Tobias Brunner
  * Copyright (C) 2007 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -49,37 +50,83 @@ struct private_plugin_loader_t {
 	linked_list_t *names;
 };
 
+#ifdef MONOLITHIC
+/**
+ * load a single plugin in monolithic mode
+ */
+static plugin_t* load_plugin(private_plugin_loader_t *this,
+							 char *path, char *name)
+{
+	char create[128];
+	plugin_t *plugin;
+	plugin_constructor_t constructor;
+
+	if (snprintf(create, sizeof(create), "%s_plugin_create",
+				 name) >= sizeof(create))
+	{
+		return NULL;
+	}
+	translate(create, "-", "_");
+	constructor = dlsym(RTLD_DEFAULT, create);
+	if (constructor == NULL)
+	{
+		DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name,
+			 create);
+		return NULL;
+	}
+	plugin = constructor();
+	if (plugin == NULL)
+	{
+		DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name,
+			 create);
+		return NULL;
+	}
+	DBG2(DBG_LIB, "plugin '%s': loaded successfully", name);
+
+	return plugin;
+}
+#else
 /**
  * load a single plugin
  */
 static plugin_t* load_plugin(private_plugin_loader_t *this,
 							 char *path, char *name)
 {
+	char create[128];
 	char file[PATH_MAX];
 	void *handle;
 	plugin_t *plugin;
 	plugin_constructor_t constructor;
 
-	snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name);
-
+	if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path,
+				 name) >= sizeof(file) ||
+		snprintf(create, sizeof(create), "%s_plugin_create",
+				 name) >= sizeof(create))
+	{
+		return NULL;
+	}
+	translate(create, "-", "_");
 	if (lib->integrity)
 	{
 		if (!lib->integrity->check_file(lib->integrity, name, file))
 		{
-			DBG1("plugin '%s': failed file integrity test of '%s'", name, file);
+			DBG1(DBG_LIB, "plugin '%s': failed file integrity test of '%s'",
+				 name, file);
 			return NULL;
 		}
 	}
 	handle = dlopen(file, RTLD_LAZY);
 	if (handle == NULL)
 	{
-		DBG1("plugin '%s': failed to load '%s' - %s", name, file, dlerror());
+		DBG1(DBG_LIB, "plugin '%s': failed to load '%s' - %s", name, file,
+			 dlerror());
 		return NULL;
 	}
-	constructor = dlsym(handle, "plugin_create");
+	constructor = dlsym(handle, create);
 	if (constructor == NULL)
 	{
-		DBG1("plugin '%s': failed to load - no plugin_create() function", name);
+		DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name,
+			 create);
 		dlclose(handle);
 		return NULL;
 	}
@@ -87,25 +134,28 @@ static plugin_t* load_plugin(private_plugin_loader_t *this,
 	{
 		if (!lib->integrity->check_segment(lib->integrity, name, constructor))
 		{
-			DBG1("plugin '%s': failed segment integrity test", name);
+			DBG1(DBG_LIB, "plugin '%s': failed segment integrity test", name);
 			dlclose(handle);
 			return NULL;
 		}
-		DBG1("plugin '%s': passed file and segment integrity tests", name);
+		DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests",
+			 name);
 	}
 	plugin = constructor();
 	if (plugin == NULL)
 	{
-		DBG1("plugin '%s': failed to load - plugin_create() returned NULL", name);
+		DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name,
+			 create);
 		dlclose(handle);
 		return NULL;
 	}
-	DBG2("plugin '%s': loaded successfully", name);
+	DBG2(DBG_LIB, "plugin '%s': loaded successfully", name);
 
 	/* we do not store or free dlopen() handles, leak_detective requires
 	 * the modules to keep loaded until leak report */
 	return plugin;
 }
+#endif
 
 /**
  * Implementation of plugin_loader_t.load_plugins.
@@ -116,10 +166,12 @@ static bool load(private_plugin_loader_t *this, char *path, char *list)
 	char *token;
 	bool critical_failed = FALSE;
 
+#ifndef MONOLITHIC
 	if (path == NULL)
 	{
 		path = PLUGINDIR;
 	}
+#endif
 
 	enumerator = enumerator_create_token(list, " ", " ");
 	while (!critical_failed && enumerator->enumerate(enumerator, &token))
@@ -147,7 +199,7 @@ static bool load(private_plugin_loader_t *this, char *path, char *list)
 			if (critical)
 			{
 				critical_failed = TRUE;
-				DBG1("loading critical plugin '%s' failed", token);
+				DBG1(DBG_LIB, "loading critical plugin '%s' failed", token);
 			}
 			free(token);
 		}
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am
index 770d77325..c2974a585 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.am
+++ b/src/libstrongswan/plugins/pubkey/Makefile.am
@@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pubkey.la
+else
 plugin_LTLIBRARIES = libstrongswan-pubkey.la
+endif
 
-libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \
-  pubkey_cert.h pubkey_cert.c
+libstrongswan_pubkey_la_SOURCES = \
+	pubkey_plugin.h pubkey_plugin.c \
+	pubkey_cert.h pubkey_cert.c
 
 libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version
-
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index f95e7b357..5fe3d58f1 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_pubkey_la_LIBADD =
 am_libstrongswan_pubkey_la_OBJECTS = pubkey_plugin.lo pubkey_cert.lo
 libstrongswan_pubkey_la_OBJECTS =  \
@@ -80,6 +80,9 @@ libstrongswan_pubkey_la_OBJECTS =  \
 libstrongswan_pubkey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_pubkey_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pubkey_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pubkey_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,9 +258,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-pubkey.la
-libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \
-  pubkey_cert.h pubkey_cert.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pubkey.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pubkey.la
+libstrongswan_pubkey_la_SOURCES = \
+	pubkey_plugin.h pubkey_plugin.c \
+	pubkey_cert.h pubkey_cert.c
 
 libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -293,6 +299,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +340,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-pubkey.la: $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_DEPENDENCIES) 
-	$(libstrongswan_pubkey_la_LINK) -rpath $(plugindir) $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_LIBADD) $(LIBS)
+	$(libstrongswan_pubkey_la_LINK) $(am_libstrongswan_pubkey_la_rpath) $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -479,8 +494,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -551,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
index ad84eed99..b0eabc9ee 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_pubkey_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *pubkey_plugin_create()
 {
 	private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t);
 
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
index a3fd2f155..db71bddc0 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h
@@ -39,9 +39,4 @@ struct pubkey_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a pubkey_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** PUBKEY_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/Makefile.am b/src/libstrongswan/plugins/random/Makefile.am
index 7c2283ae7..5df992718 100644
--- a/src/libstrongswan/plugins/random/Makefile.am
+++ b/src/libstrongswan/plugins/random/Makefile.am
@@ -5,9 +5,14 @@ AM_CFLAGS = -rdynamic \
 -DDEV_RANDOM=\"${random_device}\" \
 -DDEV_URANDOM=\"${urandom_device}\"
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-random.la
+else
 plugin_LTLIBRARIES = libstrongswan-random.la
+endif
 
-libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \
-  random_rng.c random_rng.h
-libstrongswan_random_la_LDFLAGS = -module -avoid-version
+libstrongswan_random_la_SOURCES = \
+	random_plugin.h random_plugin.c \
+	random_rng.c random_rng.h
 
+libstrongswan_random_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 355ab14bc..27360aa8c 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_random_la_LIBADD =
 am_libstrongswan_random_la_OBJECTS = random_plugin.lo random_rng.lo
 libstrongswan_random_la_OBJECTS =  \
@@ -80,6 +80,9 @@ libstrongswan_random_la_OBJECTS =  \
 libstrongswan_random_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_random_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_random_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_random_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -257,9 +261,11 @@ AM_CFLAGS = -rdynamic \
 -DDEV_RANDOM=\"${random_device}\" \
 -DDEV_URANDOM=\"${urandom_device}\"
 
-plugin_LTLIBRARIES = libstrongswan-random.la
-libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \
-  random_rng.c random_rng.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-random.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-random.la
+libstrongswan_random_la_SOURCES = \
+	random_plugin.h random_plugin.c \
+	random_rng.c random_rng.h
 
 libstrongswan_random_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -296,6 +302,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-random.la: $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_DEPENDENCIES) 
-	$(libstrongswan_random_la_LINK) -rpath $(plugindir) $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_LIBADD) $(LIBS)
+	$(libstrongswan_random_la_LINK) $(am_libstrongswan_random_la_rpath) $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -482,8 +497,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -554,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index df0a8f556..39678ba71 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_random_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *random_plugin_create()
 {
 	private_random_plugin_t *this = malloc_thing(private_random_plugin_t);
 
diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h
index 6ce0f71be..7e22c3e5f 100644
--- a/src/libstrongswan/plugins/random/random_plugin.h
+++ b/src/libstrongswan/plugins/random/random_plugin.h
@@ -39,9 +39,4 @@ struct random_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a random_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** RANDOM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 34f300296..b09f3f57a 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -71,7 +71,7 @@ static void get_bytes(private_random_rng_t *this, size_t bytes,
 		got = read(this->dev, buffer + done, bytes - done);
 		if (got <= 0)
 		{
-			DBG1("reading from \"%s\" failed: %s, retrying...",
+			DBG1(DBG_LIB, "reading from \"%s\" failed: %s, retrying...",
 				 this->file, strerror(errno));
 			close(this->dev);
 			sleep(1);
@@ -124,7 +124,7 @@ random_rng_t *random_rng_create(rng_quality_t quality)
 	this->dev = open(this->file, 0);
 	if (this->dev < 0)
 	{
-		DBG1("opening \"%s\" failed: %s", this->file, strerror(errno));
+		DBG1(DBG_LIB, "opening \"%s\" failed: %s", this->file, strerror(errno));
 		free(this);
 		return NULL;
 	}
diff --git a/src/libstrongswan/plugins/sha1/Makefile.am b/src/libstrongswan/plugins/sha1/Makefile.am
index ead51a45a..4e539fd83 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.am
+++ b/src/libstrongswan/plugins/sha1/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sha1.la
+else
 plugin_LTLIBRARIES = libstrongswan-sha1.la
+endif
 
-libstrongswan_sha1_la_SOURCES = sha1_plugin.h sha1_plugin.c \
+libstrongswan_sha1_la_SOURCES = \
+	sha1_plugin.h sha1_plugin.c \
 	sha1_hasher.c sha1_hasher.h sha1_prf.c sha1_prf.h
-libstrongswan_sha1_la_LDFLAGS = -module -avoid-version
 
+libstrongswan_sha1_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 4f08b882c..dacb5be4b 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_sha1_la_LIBADD =
 am_libstrongswan_sha1_la_OBJECTS = sha1_plugin.lo sha1_hasher.lo \
 	sha1_prf.lo
@@ -80,6 +80,8 @@ libstrongswan_sha1_la_OBJECTS = $(am_libstrongswan_sha1_la_OBJECTS)
 libstrongswan_sha1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_sha1_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sha1_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sha1_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-sha1.la
-libstrongswan_sha1_la_SOURCES = sha1_plugin.h sha1_plugin.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha1.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha1.la
+libstrongswan_sha1_la_SOURCES = \
+	sha1_plugin.h sha1_plugin.c \
 	sha1_hasher.c sha1_hasher.h sha1_prf.c sha1_prf.h
 
 libstrongswan_sha1_la_LDFLAGS = -module -avoid-version
@@ -293,6 +298,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-sha1.la: $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_DEPENDENCIES) 
-	$(libstrongswan_sha1_la_LINK) -rpath $(plugindir) $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_LIBADD) $(LIBS)
+	$(libstrongswan_sha1_la_LINK) $(am_libstrongswan_sha1_la_rpath) $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -480,8 +494,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -552,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c
index a038228da..7b9cf878f 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.c
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c
@@ -47,7 +47,7 @@ static void destroy(private_sha1_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *sha1_plugin_create()
 {
 	private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t);
 
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.h b/src/libstrongswan/plugins/sha1/sha1_plugin.h
index 36b12b91e..cd1ff615d 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.h
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.h
@@ -39,9 +39,4 @@ struct sha1_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a sha1_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** SHA1_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/sha2/Makefile.am b/src/libstrongswan/plugins/sha2/Makefile.am
index 5422e1d4e..a255d0609 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.am
+++ b/src/libstrongswan/plugins/sha2/Makefile.am
@@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sha2.la
+else
 plugin_LTLIBRARIES = libstrongswan-sha2.la
+endif
 
-libstrongswan_sha2_la_SOURCES = sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
-libstrongswan_sha2_la_LDFLAGS = -module -avoid-version
+libstrongswan_sha2_la_SOURCES = \
+	sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
 
+libstrongswan_sha2_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index e4ea58094..6db4374c8 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -72,13 +72,15 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_sha2_la_LIBADD =
 am_libstrongswan_sha2_la_OBJECTS = sha2_plugin.lo sha2_hasher.lo
 libstrongswan_sha2_la_OBJECTS = $(am_libstrongswan_sha2_la_OBJECTS)
 libstrongswan_sha2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_sha2_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sha2_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sha2_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-sha2.la
-libstrongswan_sha2_la_SOURCES = sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha2.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha2.la
+libstrongswan_sha2_la_SOURCES = \
+	sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h
+
 libstrongswan_sha2_la_LDFLAGS = -module -avoid-version
 all: all-am
 
@@ -290,6 +296,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-sha2.la: $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_DEPENDENCIES) 
-	$(libstrongswan_sha2_la_LINK) -rpath $(plugindir) $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_LIBADD) $(LIBS)
+	$(libstrongswan_sha2_la_LINK) $(am_libstrongswan_sha2_la_rpath) $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -476,8 +491,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c
index 90f7cec77..810d9922a 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.c
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_sha2_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *sha2_plugin_create()
 {
 	private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t);
 
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.h b/src/libstrongswan/plugins/sha2/sha2_plugin.h
index b80f7560e..48ee2d94c 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.h
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.h
@@ -39,9 +39,4 @@ struct sha2_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a sha2_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** SHA2_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.am b/src/libstrongswan/plugins/sqlite/Makefile.am
index f26e31294..2e1d9733f 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.am
+++ b/src/libstrongswan/plugins/sqlite/Makefile.am
@@ -3,10 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-sqlite.la
+else
 plugin_LTLIBRARIES = libstrongswan-sqlite.la
+endif
 
-libstrongswan_sqlite_la_SOURCES = sqlite_plugin.h sqlite_plugin.c  \
+libstrongswan_sqlite_la_SOURCES = \
+	sqlite_plugin.h sqlite_plugin.c \
 	sqlite_database.h sqlite_database.c
+
 libstrongswan_sqlite_la_LDFLAGS = -module -avoid-version
-libstrongswan_sqlite_la_LIBADD = -lsqlite3
+libstrongswan_sqlite_la_LIBADD  = -lsqlite3
 
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 831408c9e..cb466ad03 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_sqlite_la_DEPENDENCIES =
 am_libstrongswan_sqlite_la_OBJECTS = sqlite_plugin.lo \
 	sqlite_database.lo
@@ -81,6 +81,9 @@ libstrongswan_sqlite_la_OBJECTS =  \
 libstrongswan_sqlite_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_sqlite_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_sqlite_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_sqlite_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,8 +259,10 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-sqlite.la
-libstrongswan_sqlite_la_SOURCES = sqlite_plugin.h sqlite_plugin.c  \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sqlite.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sqlite.la
+libstrongswan_sqlite_la_SOURCES = \
+	sqlite_plugin.h sqlite_plugin.c \
 	sqlite_database.h sqlite_database.c
 
 libstrongswan_sqlite_la_LDFLAGS = -module -avoid-version
@@ -295,6 +301,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -327,7 +342,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-sqlite.la: $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_DEPENDENCIES) 
-	$(libstrongswan_sqlite_la_LINK) -rpath $(plugindir) $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_LIBADD) $(LIBS)
+	$(libstrongswan_sqlite_la_LINK) $(am_libstrongswan_sqlite_la_rpath) $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +496,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +568,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c
index 721f1a126..3e20dbb51 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_database.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c
@@ -110,11 +110,13 @@ static sqlite3_stmt* run(private_sqlite_database_t *this, char *sql,
 	}
 	else
 	{
-		DBG1("preparing sqlite statement failed: %s", sqlite3_errmsg(this->db));
+		DBG1(DBG_LIB, "preparing sqlite statement failed: %s",
+			 sqlite3_errmsg(this->db));
 	}
 	if (res != SQLITE_OK)
 	{
-		DBG1("binding sqlite statement failed: %s", sqlite3_errmsg(this->db));
+		DBG1(DBG_LIB, "binding sqlite statement failed: %s",
+			 sqlite3_errmsg(this->db));
 		sqlite3_finalize(stmt);
 		return NULL;
 	}
@@ -160,7 +162,7 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...)
 		case SQLITE_ROW:
 			break;
 		default:
-			DBG1("stepping sqlite statement failed: %s",
+			DBG1(DBG_LIB, "stepping sqlite statement failed: %s",
 				 sqlite3_errmsg(this->database->db));
 			/* fall */
 		case SQLITE_DONE:
@@ -203,7 +205,7 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...)
 				break;
 			}
 			default:
-				DBG1("invalid result type supplied");
+				DBG1(DBG_LIB, "invalid result type supplied");
 				return FALSE;
 		}
 	}
@@ -272,7 +274,8 @@ static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...)
 		}
 		else
 		{
-			DBG1("sqlite execute failed: %s", sqlite3_errmsg(this->db));
+			DBG1(DBG_LIB, "sqlite execute failed: %s",
+				 sqlite3_errmsg(this->db));
 		}
 		sqlite3_finalize(stmt);
 	}
@@ -337,7 +340,7 @@ sqlite_database_t *sqlite_database_create(char *uri)
 
 	if (sqlite3_open(file, &this->db) != SQLITE_OK)
 	{
-		DBG1("opening SQLite database '%s' failed: %s",
+		DBG1(DBG_LIB, "opening SQLite database '%s' failed: %s",
 			 file, sqlite3_errmsg(this->db));
 		destroy(this);
 		return NULL;
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
index 955402bf9..332d82318 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
@@ -44,7 +44,7 @@ static void destroy(private_sqlite_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *sqlite_plugin_create()
 {
 	private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t);
 
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
index 82735a311..dbc461cf4 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h
@@ -39,9 +39,4 @@ struct sqlite_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a sqlite_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** SQLITE_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 6028805c4..6d3b05d19 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -3,7 +3,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-test-vectors.la
+else
 plugin_LTLIBRARIES = libstrongswan-test-vectors.la
+endif
 
 libstrongswan_test_vectors_la_SOURCES = \
 	test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
@@ -29,5 +33,5 @@ libstrongswan_test_vectors_la_SOURCES = \
 	test_vectors/sha2_hmac.c \
 	test_vectors/fips_prf.c \
 	test_vectors/rng.c
-libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version
 
+libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index a8674d282..dbe62c056 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_test_vectors_la_LIBADD =
 am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
 	3des_cbc.lo aes_cbc.lo aes_xcbc.lo blowfish.lo camellia_cbc.lo \
@@ -85,6 +85,9 @@ libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_test_vectors_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_test_vectors_la_rpath = -rpath \
+@MONOLITHIC_FALSE@	$(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_test_vectors_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -223,6 +226,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -259,7 +263,8 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-test-vectors.la
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-test-vectors.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-test-vectors.la
 libstrongswan_test_vectors_la_SOURCES = \
 	test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
 	test_vectors/3des_cbc.c \
@@ -320,6 +325,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -352,7 +366,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-test-vectors.la: $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_DEPENDENCIES) 
-	$(libstrongswan_test_vectors_la_LINK) -rpath $(plugindir) $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_LIBADD) $(LIBS)
+	$(libstrongswan_test_vectors_la_LINK) $(am_libstrongswan_test_vectors_la_rpath) $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -681,8 +695,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -753,18 +767,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
index 4dc1cc174..18e0c9278 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
@@ -44,7 +44,7 @@ static bool test_monobit(monobit_t *param, chunk_t data)
 			}
 		}
 	}
-	DBG2("  Monobit: %d/%d bits set", bits, data.len * 8);
+	DBG2(DBG_LIB, "  Monobit: %d/%d bits set", bits, data.len * 8);
 	if (bits > param->lower && bits < param->upper)
 	{
 		return TRUE;
@@ -101,7 +101,7 @@ static bool test_poker(poker_t *param, chunk_t data)
 		sum += (counter[i] * counter[i]) / 5000.0 * 16.0;
 	}
 	sum -= 5000.0;
-	DBG2("  Poker: %f", sum);
+	DBG2(DBG_LIB, "  Poker: %f", sum);
 	if (sum > param->lower && sum < param->upper)
 	{
 		return TRUE;
@@ -190,7 +190,7 @@ static bool test_runs(runs_t *param, chunk_t data)
 		}
 	}
 
-	DBG2("  Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, "
+	DBG2(DBG_LIB, "  Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, "
 		 "longruns: %d",
 		 zero_runs[1], zero_runs[2], zero_runs[3],
 		 zero_runs[4], zero_runs[5], zero_runs[6],
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
index 7ad8c3c73..234d237f3 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -104,7 +104,7 @@ static void destroy(private_test_vectors_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *test_vectors_plugin_create()
 {
 	private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t);
 	int i;
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
index 9cb959c88..661529295 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
@@ -39,9 +39,4 @@ struct test_vectors_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a test_vectors_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** TEST_VECTORS_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am
index 853b1cebc..4b50d78dc 100644
--- a/src/libstrongswan/plugins/x509/Makefile.am
+++ b/src/libstrongswan/plugins/x509/Makefile.am
@@ -3,14 +3,19 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-x509.la
+else
 plugin_LTLIBRARIES = libstrongswan-x509.la
+endif
 
-libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \
-  x509_cert.h x509_cert.c \
-  x509_crl.h x509_crl.c \
-  x509_ac.h x509_ac.c \
-  x509_pkcs10.h x509_pkcs10.c \
-  x509_ocsp_request.h x509_ocsp_request.c \
-  x509_ocsp_response.h x509_ocsp_response.c
-libstrongswan_x509_la_LDFLAGS = -module -avoid-version
+libstrongswan_x509_la_SOURCES = \
+	x509_plugin.h x509_plugin.c \
+	x509_cert.h x509_cert.c \
+	x509_crl.h x509_crl.c \
+	x509_ac.h x509_ac.c \
+	x509_pkcs10.h x509_pkcs10.c \
+	x509_ocsp_request.h x509_ocsp_request.c \
+	x509_ocsp_response.h x509_ocsp_response.c
 
+libstrongswan_x509_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 428643254..2bee453cd 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_x509_la_LIBADD =
 am_libstrongswan_x509_la_OBJECTS = x509_plugin.lo x509_cert.lo \
 	x509_crl.lo x509_ac.lo x509_pkcs10.lo x509_ocsp_request.lo \
@@ -81,6 +81,8 @@ libstrongswan_x509_la_OBJECTS = $(am_libstrongswan_x509_la_OBJECTS)
 libstrongswan_x509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_x509_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_x509_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_x509_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -219,6 +221,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -255,14 +258,16 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-x509.la
-libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \
-  x509_cert.h x509_cert.c \
-  x509_crl.h x509_crl.c \
-  x509_ac.h x509_ac.c \
-  x509_pkcs10.h x509_pkcs10.c \
-  x509_ocsp_request.h x509_ocsp_request.c \
-  x509_ocsp_response.h x509_ocsp_response.c
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-x509.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-x509.la
+libstrongswan_x509_la_SOURCES = \
+	x509_plugin.h x509_plugin.c \
+	x509_cert.h x509_cert.c \
+	x509_crl.h x509_crl.c \
+	x509_ac.h x509_ac.c \
+	x509_pkcs10.h x509_pkcs10.c \
+	x509_ocsp_request.h x509_ocsp_request.c \
+	x509_ocsp_response.h x509_ocsp_response.c
 
 libstrongswan_x509_la_LDFLAGS = -module -avoid-version
 all: all-am
@@ -299,6 +304,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -331,7 +345,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-x509.la: $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_DEPENDENCIES) 
-	$(libstrongswan_x509_la_LINK) -rpath $(plugindir) $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_LIBADD) $(LIBS)
+	$(libstrongswan_x509_la_LINK) $(am_libstrongswan_x509_la_rpath) $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -490,8 +504,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -562,18 +576,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 79ff80933..95e72789e 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -192,7 +192,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
 			}
 			else
 			{
-				DBG1("more than one directory name - first selected");
+				DBG1(DBG_LIB, "more than one directory name - first selected");
 				directoryName->destroy(directoryName);
 			}
 		}
@@ -200,7 +200,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
 	}
 	else
 	{
-		DBG1("no directoryName found");
+		DBG1(DBG_LIB, "no directoryName found");
 	}
 
 	list->destroy(list);
@@ -359,10 +359,11 @@ static bool parse_certificate(private_x509_ac_t *this)
 				break;
 			case AC_OBJ_VERSION:
 				this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1;
-				DBG2("  v%d", this->version);
+				DBG2(DBG_LIB, "  v%d", this->version);
 				if (this->version != 2)
 				{
-					DBG1("v%d attribute certificates are not supported", this->version);
+					DBG1(DBG_LIB, "v%d attribute certificates are not "
+						 "supported", this->version);
 					goto end;
 				}
 				break;
@@ -407,20 +408,20 @@ static bool parse_certificate(private_x509_ac_t *this)
 				switch (type)
 				{
 					case OID_AUTHENTICATION_INFO:
-						DBG2("  need to parse authenticationInfo");
+						DBG2(DBG_LIB, "  need to parse authenticationInfo");
 						break;
 					case OID_ACCESS_IDENTITY:
-						DBG2("  need to parse accessIdentity");
+						DBG2(DBG_LIB, "  need to parse accessIdentity");
 						break;
 					case OID_CHARGING_IDENTITY:
-						DBG2("-- > --");
+						DBG2(DBG_LIB, "-- > --");
 						this->charging = ietf_attributes_create_from_encoding(object);
-						DBG2("-- < --");
+						DBG2(DBG_LIB, "-- < --");
 						break;
 					case OID_GROUP:
-						DBG2("-- > --");
+						DBG2(DBG_LIB, "-- > --");
 						this->groups = ietf_attributes_create_from_encoding(object);
-						DBG2("-- < --");
+						DBG2(DBG_LIB, "-- < --");
 						break;
 					case OID_ROLE:
 						parse_roleSyntax(object, level);
@@ -435,21 +436,21 @@ static bool parse_certificate(private_x509_ac_t *this)
 				break;
 			case AC_OBJ_CRITICAL:
 				critical = object.len && *object.ptr;
-				DBG2("  %s",(critical)?"TRUE":"FALSE");
+				DBG2(DBG_LIB, "  %s",(critical)?"TRUE":"FALSE");
 				break;
 			case AC_OBJ_EXTN_VALUE:
 			{
 				switch (extn_oid)
 				{
 					case OID_CRL_DISTRIBUTION_POINTS:
-						DBG2("  need to parse crlDistributionPoints");
+						DBG2(DBG_LIB, "  need to parse crlDistributionPoints");
 						break;
 					case OID_AUTHORITY_KEY_ID:
 						this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object,
 													level, &this->authKeySerialNumber);
 						break;
 					case OID_TARGET_INFORMATION:
-						DBG2("  need to parse targetInformation");
+						DBG2(DBG_LIB, "  need to parse targetInformation");
 						break;
 					case OID_NO_REV_AVAIL:
 						this->noRevAvail = TRUE;
@@ -464,7 +465,7 @@ static bool parse_certificate(private_x509_ac_t *this)
 																 NULL);
 				if (this->algorithm != sig_alg)
 				{
-					DBG1("  signature algorithms do not agree");
+					DBG1(DBG_LIB, "  signature algorithms do not agree");
 					success = FALSE;
 					goto end;
 				}
@@ -824,9 +825,9 @@ static bool is_newer(private_x509_ac_t *this, ac_t *that)
 	this_cert->get_validity(this_cert, &now, &this_update, NULL);
 	that_cert->get_validity(that_cert, &now, &that_update, NULL);
 	new = this_update > that_update;
-	DBG1("  attr cert from %T is %s - existing attr cert from %T %s",
-			&this_update, FALSE, new ? "newer":"not newer",
-			&that_update, FALSE, new ? "replaced":"retained");
+	DBG1(DBG_LIB, "  attr cert from %T is %s - existing attr cert from %T %s",
+		 &this_update, FALSE, new ? "newer":"not newer",
+		 &that_update, FALSE, new ? "replaced":"retained");
 	return new;
 }
 
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 3b729236e..bdbaa8d4a 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -219,7 +219,7 @@ static void parse_basicConstraints(chunk_t blob, int level0,
 		{
 			case BASIC_CONSTRAINTS_CA:
 				isCA = object.len && *object.ptr;
-				DBG2("  %s", isCA ? "TRUE" : "FALSE");
+				DBG2(DBG_LIB, "  %s", isCA ? "TRUE" : "FALSE");
 				if (isCA)
 				{
 					this->flags |= X509_CA;
@@ -383,7 +383,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
 		if (id_type != ID_ANY)
 		{
 			gn = identification_create_from_encoding(id_type, object);
-			DBG2("  '%Y'", gn);
+			DBG2(DBG_LIB, "  '%Y'", gn);
 			goto end;
 		}
 	}
@@ -539,7 +539,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
 								/* parsing went wrong - abort */
 								goto end;
 							}
-							DBG2("  '%Y'", id);
+							DBG2(DBG_LIB, "  '%Y'", id);
 							if (accessMethod == OID_OCSP &&
 								asprintf(&uri, "%Y", id) > 0)
 							{
@@ -704,34 +704,36 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object)
 		case TS_IPV4_ADDR_RANGE:
 			if (object.len > 5)
 			{
-				DBG1("IPv4 address object is larger than 5 octets");
+				DBG1(DBG_LIB, "IPv4 address object is larger than 5 octets");
 				return FALSE;
 			}
 			break;
 		case TS_IPV6_ADDR_RANGE:
 			if (object.len > 17)
 			{
-				DBG1("IPv6 address object is larger than 17 octets");
+				DBG1(DBG_LIB, "IPv6 address object is larger than 17 octets");
 				return FALSE;
 			}
 			break;
 		default:
-			DBG1("unknown address family");
+			DBG1(DBG_LIB, "unknown address family");
 			return FALSE;
 	}
 	if (object.len == 0)
 	{
-		DBG1("An ASN.1 bit string must contain at least the initial octet");
+		DBG1(DBG_LIB, "An ASN.1 bit string must contain at least the "
+			 "initial octet");
 		return FALSE;
 	}
 	if (object.len == 1 && object.ptr[0] != 0)
 	{
-		DBG1("An empty ASN.1 bit string must contain a zero initial octet");
+		DBG1(DBG_LIB, "An empty ASN.1 bit string must contain a zero "
+			 "initial octet");
 		return FALSE;
 	}
 	if (object.ptr[0] > 7)
 	{
-		DBG1("number of unused bits is too large");
+		DBG1(DBG_LIB, "number of unused bits is too large");
 		return FALSE;
 	}
 	return TRUE;
@@ -769,11 +771,11 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
 					{
 						break;
 					}
-					DBG2("  %N", ts_type_name, ts_type);
+					DBG2(DBG_LIB, "  %N", ts_type_name, ts_type);
 				}
 				break;
 			case IP_ADDR_BLOCKS_INHERIT:
-				DBG1("inherit choice is not supported");
+				DBG1(DBG_LIB, "inherit choice is not supported");
 				break;
 			case IP_ADDR_BLOCKS_PREFIX:
 				if (!check_address_object(ts_type, object))
@@ -782,7 +784,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
 				}
 				ts = traffic_selector_create_from_rfc3779_format(ts_type,
 													object, object);
-				DBG2("  %R", ts);
+				DBG2(DBG_LIB, "  %R", ts);
 				this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
 				break;
 			case IP_ADDR_BLOCKS_MIN:
@@ -799,7 +801,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
 				}
 				ts = traffic_selector_create_from_rfc3779_format(ts_type,
 													min_object, object);
-				DBG2("  %R", ts);
+				DBG2(DBG_LIB, "  %R", ts);
 				this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
 				break;
 			default:
@@ -893,12 +895,12 @@ static bool parse_certificate(private_x509_cert_t *this)
 				this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
 				if (this->version < 1 || this->version > 3)
 				{
-					DBG1("X.509v%d not supported", this->version);
+					DBG1(DBG_LIB, "X.509v%d not supported", this->version);
 					goto end;
 				}
 				else
 				{
-					DBG2("  X.509v%d", this->version);
+					DBG2(DBG_LIB, "  X.509v%d", this->version);
 				}
 				break;
 			case X509_OBJ_SERIAL_NUMBER:
@@ -909,7 +911,7 @@ static bool parse_certificate(private_x509_cert_t *this)
 				break;
 			case X509_OBJ_ISSUER:
 				this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-				DBG2("  '%Y'", this->issuer);
+				DBG2(DBG_LIB, "  '%Y'", this->issuer);
 				break;
 			case X509_OBJ_NOT_BEFORE:
 				this->notBefore = asn1_parse_time(object, level);
@@ -919,13 +921,13 @@ static bool parse_certificate(private_x509_cert_t *this)
 				break;
 			case X509_OBJ_SUBJECT:
 				this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-				DBG2("  '%Y'", this->subject);
+				DBG2(DBG_LIB, "  '%Y'", this->subject);
 				break;
 			case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
-				DBG2("-- > --");
+				DBG2(DBG_LIB, "-- > --");
 				this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
 						KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
-				DBG2("-- < --");
+				DBG2(DBG_LIB, "-- < --");
 				if (this->public_key == NULL)
 				{
 					goto end;
@@ -934,7 +936,7 @@ static bool parse_certificate(private_x509_cert_t *this)
 			case X509_OBJ_OPTIONAL_EXTENSIONS:
 				if (this->version != 3)
 				{
-					DBG1("Only X.509v3 certificates have extensions");
+					DBG1(DBG_LIB, "Only X.509v3 certificates have extensions");
 					goto end;
 				}
 				break;
@@ -943,7 +945,7 @@ static bool parse_certificate(private_x509_cert_t *this)
 				break;
 			case X509_OBJ_CRITICAL:
 				critical = object.len && *object.ptr;
-				DBG2("  %s", critical ? "TRUE" : "FALSE");
+				DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
 				break;
 			case X509_OBJ_EXTN_VALUE:
 			{
@@ -974,6 +976,9 @@ static bool parse_certificate(private_x509_cert_t *this)
 					case OID_AUTHORITY_INFO_ACCESS:
 						parse_authorityInfoAccess(object, level, this);
 						break;
+					case OID_KEY_USAGE:
+						/* TODO parse the flags */
+						break;
 					case OID_EXTENDED_KEY_USAGE:
 						parse_extendedKeyUsage(object, level, this);
 						break;
@@ -994,7 +999,7 @@ static bool parse_certificate(private_x509_cert_t *this)
 						if (critical && lib->settings->get_bool(lib->settings,
 							"libstrongswan.plugins.x509.enforce_critical", FALSE))
 						{
-							DBG1("critical %s extension not supported",
+							DBG1(DBG_LIB, "critical %s extension not supported",
 								 (extn_oid == OID_UNKNOWN) ? "unknown" :
 								 (char*)oid_names[extn_oid].name);
 							goto end;
@@ -1007,7 +1012,7 @@ static bool parse_certificate(private_x509_cert_t *this)
 				this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
 				if (this->algorithm != sig_alg)
 				{
-					DBG1("  signature algorithms do not agree");
+					DBG1(DBG_LIB, "  signature algorithms do not agree");
 					goto end;
 				}
 				break;
@@ -1035,7 +1040,7 @@ end:
 		hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 		if (hasher == NULL)
 		{
-			DBG1("  unable to create hash of certificate, SHA1 not supported");
+			DBG1(DBG_LIB, "  unable to create hash of certificate, SHA1 not supported");
 			return NULL;
 		}
 		hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
@@ -1214,9 +1219,9 @@ static bool is_newer(certificate_t *this, certificate_t *that)
 	this->get_validity(this, &now, &this_update, NULL);
 	that->get_validity(that, &now, &that_update, NULL);
 	new = this_update > that_update;
-	DBG1("  certificate from %T is %s - existing certificate from %T %s",
-				&this_update, FALSE, new ? "newer":"not newer",
-				&that_update, FALSE, new ? "replaced":"retained");
+	DBG1(DBG_LIB, "  certificate from %T is %s - existing certificate "
+		 "from %T %s", &this_update, FALSE, new ? "newer":"not newer",
+		 &that_update, FALSE, new ? "replaced":"retained");
 	return new;
 }
 
@@ -1453,7 +1458,7 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list)
 				context = ASN1_CONTEXT_S_7;
 				break;
 			default:
-				DBG1("encoding %N as subjectAltName not supported",
+				DBG1(DBG_LIB, "encoding %N as subjectAltName not supported",
 					 id_type_names, id->get_type(id));
 				enumerator->destroy(enumerator);
 				free(subjectAltNames.ptr);
@@ -1481,7 +1486,9 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
 	chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty;
 	chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty;
 	chunk_t ocspSigning = chunk_empty;
-	chunk_t basicConstraints = chunk_empty, subjectAltNames = chunk_empty;
+	chunk_t basicConstraints = chunk_empty;
+	chunk_t keyUsage = chunk_empty;
+	chunk_t subjectAltNames = chunk_empty;
 	chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty;
 	chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty;
 	identification_t *issuer, *subject;
@@ -1583,7 +1590,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
 						asn1_wrap(ASN1_SEQUENCE, "m", authorityInfoAccess)));
 	}
 
-	/* build CA basicConstraint for CA certificates */
+	/* build CA basicConstraint and keyUsage flags for CA certificates */
 	if (cert->flags & X509_CA)
 	{
 		chunk_t pathLenConstraint = chunk_empty;
@@ -1603,6 +1610,13 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
 											asn1_wrap(ASN1_BOOLEAN, "c",
 												chunk_from_chars(0xFF)),
 											pathLenConstraint)));
+		keyUsage = asn1_wrap(ASN1_SEQUENCE, "mmm",
+								asn1_build_known_oid(OID_KEY_USAGE),
+								asn1_wrap(ASN1_BOOLEAN, "c",
+									chunk_from_chars(0xFF)),
+								asn1_wrap(ASN1_OCTET_STRING, "m",
+										asn1_wrap(ASN1_BIT_STRING, "c",
+												chunk_from_chars(0x01, 0x06))));
 	}
 
 	/* add serverAuth extendedKeyUsage flag */
@@ -1663,8 +1677,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
 		crlDistributionPoints.ptr)
 	{
 		extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m",
-						asn1_wrap(ASN1_SEQUENCE, "mmmmmmm",
-							basicConstraints, subjectKeyIdentifier,
+						asn1_wrap(ASN1_SEQUENCE, "mmmmmmmm",
+							basicConstraints, keyUsage, subjectKeyIdentifier,
 							authKeyIdentifier, subjectAltNames,
 							extendedKeyUsage, crlDistributionPoints,
 							authorityInfoAccess));
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index b9ef3218b..c755d7f63 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -216,14 +216,14 @@ static bool parse(private_x509_crl_t *this)
 				break;
 			case CRL_OBJ_VERSION:
 				this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
-				DBG2("  v%d", this->version);
+				DBG2(DBG_LIB, "  v%d", this->version);
 				break;
 			case CRL_OBJ_SIG_ALG:
 				sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
 				break;
 			case CRL_OBJ_ISSUER:
 				this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-				DBG2("  '%Y'", this->issuer);
+				DBG2(DBG_LIB, "  '%Y'", this->issuer);
 				break;
 			case CRL_OBJ_THIS_UPDATE:
 				this->thisUpdate = asn1_parse_time(object, level);
@@ -248,7 +248,7 @@ static bool parse(private_x509_crl_t *this)
 			case CRL_OBJ_CRL_ENTRY_CRITICAL:
 			case CRL_OBJ_CRITICAL:
 				critical = object.len && *object.ptr;
-				DBG2("  %s", critical ? "TRUE" : "FALSE");
+				DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
 				break;
 			case CRL_OBJ_CRL_ENTRY_EXTN_VALUE:
 			case CRL_OBJ_EXTN_VALUE:
@@ -262,7 +262,8 @@ static bool parse(private_x509_crl_t *this)
 						{
 							revoked->reason = *object.ptr;
 						}
-						DBG2("  '%N'", crl_reason_names, revoked->reason);
+						DBG2(DBG_LIB, "  '%N'", crl_reason_names,
+							 revoked->reason);
 					}
 					else if (extn_oid == OID_AUTHORITY_KEY_ID)
 					{
@@ -286,7 +287,7 @@ static bool parse(private_x509_crl_t *this)
 				this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
 				if (this->algorithm != sig_alg)
 				{
-					DBG1("  signature algorithms do not agree");
+					DBG1(DBG_LIB, "  signature algorithms do not agree");
 					goto end;
 				}
 				break;
@@ -483,7 +484,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that)
 	if (this->crlNumber.ptr != NULL && that_crlNumber.ptr != NULL)
 	{
 		new = chunk_compare(this->crlNumber, that_crlNumber) > 0;
-		DBG1("  crl #%#B is %s - existing crl #%#B %s",
+		DBG1(DBG_LIB, "  crl #%#B is %s - existing crl #%#B %s",
 				&this->crlNumber, new ? "newer":"not newer",
 				&that_crlNumber,  new ? "replaced":"retained");
 	}
@@ -497,7 +498,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that)
 		this_cert->get_validity(this_cert, &now, &this_update, NULL);
 		that_cert->get_validity(that_cert, &now, &that_update, NULL);
 		new = this_update > that_update;
-		DBG1("  crl from %T is %s - existing crl from %T %s",
+		DBG1(DBG_LIB, "  crl from %T is %s - existing crl from %T %s",
 				&this_update, FALSE, new ? "newer":"not newer",
 				&that_update, FALSE, new ? "replaced":"retained");
 	}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index f86f87751..c835d5dc8 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -179,13 +179,14 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
 		}
 		else
 		{
-			DBG1("creating OCSP request failed, SHA1 not supported");
+			DBG1(DBG_LIB, "creating OCSP request failed, SHA1 not supported");
 		}
 		public->destroy(public);
 	}
 	else
 	{
-		DBG1("creating OCSP request failed, CA certificate has no public key");
+		DBG1(DBG_LIB, "creating OCSP request failed, CA certificate has "
+			 "no public key");
 	}
 	return asn1_wrap(ASN1_SEQUENCE, "m", list);
 }
@@ -205,7 +206,7 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
 		return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
 					asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
 	}
-	DBG1("creating OCSP request nonce failed, no RNG found");
+	DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found");
 	return chunk_empty;
 }
 
@@ -263,14 +264,14 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this,
 			scheme = SIGN_ECDSA_WITH_SHA1_DER;
 			break;
 		default:
-			DBG1("unable to sign OCSP request, %N signature not supported",
-				 key_type_names, this->key->get_type(this->key));
+			DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not "
+				 "supported", key_type_names, this->key->get_type(this->key));
 			return chunk_empty;
 	}
 
 	if (!this->key->sign(this->key, scheme, tbsRequest, &signature))
 	{
-		DBG1("creating OCSP signature failed, skipped");
+		DBG1(DBG_LIB, "creating OCSP signature failed, skipped");
 		return chunk_empty;
 	}
 	if (this->cert)
@@ -378,7 +379,7 @@ static id_match_t has_issuer(private_x509_ocsp_request_t *this,
  */
 static bool issued_by(private_x509_ocsp_request_t *this, certificate_t *issuer)
 {
-	DBG1("OCSP request validation not implemented!");
+	DBG1(DBG_LIB, "OCSP request validation not implemented!");
 	return FALSE;
 }
 
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 948d7ad85..c70d461df 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -509,7 +509,8 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
 
 				if (version != OCSP_BASIC_RESPONSE_VERSION)
 				{
-					DBG1("  ocsp ResponseData version %d not supported", version);
+					DBG1(DBG_LIB, "  ocsp ResponseData version %d not "
+						 "supported", version);
 					goto end;
 				}
 				break;
@@ -517,12 +518,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
 			case BASIC_RESPONSE_ID_BY_NAME:
 				this->responderId = identification_create_from_encoding(
 													ID_DER_ASN1_DN, object);
-				DBG2("  '%Y'", this->responderId);
+				DBG2(DBG_LIB, "  '%Y'", this->responderId);
 				break;
 			case BASIC_RESPONSE_ID_BY_KEY:
 				this->responderId = identification_create_from_encoding(
 													ID_KEY_ID, object);
-				DBG2("  '%Y'", this->responderId);
+				DBG2(DBG_LIB, "  '%Y'", this->responderId);
 				break;
 			case BASIC_RESPONSE_PRODUCED_AT:
 				this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME);
@@ -536,7 +537,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
 				break;
 			case BASIC_RESPONSE_CRITICAL:
 				critical = object.len && *object.ptr;
-				DBG2("  %s", critical ? "TRUE" : "FALSE");
+				DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
 				break;
 			case BASIC_RESPONSE_EXT_VALUE:
 				if (extn_oid == OID_NONCE)
@@ -622,7 +623,7 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this)
 					case OCSP_SUCCESSFUL:
 						break;
 					default:
-						DBG1("  ocsp response status: %N",
+						DBG1(DBG_LIB, "  ocsp response status: %N",
 							 ocsp_status_names, status);
 						goto end;
 				}
@@ -638,7 +639,8 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this)
 												parser->get_level(parser)+1);
 						break;
 					default:
-						DBG1("  ocsp response type %#B not supported", &object);
+						DBG1(DBG_LIB, "  ocsp response type %#B not supported",
+							 &object);
 						goto end;
 				}
 				break;
@@ -772,9 +774,9 @@ static bool is_newer(certificate_t *this, certificate_t *that)
 	this->get_validity(this, &now, &this_update, NULL);
 	that->get_validity(that, &now, &that_update, NULL);
 	new = this_update > that_update;
-	DBG1("  ocsp response from %T is %s - existing ocsp response from %T %s",
-				&this_update, FALSE, new ? "newer":"not newer",
-				&that_update, FALSE, new ? "replaced":"retained");
+	DBG1(DBG_LIB, "  ocsp response from %T is %s - existing ocsp response "
+		 "from %T %s", &this_update, FALSE, new ? "newer" : "not newer",
+		 &that_update, FALSE, new ? "replaced" : "retained");
 	return new;
 }
 
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index 6d750c98c..1009ec931 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -297,7 +297,7 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i
 				break;
 			case PKCS10_EXTN_CRITICAL:
 				critical = object.len && *object.ptr;
-				DBG2("  %s", critical ? "TRUE" : "FALSE");
+				DBG2(DBG_LIB, "  %s", critical ? "TRUE" : "FALSE");
 				break;
 			case PKCS10_EXTN_VALUE:
 			{
@@ -330,25 +330,25 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i
 
 	if (blob.len < 2)
 	{
-		DBG1("L%d - challengePassword:  ASN.1 object smaller than 2 octets",
-					level);
+		DBG1(DBG_LIB, "L%d - challengePassword:  ASN.1 object smaller "
+			 "than 2 octets", level);
 		return FALSE;
 	}
 	tag = *blob.ptr;
 	if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING)
 	{
-		DBG1("L%d - challengePassword:  ASN.1 object is not a character string",
-					level);
+		DBG1(DBG_LIB, "L%d - challengePassword:  ASN.1 object is not "
+			 "a character string", level);
 		return FALSE;
 	}
 	if (asn1_length(&blob) == ASN1_INVALID_LENGTH)
 	{
-		DBG1("L%d - challengePassword:  ASN.1 object has an invalid length",
-					level);
+		DBG1(DBG_LIB, "L%d - challengePassword:  ASN.1 object has an "
+			 "invalid length", level);
 		return FALSE;
-	}		
-	DBG2("L%d - challengePassword:", level);
-	DBG4("  '%.*s'", blob.len, blob.ptr);
+	}
+	DBG2(DBG_LIB, "L%d - challengePassword:", level);
+	DBG4(DBG_LIB, "  '%.*s'", blob.len, blob.ptr);
 	return TRUE;
 }
 
@@ -406,13 +406,14 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this)
 			case PKCS10_VERSION:
 				if (object.len > 0 && *object.ptr != 0)
 				{
-					DBG1("PKCS#10 certificate request format is not version 1");
+					DBG1(DBG_LIB, "PKCS#10 certificate request format is "
+						 "not version 1");
 					goto end;
 				}
 				break;
 			case PKCS10_SUBJECT:
 				this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
-				DBG2("  '%Y'", this->subject);
+				DBG2(DBG_LIB, "  '%Y'", this->subject);
 				break;
 			case PKCS10_SUBJECT_PUBLIC_KEY_INFO:
 				this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
@@ -467,7 +468,7 @@ end:
 		}
 		else
 		{
-			DBG1("certificate request is not self-signed");
+			DBG1(DBG_LIB, "certificate request is not self-signed");
 			success = FALSE;
 		}
 	}
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 94c49b1e1..e71c55efc 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -65,7 +65,7 @@ static void destroy(private_x509_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *x509_plugin_create()
 {
 	private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t);
 
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.h b/src/libstrongswan/plugins/x509/x509_plugin.h
index fe8c0b31f..e3f959ffa 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.h
+++ b/src/libstrongswan/plugins/x509/x509_plugin.h
@@ -39,9 +39,4 @@ struct x509_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a x509_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** X509_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.am b/src/libstrongswan/plugins/xcbc/Makefile.am
index 515b75031..7de306832 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.am
+++ b/src/libstrongswan/plugins/xcbc/Makefile.am
@@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
 AM_CFLAGS = -rdynamic
 
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-xcbc.la
+else
 plugin_LTLIBRARIES = libstrongswan-xcbc.la
+endif
 
-libstrongswan_xcbc_la_SOURCES = xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
+libstrongswan_xcbc_la_SOURCES = \
+	xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
 	xcbc_prf.h xcbc_prf.c xcbc_signer.h xcbc_signer.c
-libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
 
+libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 3720aeaeb..c49e2b76a 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -72,7 +72,7 @@ am__base_list = \
   sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
   sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
 am__installdirs = "$(DESTDIR)$(plugindir)"
-LTLIBRARIES = $(plugin_LTLIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
 libstrongswan_xcbc_la_LIBADD =
 am_libstrongswan_xcbc_la_OBJECTS = xcbc_plugin.lo xcbc.lo xcbc_prf.lo \
 	xcbc_signer.lo
@@ -80,6 +80,8 @@ libstrongswan_xcbc_la_OBJECTS = $(am_libstrongswan_xcbc_la_OBJECTS)
 libstrongswan_xcbc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(libstrongswan_xcbc_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_xcbc_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_xcbc_la_rpath =
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = -rdynamic
-plugin_LTLIBRARIES = libstrongswan-xcbc.la
-libstrongswan_xcbc_la_SOURCES = xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-xcbc.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-xcbc.la
+libstrongswan_xcbc_la_SOURCES = \
+	xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \
 	xcbc_prf.h xcbc_prf.c xcbc_signer.h xcbc_signer.c
 
 libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version
@@ -293,6 +298,15 @@ $(top_srcdir)/configure:  $(am__configure_deps)
 $(ACLOCAL_M4):  $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+	-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+	@list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
 install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
 	test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
@@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES:
 	  rm -f "$${dir}/so_locations"; \
 	done
 libstrongswan-xcbc.la: $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_DEPENDENCIES) 
-	$(libstrongswan_xcbc_la_LINK) -rpath $(plugindir) $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_LIBADD) $(LIBS)
+	$(libstrongswan_xcbc_la_LINK) $(am_libstrongswan_xcbc_la_rpath) $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_LIBADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -481,8 +495,8 @@ maintainer-clean-generic:
 	@echo "it deletes files that may require special tools to rebuild."
 clean: clean-am
 
-clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
-	mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+	clean-pluginLTLIBRARIES mostlyclean-am
 
 distclean: distclean-am
 	-rm -rf ./$(DEPDIR)
@@ -553,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES
 .MAKE: install-am install-strip
 
 .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
-	clean-libtool clean-pluginLTLIBRARIES ctags distclean \
-	distclean-compile distclean-generic distclean-libtool \
-	distclean-tags distdir dvi dvi-am html html-am info info-am \
-	install install-am install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-pluginLTLIBRARIES \
-	install-ps install-ps-am install-strip installcheck \
-	installcheck-am installdirs maintainer-clean \
-	maintainer-clean-generic mostlyclean mostlyclean-compile \
-	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
-	tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+	clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+	ctags distclean distclean-compile distclean-generic \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-pluginLTLIBRARIES install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-pluginLTLIBRARIES
 
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 3eb7f0927..9d903bfaa 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -47,7 +47,7 @@ static void destroy(private_xcbc_plugin_t *this)
 /*
  * see header file
  */
-plugin_t *plugin_create()
+plugin_t *xcbc_plugin_create()
 {
 	private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t);
 
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
index 803d847aa..9824088c6 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h
@@ -39,9 +39,4 @@ struct xcbc_plugin_t {
 	plugin_t plugin;
 };
 
-/**
- * Create a xcbc_plugin instance.
- */
-plugin_t *plugin_create();
-
 #endif /** XCBC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c
index 0b516c99e..037f0b918 100644
--- a/src/libstrongswan/printf_hook.c
+++ b/src/libstrongswan/printf_hook.c
@@ -16,8 +16,8 @@
 
 #include "printf_hook.h"
 
-#include <utils.h>
-#include <debug.h>
+#include "utils.h"
+#include "debug.h"
 
 #include <stdio.h>
 #include <stdarg.h>
@@ -333,7 +333,8 @@ static void add_handler(private_printf_hook_t *this, char spec,
 
 	if (!IS_VALID_SPEC(spec))
 	{
-		DBG1("'%c' is not a valid printf hook specifier, not registered!", spec);
+		DBG1(DBG_LIB, "'%c' is not a valid printf hook specifier, "
+			 "not registered!", spec);
 		return;
 	}
 
@@ -345,7 +346,8 @@ static void add_handler(private_printf_hook_t *this, char spec,
 	{
 		if (++i >= ARGS_MAX)
 		{
-			DBG1("Too many arguments for printf hook with specifier '%c', not registered!", spec);
+			DBG1(DBG_LIB, "Too many arguments for printf hook with "
+				 "specifier '%c', not registered!", spec);
 			va_end(args);
 			free(handler);
 			return;
@@ -427,7 +429,7 @@ printf_hook_t *printf_hook_create()
 #ifdef USE_VSTR
 	if (!vstr_init())
 	{
-		DBG1("failed to initialize Vstr library!");
+		DBG1(DBG_LIB, "failed to initialize Vstr library!");
 		free(this);
 		return NULL;
 	}
diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
index b5964b541..257da3f24 100644
--- a/src/libstrongswan/selectors/traffic_selector.h
+++ b/src/libstrongswan/selectors/traffic_selector.h
@@ -74,8 +74,8 @@ struct traffic_selector_t {
 	 *
 	 * @param other		traffic selector to compare
 	 * @return
-	 * 					- created subset of them
-	 * 					- or NULL if no match between this and other
+	 *					- created subset of them
+	 *					- or NULL if no match between this and other
 	 */
 	traffic_selector_t *(*get_subset)  (traffic_selector_t *this,
 										traffic_selector_t *other);
@@ -173,7 +173,7 @@ struct traffic_selector_t {
 	 * Compare two traffic selectors for equality.
 	 *
 	 * @param other		ts to compare with this
-	 * @return 			TRUE if equal, FALSE otherwise
+	 * @return			TRUE if equal, FALSE otherwise
 	 */
 	bool (*equals) (traffic_selector_t *this, traffic_selector_t *other);
 
@@ -215,15 +215,15 @@ struct traffic_selector_t {
 /**
  * Create a new traffic selector using human readable params.
  *
- * @param protocol 		protocol for this ts, such as TCP or UDP
+ * @param protocol		protocol for this ts, such as TCP or UDP
  * @param type			type of following addresses, such as TS_IPV4_ADDR_RANGE
  * @param from_addr		start of address range as string
  * @param from_port		port number in host order
  * @param to_addr		end of address range as string
  * @param to_port		port number in host order
  * @return
- * 						- traffic_selector_t object
- * 						- NULL if invalid address strings/protocol
+ *						- traffic_selector_t object
+ *						- NULL if invalid address strings/protocol
  */
 traffic_selector_t *traffic_selector_create_from_string(
 									u_int8_t protocol, ts_type_t type,
@@ -237,11 +237,11 @@ traffic_selector_t *traffic_selector_create_from_string(
  * But the parser gives us this data in this format, so we
  * don't have to convert twice.
  *
- * @param protocol 		protocol for this ts, such as TCP or UDP
+ * @param protocol		protocol for this ts, such as TCP or UDP
  * @param type			type of following addresses, such as TS_IPV4_ADDR_RANGE
- * @param from_addr		start of address range, network order
+ * @param from_address	start of address range, network order
  * @param from_port		port number, host order
- * @param to_addr		end of address range, network order
+ * @param to_address	end of address range, network order
  * @param to_port		port number, host order
  * @return				traffic_selector_t object
  */
@@ -273,11 +273,11 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
  *
  * @param net			subnet to use
  * @param netbits		size of the subnet, as used in e.g. 192.168.0.0/24 notation
- * @param protocol 		protocol for this ts, such as TCP or UDP
+ * @param protocol		protocol for this ts, such as TCP or UDP
  * @param port			port number, host order
  * @return
- * 						- traffic_selector_t object
- * 						- NULL if address family of net not supported
+ *						- traffic_selector_t object
+ *						- NULL if address family of net not supported
  */
 traffic_selector_t *traffic_selector_create_from_subnet(
 									host_t *net, u_int8_t netbits,
@@ -295,8 +295,8 @@ traffic_selector_t *traffic_selector_create_from_subnet(
  * @param from_port		start of allowed port range
  * @param to_port		end of range
  * @return
- * 						- traffic_selector_t object
- * 						- NULL if type not supported
+ *						- traffic_selector_t object
+ *						- NULL if type not supported
  */
 traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol,
 									u_int16_t from_port, u_int16_t to_port);
diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c
index 4a822bcbf..610e2b8ea 100644
--- a/src/libstrongswan/settings.c
+++ b/src/libstrongswan/settings.c
@@ -21,8 +21,8 @@
 
 #include "settings.h"
 
-#include <debug.h>
-#include <utils/linked_list.h>
+#include "debug.h"
+#include "utils/linked_list.h"
 
 
 typedef struct private_settings_t private_settings_t;
@@ -293,8 +293,8 @@ static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, ..
 	if (value)
 	{
 		errno = 0;
-		timeval = strtol(value, &endptr, 10);
-		if (errno == 0 && timeval >= 0)
+		timeval = strtoul(value, &endptr, 10);
+		if (errno == 0)
 		{
 			switch (*endptr)
 			{
@@ -497,7 +497,7 @@ static section_t* parse_section(char **text, char *name)
 						continue;
 					}
 				}
-				DBG1("matching '}' not found near %s", *text);
+				DBG1(DBG_LIB, "matching '}' not found near %s", *text);
 				break;
 			case '=':
 				if (parse(text, "\t ", "\n", NULL, &value))
@@ -508,7 +508,7 @@ static section_t* parse_section(char **text, char *name)
 					section->kv->insert_last(section->kv, kv);
 					continue;
 				}
-				DBG1("parsing value failed near %s", *text);
+				DBG1(DBG_LIB, "parsing value failed near %s", *text);
 				break;
 			case '#':
 				parse(text, "", "\n", NULL, &value);
@@ -566,7 +566,7 @@ settings_t *settings_create(char *file)
 	fd = fopen(file, "r");
 	if (fd == NULL)
 	{
-		DBG1("'%s' does not exist or is not readable", file);
+		DBG1(DBG_LIB, "'%s' does not exist or is not readable", file);
 		return &this->public;
 	}
 	fseek(fd, 0, SEEK_END);
diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h
index 9e8d75cc0..f274fb33c 100644
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@@ -23,8 +23,8 @@
 
 typedef struct settings_t settings_t;
 
-#include <utils.h>
-#include <utils/enumerator.h>
+#include "utils.h"
+#include "utils/enumerator.h"
 
 /**
  * Generic configuration options read from a config file.
diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c
index a35695624..8597abb44 100644
--- a/src/libstrongswan/threading/mutex.c
+++ b/src/libstrongswan/threading/mutex.c
@@ -108,7 +108,7 @@ static void lock(private_mutex_t *this)
 	err = pthread_mutex_lock(&this->mutex);
 	if (err)
 	{
-		DBG1("!!! MUTEX LOCK ERROR: %s !!!", strerror(err));
+		DBG1(DBG_LIB, "!!! MUTEX LOCK ERROR: %s !!!", strerror(err));
 	}
 	profiler_end(&this->profile);
 }
@@ -123,7 +123,7 @@ static void unlock(private_mutex_t *this)
 	err = pthread_mutex_unlock(&this->mutex);
 	if (err)
 	{
-		DBG1("!!! MUTEX UNLOCK ERROR: %s !!!", strerror(err));
+		DBG1(DBG_LIB, "!!! MUTEX UNLOCK ERROR: %s !!!", strerror(err));
 	}
 }
 
diff --git a/src/libstrongswan/threading/rwlock.c b/src/libstrongswan/threading/rwlock.c
index ee9fb10be..cec43f59c 100644
--- a/src/libstrongswan/threading/rwlock.c
+++ b/src/libstrongswan/threading/rwlock.c
@@ -98,7 +98,7 @@ static void read_lock(private_rwlock_t *this)
 	err = pthread_rwlock_rdlock(&this->rwlock);
 	if (err != 0)
 	{
-		DBG1("!!! RWLOCK READ LOCK ERROR: %s !!!", strerror(err));
+		DBG1(DBG_LIB, "!!! RWLOCK READ LOCK ERROR: %s !!!", strerror(err));
 	}
 	profiler_end(&this->profile);
 }
@@ -114,7 +114,7 @@ static void write_lock(private_rwlock_t *this)
 	err = pthread_rwlock_wrlock(&this->rwlock);
 	if (err != 0)
 	{
-		DBG1("!!! RWLOCK WRITE LOCK ERROR: %s !!!", strerror(err));
+		DBG1(DBG_LIB, "!!! RWLOCK WRITE LOCK ERROR: %s !!!", strerror(err));
 	}
 	profiler_end(&this->profile);
 }
@@ -137,7 +137,7 @@ static void rw_unlock(private_rwlock_t *this)
 	err = pthread_rwlock_unlock(&this->rwlock);
 	if (err != 0)
 	{
-		DBG1("!!! RWLOCK UNLOCK ERROR: %s !!!", strerror(err));
+		DBG1(DBG_LIB, "!!! RWLOCK UNLOCK ERROR: %s !!!", strerror(err));
 	}
 }
 
diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c
index bbfb2c2c6..3751bb749 100644
--- a/src/libstrongswan/threading/thread.c
+++ b/src/libstrongswan/threading/thread.c
@@ -155,7 +155,7 @@ static void cancel(private_thread_t *this)
 	if (pthread_equal(this->thread_id, pthread_self()))
 	{
 		this->mutex->unlock(this->mutex);
-		DBG1("!!! CANNOT CANCEL CURRENT THREAD !!!");
+		DBG1(DBG_LIB, "!!! CANNOT CANCEL CURRENT THREAD !!!");
 		return;
 	}
 #ifdef HAVE_PTHREAD_CANCEL
@@ -180,7 +180,7 @@ static void _kill(private_thread_t *this, int sig)
 		 * returned, so depending on the signal, the lock might not get
 		 * unlocked. */
 		this->mutex->unlock(this->mutex);
-		DBG1("!!! CANNOT SEND SIGNAL TO CURRENT THREAD !!!");
+		DBG1(DBG_LIB, "!!! CANNOT SEND SIGNAL TO CURRENT THREAD !!!");
 		return;
 	}
 	pthread_kill(this->thread_id, sig);
@@ -209,13 +209,13 @@ static void *join(private_thread_t *this)
 	if (pthread_equal(this->thread_id, pthread_self()))
 	{
 		this->mutex->unlock(this->mutex);
-		DBG1("!!! CANNOT JOIN CURRENT THREAD !!!");
+		DBG1(DBG_LIB, "!!! CANNOT JOIN CURRENT THREAD !!!");
 		return NULL;
 	}
 	if (this->detached_or_joined)
 	{
 		this->mutex->unlock(this->mutex);
-		DBG1("!!! CANNOT JOIN DETACHED THREAD !!!");
+		DBG1(DBG_LIB, "!!! CANNOT JOIN DETACHED THREAD !!!");
 		return NULL;
 	}
 	thread_id = this->thread_id;
@@ -299,7 +299,8 @@ thread_t *thread_create(thread_main_t main, void *arg)
 	this->arg = arg;
 	if (pthread_create(&this->thread_id, NULL, (void*)thread_main, this) != 0)
 	{
-		DBG1("failed to create thread!");
+		DBG1(DBG_LIB, "failed to create thread!");
+		this->mutex->lock(this->mutex);
 		thread_destroy(this);
 		return NULL;
 	}
@@ -354,7 +355,7 @@ void thread_cleanup_pop(bool execute)
 											(void**)&handler) != SUCCESS)
 	{
 		this->mutex->unlock(this->mutex);
-		DBG1("!!! THREAD CLEANUP ERROR !!!");
+		DBG1(DBG_LIB, "!!! THREAD CLEANUP ERROR !!!");
 		return;
 	}
 	this->mutex->unlock(this->mutex);
@@ -433,6 +434,7 @@ void threads_init()
 void threads_deinit()
 {
 	private_thread_t *main_thread = (private_thread_t*)thread_current();
+	main_thread->mutex->lock(main_thread->mutex);
 	thread_destroy(main_thread);
 	current_thread->destroy(current_thread);
 	id_mutex->destroy(id_mutex);
diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h
index 6bf8fac79..31b9e1b3a 100644
--- a/src/libstrongswan/threading/thread.h
+++ b/src/libstrongswan/threading/thread.h
@@ -24,6 +24,12 @@
 typedef struct thread_t thread_t;
 
 #ifdef __APPLE__
+/* thread_create is a syscall used to create Mach kernel threads and although
+ * there are no errors or warnings during compilation or linkage the dynamic
+ * linker does not use our implementation, therefore we rename it here
+ */
+#define thread_create(main, arg) strongswan_thread_create(main, arg)
+
 /* on Mac OS X 10.5 several system calls we use are no cancellation points.
  * fortunately, select isn't one of them, so we wrap some of the others with
  * calls to select(2).
diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c
index e331ac0d0..63958593d 100644
--- a/src/libstrongswan/utils.c
+++ b/src/libstrongswan/utils.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2009 Tobias Brunner
+ * Copyright (C) 2008-2010 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -25,8 +25,8 @@
 #include <dirent.h>
 #include <time.h>
 
-#include <enum.h>
-#include <debug.h>
+#include "enum.h"
+#include "debug.h"
 
 ENUM(status_names, SUCCESS, DESTROY_ME,
 	"SUCCESS",
@@ -119,9 +119,31 @@ void *memstr(const void *haystack, const char *needle, size_t n)
 /**
  * Described in header.
  */
+char* translate(char *str, const char *from, const char *to)
+{
+	char *pos = str;
+	if (strlen(from) != strlen(to))
+	{
+		return str;
+	}
+	while (pos && *pos)
+	{
+		char *match;
+		if ((match = strchr(from, *pos)) != NULL)
+		{
+			*pos = to[match - from];
+		}
+		pos++;
+	}
+	return str;
+}
+
+/**
+ * Described in header.
+ */
 bool mkdir_p(const char *path, mode_t mode)
 {
-	size_t len;
+	int len;
 	char *pos, full[PATH_MAX];
 	pos = full;
 	if (!path || *path == '\0')
@@ -131,7 +153,7 @@ bool mkdir_p(const char *path, mode_t mode)
 	len = snprintf(full, sizeof(full)-1, "%s", path);
 	if (len < 0 || len >= sizeof(full)-1)
 	{
-		DBG1("path string %s too long", path);
+		DBG1(DBG_LIB, "path string %s too long", path);
 		return FALSE;
 	}
 	/* ensure that the path ends with a '/' */
@@ -152,7 +174,7 @@ bool mkdir_p(const char *path, mode_t mode)
 		{
 			if (mkdir(full, mode) < 0)
 			{
-				DBG1("failed to create directory %s", full);
+				DBG1(DBG_LIB, "failed to create directory %s", full);
 				return FALSE;
 			}
 		}
diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h
index 964cbd1d2..04551835e 100644
--- a/src/libstrongswan/utils.h
+++ b/src/libstrongswan/utils.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2009 Tobias Brunner
+ * Copyright (C) 2008-2010 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -29,7 +29,7 @@
 #include <arpa/inet.h>
 #include <string.h>
 
-#include <enum.h>
+#include "enum.h"
 
 /**
  * strongSwan program return codes
@@ -125,7 +125,7 @@
 #define METHOD(iface, name, ret, this, ...) \
 	static ret name(union {iface *_public; this;} \
 	__attribute__((transparent_union)), ##__VA_ARGS__); \
-	const static typeof(name) *_##name = (const typeof(name)*)name; \
+	static const typeof(name) *_##name = (const typeof(name)*)name; \
 	static ret name(this, ##__VA_ARGS__)
 
 /**
@@ -134,7 +134,7 @@
 #define METHOD2(iface1, iface2, name, ret, this, ...) \
 	static ret name(union {iface1 *_public1; iface2 *_public2; this;} \
 	__attribute__((transparent_union)), ##__VA_ARGS__); \
-	const static typeof(name) *_##name = (const typeof(name)*)name; \
+	static const typeof(name) *_##name = (const typeof(name)*)name; \
 	static ret name(this, ##__VA_ARGS__)
 
 /**
@@ -150,7 +150,7 @@
 /**
  * Ignore result of functions tagged with warn_unused_result attributes
  */
-#define ignore_result(call) { if(call); }
+#define ignore_result(call) { if(call){}; }
 
 /**
  * Assign a function as a class method
@@ -311,6 +311,14 @@ void memxor(u_int8_t dest[], u_int8_t src[], size_t n);
 void *memstr(const void *haystack, const char *needle, size_t n);
 
 /**
+ * Translates the characters in the given string, searching for characters
+ * in 'from' and mapping them to characters in 'to'.
+ * The two characters sets 'from' and 'to' must contain the same number of
+ * characters.
+ */
+char *translate(char *str, const char *from, const char *to);
+
+/**
  * Creates a directory and all required parent directories.
  *
  * @param path		path to the new directory
diff --git a/src/libstrongswan/utils/enumerator.c b/src/libstrongswan/utils/enumerator.c
index 7efdd883e..fb461b448 100644
--- a/src/libstrongswan/utils/enumerator.c
+++ b/src/libstrongswan/utils/enumerator.c
@@ -76,7 +76,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
 							   char **absolute, struct stat *st)
 {
 	struct dirent *entry = readdir(this->dir);
-	size_t len, remaining;
+	size_t remaining;
+	int len;
 
 	if (!entry)
 	{
@@ -96,7 +97,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
 		len = snprintf(this->full_end, remaining, "%s", entry->d_name);
 		if (len < 0 || len >= remaining)
 		{
-			DBG1("buffer too small to enumerate file '%s'", entry->d_name);
+			DBG1(DBG_LIB, "buffer too small to enumerate file '%s'",
+				 entry->d_name);
 			return FALSE;
 		}
 		if (absolute)
@@ -107,7 +109,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
 		{
 			if (stat(this->full, st))
 			{
-				DBG1("stat() on '%s' failed: %s", this->full, strerror(errno));
+				DBG1(DBG_LIB, "stat() on '%s' failed: %s", this->full,
+					 strerror(errno));
 				return FALSE;
 			}
 		}
@@ -120,7 +123,7 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative,
  */
 enumerator_t* enumerator_create_directory(char *path)
 {
-	size_t len;
+	int len;
 	dir_enum_t *this = malloc_thing(dir_enum_t);
 	this->public.enumerate = (void*)enumerate_dir_enum;
 	this->public.destroy = (void*)destroy_dir_enum;
@@ -132,7 +135,7 @@ enumerator_t* enumerator_create_directory(char *path)
 	len = snprintf(this->full, sizeof(this->full)-1, "%s", path);
 	if (len < 0 || len >= sizeof(this->full)-1)
 	{
-		DBG1("path string '%s' too long", path);
+		DBG1(DBG_LIB, "path string '%s' too long", path);
 		free(this);
 		return NULL;
 	}
@@ -147,7 +150,7 @@ enumerator_t* enumerator_create_directory(char *path)
 	this->dir = opendir(path);
 	if (this->dir == NULL)
 	{
-		DBG1("opening directory '%s' failed: %s", path, strerror(errno));
+		DBG1(DBG_LIB, "opening directory '%s' failed: %s", path, strerror(errno));
 		free(this);
 		return NULL;
 	}
diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h
index 3056498b1..537bf69e1 100644
--- a/src/libstrongswan/utils/enumerator.h
+++ b/src/libstrongswan/utils/enumerator.h
@@ -23,7 +23,7 @@
 
 typedef struct enumerator_t enumerator_t;
 
-#include <utils.h>
+#include "../utils.h"
 
 /**
  * Enumerate is simpler, but more flexible than iterator.
diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c
index a610b3a4d..112d07e5c 100644
--- a/src/libstrongswan/utils/host.c
+++ b/src/libstrongswan/utils/host.c
@@ -482,7 +482,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port)
 	error = getaddrinfo(string, NULL, &hints, &result);
 	if (error != 0)
 	{
-		DBG1("resolving '%s' failed: %s", string, gai_strerror(error));
+		DBG1(DBG_LIB, "resolving '%s' failed: %s", string, gai_strerror(error));
 		return NULL;
 	}
 	/* result is a linked list, but we use only the first address */
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index b0da340bc..6a3c3936c 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -798,7 +798,7 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
 	return print_in_hook(dst, len, "%*s", spec->width, buf);
 }
 
-METHOD(identification_t, clone, identification_t*,
+METHOD(identification_t, clone_, identification_t*,
 	private_identification_t *this)
 {
 	private_identification_t *clone = malloc_thing(private_identification_t);
@@ -830,7 +830,7 @@ static private_identification_t *identification_create(id_type_t type)
 			.get_encoding = _get_encoding,
 			.get_type = _get_type,
 			.create_part_enumerator = _create_part_enumerator,
-			.clone = _clone,
+			.clone = _clone_,
 			.destroy = _destroy,
 		},
 		.type = type,
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 2c2a36af3..2f8a7187c 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -167,6 +167,7 @@ char *whitelist[] = {
 	"tzset",
 	"inet_ntoa",
 	"strerror",
+	"getprotobyname",
 	"getprotobynumber",
 	"getservbyport",
 	"getservbyname",
diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c
index bf528caa0..d8f635c62 100644
--- a/src/libstrongswan/utils/optionsfrom.c
+++ b/src/libstrongswan/utils/optionsfrom.c
@@ -80,14 +80,15 @@ bool from(private_options_t *this, char *filename, int *argcp, char **argvp[],
 	this->nuses++;
 	if (this->nuses >= MAX_USES)
 	{
-		DBG1("optionsfrom called %d times by \"%s\" - looping?", this->nuses + 1, (*argvp)[0]);
+		DBG1(DBG_LIB, "optionsfrom called %d times by \"%s\" - looping?",
+			 this->nuses + 1, (*argvp)[0]);
 		return FALSE;
 	}
 
 	fd = fopen(filename, "r");
 	if (fd == NULL)
 	{
-		DBG1("optionsfrom: unable to open file '%s': %s",
+		DBG1(DBG_LIB, "optionsfrom: unable to open file '%s': %s",
 			 filename, strerror(errno));
 		return FALSE;
 	}
@@ -132,7 +133,7 @@ bool from(private_options_t *this, char *filename, int *argcp, char **argvp[],
 				line.len--;
 				if (!extract_token(&token, delimiter, &line))
 				{
-					DBG1("optionsfrom: missing terminator at %s:%d",
+					DBG1(DBG_LIB, "optionsfrom: missing terminator at %s:%d",
 						 filename, linepos);
 					good = FALSE;
 					break;
diff --git a/src/manager/Makefile.am b/src/manager/Makefile.am
index e6c31e9b4..e67335673 100644
--- a/src/manager/Makefile.am
+++ b/src/manager/Makefile.am
@@ -10,7 +10,8 @@ controller/control_controller.c controller/control_controller.h \
 controller/config_controller.c controller/config_controller.h \
 controller/gateway_controller.c controller/gateway_controller.h
 
-manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
+manager_fcgi_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
+main.o :	$(top_builddir)/config.status
 
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS}
 AM_CFLAGS = -rdynamic \
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index 20438acc3..54e2cc11c 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -68,8 +68,9 @@ am_manager_fcgi_OBJECTS = main.$(OBJEXT) manager.$(OBJEXT) \
 	gateway_controller.$(OBJEXT)
 manager_fcgi_OBJECTS = $(am_manager_fcgi_OBJECTS)
 am__DEPENDENCIES_1 =
-manager_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la \
-	$(am__DEPENDENCIES_1)
+manager_fcgi_DEPENDENCIES =  \
+	$(top_builddir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libfast/libfast.la $(am__DEPENDENCIES_1)
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -235,6 +236,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -278,7 +280,7 @@ controller/control_controller.c controller/control_controller.h \
 controller/config_controller.c controller/config_controller.h \
 controller/gateway_controller.c controller/gateway_controller.h
 
-manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
+manager_fcgi_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la ${xml_LIBS}
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS}
 AM_CFLAGS = -rdynamic \
   -DIPSECDIR=\"${ipsecdir}\" \
@@ -881,6 +883,7 @@ uninstall-am: uninstall-managerPROGRAMS \
 	uninstall-manager_templates_ikesaDATA \
 	uninstall-manager_templates_staticDATA
 
+main.o :	$(top_builddir)/config.status
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/manager/main.c b/src/manager/main.c
index 1f5c45113..5c297cf0c 100644
--- a/src/manager/main.c
+++ b/src/manager/main.c
@@ -48,7 +48,8 @@ int main (int arc, char *argv[])
 	database = lib->settings->get_str(lib->settings, "manager.database", NULL);
 	if (!database)
 	{
-		DBG1("database URI undefined, set manager.database in strongswan.conf");
+		DBG1(DBG_LIB, "database URI undefined, set manager.database "
+			 "in strongswan.conf");
 		return 1;
 	}
 
diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am
index 9f5c9e2f7..bdec08190 100644
--- a/src/medsrv/Makefile.am
+++ b/src/medsrv/Makefile.am
@@ -7,7 +7,8 @@ main.c filter/auth_filter.c filter/auth_filter.h \
 controller/user_controller.c controller/user_controller.h \
 controller/peer_controller.c controller/peer_controller.h
 
-medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la
+medsrv_fcgi_LDADD = $(top_srcdir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la
+main.o :	$(top_builddir)/config.status
 
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast
 AM_CFLAGS = -rdynamic \
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 8f602930d..2f79ca4d4 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -62,7 +62,9 @@ am_medsrv_fcgi_OBJECTS = user.$(OBJEXT) main.$(OBJEXT) \
 	auth_filter.$(OBJEXT) user_controller.$(OBJEXT) \
 	peer_controller.$(OBJEXT)
 medsrv_fcgi_OBJECTS = $(am_medsrv_fcgi_OBJECTS)
-medsrv_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la
+medsrv_fcgi_DEPENDENCIES =  \
+	$(top_srcdir)/src/libstrongswan/libstrongswan.la \
+	$(top_builddir)/src/libfast/libfast.la
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -224,6 +226,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -264,7 +267,7 @@ main.c filter/auth_filter.c filter/auth_filter.h \
 controller/user_controller.c controller/user_controller.h \
 controller/peer_controller.c controller/peer_controller.h
 
-medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la
+medsrv_fcgi_LDADD = $(top_srcdir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la
 INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast
 AM_CFLAGS = -rdynamic \
   -DIPSECDIR=\"${ipsecdir}\" \
@@ -751,6 +754,7 @@ uninstall-am: uninstall-medsrvPROGRAMS uninstall-medsrv_templatesDATA \
 	uninstall-medsrv_templates_staticDATA \
 	uninstall-medsrv_templates_userDATA
 
+main.o :	$(top_builddir)/config.status
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/openac/Makefile.am b/src/openac/Makefile.am
index ca6238258..a278cdd17 100644
--- a/src/openac/Makefile.am
+++ b/src/openac/Makefile.am
@@ -7,4 +7,4 @@ AM_CFLAGS = \
   -DIPSEC_CONFDIR=\"${sysconfdir}\" \
   -DPLUGINS=\""${libstrongswan_plugins}\""
 openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
-
+openac.o :		$(top_builddir)/config.status
diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in
index 08f621395..9f0f96561 100644
--- a/src/openac/Makefile.in
+++ b/src/openac/Makefile.in
@@ -220,6 +220,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -633,6 +634,7 @@ uninstall-man: uninstall-man8
 	tags uninstall uninstall-am uninstall-ipsecPROGRAMS \
 	uninstall-man uninstall-man8
 
+openac.o :		$(top_builddir)/config.status
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/openac/openac.c b/src/openac/openac.c
index 2b9270ff9..a280192c2 100755
--- a/src/openac/openac.c
+++ b/src/openac/openac.c
@@ -105,7 +105,8 @@ static chunk_t read_serial(void)
 	}
 	else
 	{
-		DBG1("  file '%s' does not exist yet - serial number set to 01", OPENAC_SERIAL);
+		DBG1(DBG_LIB, "  file '%s' does not exist yet - serial number "
+			 "set to 01", OPENAC_SERIAL);
 	}
 	if (!serial.len)
 	{
@@ -129,7 +130,7 @@ static void write_serial(chunk_t serial)
 	{
 		chunk_t hex_serial;
 
-		DBG1("  serial number is %#B", &serial);
+		DBG1(DBG_LIB, "  serial number is %#B", &serial);
 		hex_serial = chunk_to_hex(serial, NULL, FALSE);
 		fprintf(fd, "%.*s\n", hex_serial.len, hex_serial.ptr);
 		fclose(fd);
@@ -137,7 +138,7 @@ static void write_serial(chunk_t serial)
 	}
 	else
 	{
-		DBG1("  could not open file '%s' for writing", OPENAC_SERIAL);
+		DBG1(DBG_LIB, "  could not open file '%s' for writing", OPENAC_SERIAL);
 	}
 }
 
@@ -151,7 +152,7 @@ static bool stderr_quiet = FALSE;
 /**
  * openac dbg function
  */
-static void openac_dbg(int level, char *fmt, ...)
+static void openac_dbg(debug_t group, level_t level, char *fmt, ...)
 {
 	int priority = LOG_INFO;
 	char buffer[8192];
@@ -431,7 +432,7 @@ int main(int argc, char **argv)
 		goto end;
 	}
 
-	DBG1("starting openac (strongSwan Version %s)", VERSION);
+	DBG1(DBG_LIB, "starting openac (strongSwan Version %s)", VERSION);
 
 	/* load the signer's RSA private key */
 	if (keyfile != NULL)
@@ -444,7 +445,7 @@ int main(int argc, char **argv)
 		{
 			goto end;
 		}
-		DBG1("  loaded private key file '%s'", keyfile);
+		DBG1(DBG_LIB, "  loaded private key file '%s'", keyfile);
 	}
 
 	/* load the signer's X.509 certificate */
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am
index a471b6477..8eac07afc 100644
--- a/src/pki/Makefile.am
+++ b/src/pki/Makefile.am
@@ -7,9 +7,11 @@ pki_SOURCES = pki.c pki.h command.c command.h \
 	commands/pub.c \
 	commands/req.c \
 	commands/self.c \
-	commands/verify.c 
+	commands/verify.c
 
 pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+pki.o :	$(top_builddir)/config.status
+
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 AM_CFLAGS = \
 	-DPLUGINS=\""${libstrongswan_plugins}\""
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 1261d7fa8..522b9e887 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -237,7 +238,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \
 	commands/pub.c \
 	commands/req.c \
 	commands/self.c \
-	commands/verify.c 
+	commands/verify.c
 
 pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
@@ -667,6 +668,7 @@ uninstall-am: uninstall-ipsecPROGRAMS
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
 	tags uninstall uninstall-am uninstall-ipsecPROGRAMS
 
+pki.o :	$(top_builddir)/config.status
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c
index 16d8d48d4..b2769da54 100644
--- a/src/pki/commands/gen.c
+++ b/src/pki/commands/gen.c
@@ -47,7 +47,7 @@ static int gen()
 					return command_usage("invalid key type");
 				}
 				continue;
-			case 'o':
+			case 'f':
 				if (!get_form(arg, &form, FALSE))
 				{
 					return command_usage("invalid key output format");
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 07ab9066a..fcd758f87 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -161,7 +161,7 @@ static int issue()
 		}
 	}
 
-	DBG2("Reading ca certificate:");
+	DBG2(DBG_LIB, "Reading ca certificate:");
 	ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
 							BUILD_FROM_FILE, cacert, BUILD_END);
 	if (!ca)
@@ -182,7 +182,7 @@ static int issue()
 		goto end;
 	}
 
-	DBG2("Reading ca private key:");
+	DBG2(DBG_LIB, "Reading ca private key:");
 	private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
 								 public->get_type(public),
 								 BUILD_FROM_FILE, cakey, BUILD_END);
@@ -212,6 +212,11 @@ static int issue()
 			goto end;
 		}
 		rng->allocate_bytes(rng, 8, &serial);
+		while (*serial.ptr == 0x00)
+		{
+			/* we don't accept a serial number with leading zeroes */
+			rng->get_bytes(rng, 1, serial.ptr);
+		}
 		rng->destroy(rng);
 	}
 
@@ -221,7 +226,7 @@ static int issue()
 		identification_t *subjectAltName;
 		pkcs10_t *req;
 
-		DBG2("Reading certificate request");
+		DBG2(DBG_LIB, "Reading certificate request");
 		if (file)
 		{
 			cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
@@ -261,7 +266,7 @@ static int issue()
 	}
 	else
 	{
-		DBG2("Reading public key:");
+		DBG2(DBG_LIB, "Reading public key:");
 		if (file)
 		{
 			public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 30ae23be5..d283daa6a 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -158,6 +158,11 @@ static int self()
 			goto end;
 		}
 		rng->allocate_bytes(rng, 8, &serial);
+		while (*serial.ptr == 0x00)
+		{
+			/* we don't accept a serial number with leading zeroes */
+			rng->get_bytes(rng, 1, serial.ptr);
+		}
 		rng->destroy(rng);
 	}
 	not_before = time(NULL);
diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am
index b83e4be33..a264e642e 100644
--- a/src/pluto/Makefile.am
+++ b/src/pluto/Makefile.am
@@ -46,6 +46,7 @@ state.c state.h \
 timer.c timer.h \
 vendor.c vendor.h \
 virtual.c virtual.h \
+whack_attribute.c whack_attribute.h \
 xauth.c xauth.h \
 x509.c x509.h \
 builder.c builder.h \
@@ -53,13 +54,17 @@ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
 
 _pluto_adns_SOURCES = adns.c adns.h
 
+plutomain.o :	$(top_builddir)/config.status
+
 LIBSTRONGSWANDIR=$(top_builddir)/src/libstrongswan
 LIBFREESWANDIR=$(top_builddir)/src/libfreeswan
+LIBHYDRADIR=$(top_builddir)/src/libhydra
 
 INCLUDES = \
 -I${linux_headers} \
 -I$(top_srcdir)/src/libstrongswan \
 -I$(top_srcdir)/src/libfreeswan \
+-I$(top_srcdir)/src/libhydra \
 -I$(top_srcdir)/src/whack
 
 AM_CFLAGS = \
@@ -75,6 +80,7 @@ AM_CFLAGS = \
 pluto_LDADD = \
 $(LIBSTRONGSWANDIR)/libstrongswan.la \
 $(LIBFREESWANDIR)/libfreeswan.a \
+$(LIBHYDRADIR)/libhydra.la \
 -lresolv $(PTHREADLIB) $(DLLIB)
 
 _pluto_adns_LDADD = \
diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in
index c93756c44..47be9acf7 100644
--- a/src/pluto/Makefile.in
+++ b/src/pluto/Makefile.in
@@ -94,12 +94,13 @@ am_pluto_OBJECTS = ac.$(OBJEXT) alg_info.$(OBJEXT) ca.$(OBJEXT) \
 	pkcs7.$(OBJEXT) plutomain.$(OBJEXT) rcv_whack.$(OBJEXT) \
 	server.$(OBJEXT) smartcard.$(OBJEXT) spdb.$(OBJEXT) \
 	state.$(OBJEXT) timer.$(OBJEXT) vendor.$(OBJEXT) \
-	virtual.$(OBJEXT) xauth.$(OBJEXT) x509.$(OBJEXT) \
-	builder.$(OBJEXT)
+	virtual.$(OBJEXT) whack_attribute.$(OBJEXT) xauth.$(OBJEXT) \
+	x509.$(OBJEXT) builder.$(OBJEXT)
 pluto_OBJECTS = $(am_pluto_OBJECTS)
 pluto_DEPENDENCIES = $(LIBSTRONGSWANDIR)/libstrongswan.la \
-	$(LIBFREESWANDIR)/libfreeswan.a $(am__DEPENDENCIES_1) \
-	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+	$(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
@@ -263,6 +264,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -339,6 +341,7 @@ state.c state.h \
 timer.c timer.h \
 vendor.c vendor.h \
 virtual.c virtual.h \
+whack_attribute.c whack_attribute.h \
 xauth.c xauth.h \
 x509.c x509.h \
 builder.c builder.h \
@@ -347,10 +350,12 @@ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h
 _pluto_adns_SOURCES = adns.c adns.h
 LIBSTRONGSWANDIR = $(top_builddir)/src/libstrongswan
 LIBFREESWANDIR = $(top_builddir)/src/libfreeswan
+LIBHYDRADIR = $(top_builddir)/src/libhydra
 INCLUDES = \
 -I${linux_headers} \
 -I$(top_srcdir)/src/libstrongswan \
 -I$(top_srcdir)/src/libfreeswan \
+-I$(top_srcdir)/src/libhydra \
 -I$(top_srcdir)/src/whack
 
 AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
@@ -362,8 +367,8 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
 	$(am__append_1) $(am__append_2) $(am__append_3) \
 	$(am__append_4) $(am__append_5) $(am__append_7)
 pluto_LDADD = $(LIBSTRONGSWANDIR)/libstrongswan.la \
-	$(LIBFREESWANDIR)/libfreeswan.a -lresolv $(PTHREADLIB) \
-	$(DLLIB) $(am__append_6)
+	$(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \
+	-lresolv $(PTHREADLIB) $(DLLIB) $(am__append_6)
 _pluto_adns_LDADD = \
 $(LIBFREESWANDIR)/libfreeswan.a \
 -lresolv $(DLLIB)
@@ -501,6 +506,7 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timer.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virtual.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/whack_attribute.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth.Po@am__quote@
 
@@ -826,6 +832,8 @@ uninstall-man: uninstall-man5 uninstall-man8
 	uninstall-man8
 
 
+plutomain.o :	$(top_builddir)/config.status
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/src/pluto/ac.c b/src/pluto/ac.c
index d8b16112f..3ee05d213 100644
--- a/src/pluto/ac.c
+++ b/src/pluto/ac.c
@@ -88,16 +88,17 @@ bool ac_verify_cert(certificate_t *cert, bool strict)
 	cert_t *aacert;
 	time_t notBefore, valid_until;
 
-	DBG1("holder: '%Y'", subject);
-	DBG1("issuer: '%Y'", issuer);
+	DBG1(DBG_LIB, "holder: '%Y'", subject);
+	DBG1(DBG_LIB, "issuer: '%Y'", issuer);
 
 	if (!cert->get_validity(cert, NULL, NULL, &valid_until))
 	{
-		DBG1("attribute certificate is invalid (valid from %T to %T)",
+		DBG1(DBG_LIB, "attribute certificate is invalid (valid from %T to %T)",
 			 &notBefore, FALSE, &valid_until, FALSE);
 		return FALSE;
 	}
-	DBG1("attribute certificate is valid until %T", &valid_until, FALSE);
+	DBG1(DBG_LIB, "attribute certificate is valid until %T", &valid_until,
+		 FALSE);
 
 	lock_authcert_list("verify_x509acert");
 	aacert = get_authcert(issuer, authKeyID, X509_AA);
@@ -105,17 +106,17 @@ bool ac_verify_cert(certificate_t *cert, bool strict)
 
 	if (aacert == NULL)
 	{
-		DBG1("issuer aacert not found");
+		DBG1(DBG_LIB, "issuer aacert not found");
 		return FALSE;
 	}
-	DBG2("issuer aacert found");
+	DBG2(DBG_LIB, "issuer aacert found");
 
 	if (!cert->issued_by(cert, aacert->cert))
 	{
-		DBG1("attribute certificate signature is invalid");
+		DBG1(DBG_LIB, "attribute certificate signature is invalid");
 		return FALSE;
 	}
-	DBG1("attribute certificate signature is valid");
+	DBG1(DBG_LIB, "attribute certificate signature is valid");
 
 	return verify_x509cert(aacert, strict, &valid_until);
 }
@@ -175,8 +176,8 @@ bool match_group_membership(ietf_attributes_t *peer_attributes, char *conn,
 	}
 
 	match = conn_attributes->matches(conn_attributes, peer_attributes);
-	DBG1("%s: peer with attributes '%s' is %sa member of the groups '%s'",
-		 conn, peer_attributes->get_string(peer_attributes),
+	DBG1(DBG_LIB, "%s: peer with attributes '%s' is %sa member of the "
+		 "groups '%s'", conn, peer_attributes->get_string(peer_attributes),
 		 match ? "" : "not ", conn_attributes->get_string(conn_attributes));
 
 	return match;
@@ -191,7 +192,7 @@ void ac_load_certs(void)
 	struct stat st;
 	char *file;
 
-	DBG1("loading attribute certificates from '%s'", A_CERT_PATH);
+	DBG1(DBG_LIB, "loading attribute certificates from '%s'", A_CERT_PATH);
 
 	enumerator = enumerator_create_directory(A_CERT_PATH);
 	if (!enumerator)
@@ -212,7 +213,7 @@ void ac_load_certs(void)
 								  BUILD_FROM_FILE, file, BUILD_END);
 		if (cert)
 		{
-			DBG1("  loaded attribute certificate from '%s'", file);
+			DBG1(DBG_LIB, "  loaded attribute certificate from '%s'", file);
 			ac_add_cert(cert);
 		}
 	}
@@ -266,7 +267,7 @@ void ac_list_certs(bool utc)
 			whack_log(RC_COMMENT, "  hserial:   %#B", &holderSerial);
 		}
 
-		groups = ac->get_groups(ac);		
+		groups = ac->get_groups(ac);
 		if (groups)
 		{
 			whack_log(RC_COMMENT, "  groups:    %s", groups->get_string(groups));
diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c
index edecf14c6..32fd46ef4 100644
--- a/src/pluto/alg_info.c
+++ b/src/pluto/alg_info.c
@@ -139,6 +139,7 @@ static bool is_authenticated_encryption(int ealg_id)
 		case ESP_AES_GCM_8:
 		case ESP_AES_GCM_12:
 		case ESP_AES_GCM_16:
+		case ESP_AES_GMAC:
 			return TRUE;
 	}
 	return FALSE;
@@ -474,7 +475,7 @@ struct alg_info_ike *alg_info_ike_create_from_str(char *alg_str)
 
 	if (alg_info_parse_str((struct alg_info *)alg_info_ike, alg_str) == SUCCESS)
 	{
-		alg_info_ike->ref_cnt = 1;	
+		alg_info_ike->ref_cnt = 1;
 		return alg_info_ike;
 	}
 	else
diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index e25e7f6f5..2654774fa 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -293,12 +293,12 @@ void load_authcerts(char *type, char *path, x509_flag_t auth_flags)
 	struct stat st;
 	char *file;
 
-	DBG1("loading %s certificates from '%s'", type, path);
+	DBG1(DBG_LIB, "loading %s certificates from '%s'", type, path);
 
 	enumerator = enumerator_create_directory(path);
 	if (!enumerator)
 	{
-		DBG1("  reading directory '%s' failed");
+		DBG1(DBG_LIB, "  reading directory '%s' failed", path);
 		return;
 	}
 
diff --git a/src/pluto/connections.c b/src/pluto/connections.c
index fece34eec..dd193042a 100644
--- a/src/pluto/connections.c
+++ b/src/pluto/connections.c
@@ -30,6 +30,7 @@
 #include <freeswan.h>
 #include "kameipsec.h"
 
+#include <hydra.h>
 #include <credentials/certificates/ac.h>
 #include <credentials/keys/private_key.h>
 
@@ -61,6 +62,7 @@
 #include "kernel_alg.h"
 #include "nat_traversal.h"
 #include "virtual.h"
+#include "whack_attribute.h"
 
 static void flush_pending_by_connection(connection_t *c);  /* forward */
 
@@ -104,7 +106,7 @@ bool his_id_was_instantiated(const connection_t *c)
 	{
 		identification_t *host;
 		bool equal;
-	
+
 		host = identification_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_addr);
 		equal = host->equals(host, c->spd.that.id);
 		host->destroy(host);
@@ -113,7 +115,7 @@ bool his_id_was_instantiated(const connection_t *c)
 	else
 	{
 		return TRUE;
-	} 
+	}
 }
 
 /**
@@ -369,11 +371,16 @@ void delete_connection(connection_t *c, bool relations)
 		host_t *vip;
 
 		vip = host_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_srcip);
-		lib->attributes->release_address(lib->attributes, c->spd.that.pool,
-										 vip, c->spd.that.id);
+		hydra->attributes->release_address(hydra->attributes, c->spd.that.pool,
+										   vip, c->spd.that.id);
 		vip->destroy(vip);
 	}
 
+	if (c->kind != CK_GOING_AWAY)
+	{
+		whack_attr->del_pool(whack_attr, c->name);
+	}
+
 	/* free internal data */
 #ifdef DEBUG
 	cur_debugging = old_cur_debugging;
@@ -683,7 +690,7 @@ size_t format_end(char *buf, size_t buf_len, const struct end *this,
 	}
 
 	/* id */
-	snprintf(host_id, sizeof(host_id), "[%Y]", this->id); 
+	snprintf(host_id, sizeof(host_id), "[%Y]", this->id);
 
 	/* [---hop] */
 	hop[0] = '\0';
@@ -769,7 +776,7 @@ static void load_end_certificate(char *filename, struct end *dst)
 	cert_t *cert = NULL;
 	certificate_t *certificate;
 	bool cached_cert = FALSE;
-	
+
 	/* initialize end certificate */
 	dst->cert = NULL;
 
@@ -853,10 +860,11 @@ static void load_end_certificate(char *filename, struct end *dst)
 }
 
 static bool extract_end(struct end *dst, const whack_end_t *src,
-						const char *which)
+						const char *name, bool is_left)
 {
 	bool same_ca = FALSE;
 
+	dst->is_left = is_left;
 	dst->id = identification_create_from_string(src->id);
 	dst->ca = NULL;
 
@@ -1117,15 +1125,14 @@ void add_connection(const whack_message_t *wm)
 		c->tunnel_addr_family = wm->tunnel_addr_family;
 
 		c->requested_ca = NULL;
+		same_leftca  = extract_end(&c->spd.this, &wm->left, wm->name, TRUE);
+		same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, FALSE);
 
-		same_leftca  = extract_end(&c->spd.this, &wm->left, "left");
-		same_rightca = extract_end(&c->spd.that, &wm->right, "right");
-
-		if (same_rightca)
+		if (same_rightca && c->spd.this.ca)
 		{
 			c->spd.that.ca = c->spd.this.ca->clone(c->spd.this.ca);
 		}
-		else if (same_leftca)
+		else if (same_leftca && c->spd.that.ca)
 		{
 			c->spd.this.ca = c->spd.that.ca->clone(c->spd.that.ca);
 		}
@@ -1196,6 +1203,17 @@ void add_connection(const whack_message_t *wm)
 
 		(void)orient(c);
 
+		/* if rightsourceip defines a subnet then create an in-memory pool */
+		if (whack_attr->add_pool(whack_attr, c->name,
+							c->spd.this.is_left ? &wm->right : &wm->left))
+		{
+			c->spd.that.pool = clone_str(c->name);
+			c->spd.that.modecfg = TRUE;
+			c->spd.that.has_client = FALSE;
+			/* reset the host_srcip so that it gets assigned in modecfg */
+			anyaddr(AF_INET, &c->spd.that.host_srcip);
+		}
+
 		if (c->ikev1)
 		{
 			connect_to_host_pair(c);
@@ -1794,7 +1812,7 @@ connection_t *build_outgoing_opportunistic_connection(struct gw_info *gw,
 	else
 	{
 		chunk_t encoding = gw->gw_id->get_encoding(gw->gw_id);
-		id_type_t type   = gw->gw_id->get_type(gw->gw_id); 
+		id_type_t type   = gw->gw_id->get_type(gw->gw_id);
 		ip_address ip_addr;
 
 		initaddr(encoding.ptr, encoding.len,
@@ -2758,7 +2776,7 @@ static void initiate_opportunistic_body(struct find_oppo_bundle *b,
 					addrtot(&b->peer_client, 0, pcb, sizeof(pcb));
 					loglog(RC_OPPOFAILURE,
 							"no suitable connection for opportunism "
-						  	"between %s and %s with %Y as peer",
+							"between %s and %s with %Y as peer",
 							 ocb, pcb, ac->gateways_from_dns->gw_id);
 
 #ifdef KLIPS
@@ -3379,7 +3397,7 @@ connection_t *refine_host_connection(const struct state *st,
 			id_match_t match_level = peer_id->matches(peer_id, d->spd.that.id);
 
 			bool matching_id = match_level > ID_MATCH_NONE;
-				
+
 			bool matching_auth = (d->policy & auth_policy) != LEMPTY;
 
 			bool matching_trust = trusted_ca(peer_ca
@@ -3580,7 +3598,7 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp,
 	policy_prio_t best_prio = BOTTOM_PRIO;
 	id_match_t match_level;
 	int pathlen;
-	
+
 
 	const bool peer_net_is_host = subnetisaddr(peer_net, &c->spd.that.host_addr);
 
@@ -3675,7 +3693,8 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp,
 			}
 			else
 			{
-				if (!peer_net_is_host)
+				if (!peer_net_is_host && !(sr->that.modecfg && c->spd.that.modecfg &&
+						subnetisaddr(peer_net, &c->spd.that.host_srcip)))
 				{
 					continue;
 				}
@@ -3843,7 +3862,7 @@ void get_peer_ca_and_groups(connection_t *c,
 		if (cert && ac_verify_cert(cert, strict_crl_policy))
 		{
 			ac_t *ac = (ac_t*)cert;
-		
+
 			*peer_attributes = ac->get_groups(ac);
 		}
 		else
diff --git a/src/pluto/connections.h b/src/pluto/connections.h
index ee2e00da6..66aea1541 100644
--- a/src/pluto/connections.h
+++ b/src/pluto/connections.h
@@ -137,6 +137,7 @@ struct end {
 		host_srcip;
 	ip_subnet client;
 
+	bool is_left;
 	bool key_from_DNS_on_demand;
 	bool has_client;
 	bool has_client_wildcard;
diff --git a/src/pluto/constants.c b/src/pluto/constants.c
index 6f991fd69..63a37009b 100644
--- a/src/pluto/constants.c
+++ b/src/pluto/constants.c
@@ -392,7 +392,8 @@ static const char *const esp_transform_name[] = {
 	"AES_GCM_12",
 	"AES_GCM_16",
 	"SEED_CBC",
-	"CAMELLIA_CBC"
+	"CAMELLIA_CBC",
+	"AES_GMAC"
 };
 
 static const char *const esp_transform_name_high[] = {
@@ -404,7 +405,7 @@ enum_names esp_transform_names_high =
 	{ ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL };
 
 enum_names esp_transform_names =
-	{ ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transform_names_high };
+	{ ESP_DES_IV64, ESP_AES_GMAC, esp_transform_name, &esp_transform_names_high };
 
 /* IPCOMP transform values */
 
@@ -919,12 +920,15 @@ static const char *const oakley_group_name_rfc4753[] = {
 };
 
 static const char *const oakley_group_name_rfc5114[] = {
+	"MODP_1024_160",
+	"MODP_2048_224",
+	"MODP_2048_256",
 	"ECP_192",
 	"ECP_224"
 };
 
 enum_names oakley_group_names_rfc5114 =
-	{ ECP_192_BIT, ECP_224_BIT,
+	{ MODP_1024_160, ECP_224_BIT,
 			oakley_group_name_rfc5114, NULL };
 
 enum_names oakley_group_names_rfc4753 =
diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index 8c574ebc5..e9567c07a 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -125,10 +125,10 @@ extern const char sparse_end[];
 #define MAX_DIGEST_LEN          HASH_SIZE_SHA512
 
 /* RFC 2404 "HMAC-SHA-1-96" section 3 */
-#define HMAC_SHA1_KEY_LEN		HASH_SIZE_SHA1
+#define HMAC_SHA1_KEY_LEN       HASH_SIZE_SHA1
 
 /* RFC 2403 "HMAC-MD5-96" section 3 */
-#define HMAC_MD5_KEY_LEN   		HASH_SIZE_MD5
+#define HMAC_MD5_KEY_LEN        HASH_SIZE_MD5
 
 #define IKE_UDP_PORT    500
 
@@ -150,7 +150,7 @@ enum ipsec_authentication_algo {
 	AH_AES_128_GMAC = 11,
 	AH_AES_192_GMAC = 12,
 	AH_AES_256_GMAC = 13,
-	AH_SHA2_256_96  = 252  
+	AH_SHA2_256_96  = 252
 };
 
 extern enum_names ah_transform_names;
@@ -184,6 +184,7 @@ enum ipsec_cipher_algo {
 	ESP_AES_GCM_16    = 20,
 	ESP_SEED_CBC      = 21,
 	ESP_CAMELLIA      = 22,
+	ESP_AES_GMAC      = 23,
 	ESP_SERPENT       = 252,
 	ESP_TWOFISH       = 253
 };
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index 2113cecbc..a62e7632d 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -237,6 +237,27 @@ static struct dh_desc dh_desc_ecp_521 = {
 	ke_size:    2*528 / BITS_PER_BYTE
 };
 
+static struct dh_desc dh_desc_modp_1024_160 = {
+	algo_type:  IKE_ALG_DH_GROUP,
+	algo_id:    MODP_1024_160,
+	algo_next:  NULL,
+	ke_size:    1024 / BITS_PER_BYTE
+};
+
+static struct dh_desc dh_desc_modp_2048_224 = {
+	algo_type:  IKE_ALG_DH_GROUP,
+	algo_id:    MODP_2048_224,
+	algo_next:  NULL,
+	ke_size:    2048 / BITS_PER_BYTE
+};
+
+static struct dh_desc dh_desc_modp_2048_256 = {
+	algo_type:  IKE_ALG_DH_GROUP,
+	algo_id:    MODP_2048_256,
+	algo_next:  NULL,
+	ke_size:    2048 / BITS_PER_BYTE
+};
+
 static struct dh_desc dh_desc_ecp_192 = {
 	algo_type:  IKE_ALG_DH_GROUP,
 	algo_id:    ECP_192_BIT,
@@ -370,6 +391,15 @@ bool init_crypto(void)
 			case ECP_521_BIT:
 				desc = &dh_desc_ecp_521;
 				break;
+			case MODP_1024_160:
+				desc = &dh_desc_modp_1024_160;
+				break;
+			case MODP_2048_224:
+				desc = &dh_desc_modp_2048_224;
+				break;
+			case MODP_2048_256:
+				desc = &dh_desc_modp_2048_256;
+				break;
 			case ECP_192_BIT:
 				desc = &dh_desc_ecp_192;
 				break;
@@ -580,9 +610,11 @@ int esp_from_encryption_algorithm(encryption_algorithm_t alg)
 			return ESP_AES_GCM_16;
 		case ENCR_CAMELLIA_CBC:
 			return ESP_CAMELLIA;
+		case ENCR_NULL_AUTH_AES_GMAC:
+			return ESP_AES_GMAC;
 		case ENCR_SERPENT_CBC:
 			return ESP_SERPENT;
-	case ENCR_TWOFISH_CBC:
+		case ENCR_TWOFISH_CBC:
 			return ESP_TWOFISH;
 		default:
 			return 0;
diff --git a/src/pluto/demux.h b/src/pluto/demux.h
index 4faf6e532..2161bbd02 100644
--- a/src/pluto/demux.h
+++ b/src/pluto/demux.h
@@ -61,6 +61,7 @@ struct msg_digest {
 	notification_t note;        /* reason for failure */
 	bool dpd;                   /* peer supports RFC 3706 DPD */
 	bool openpgp;               /* peer supports OpenPGP certificates */
+	bool ms_nt5;                /* peer is a windows 2000+ host */
 
 #   define PAYLIMIT 40
 	struct payload_digest
diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c
index 6172165bd..1d2d13371 100644
--- a/src/pluto/fetch.c
+++ b/src/pluto/fetch.c
@@ -266,10 +266,10 @@ x509crl_t* fetch_crl(char *url)
 	x509crl_t *crl;
 	chunk_t blob;
 
-	DBG1("  fetching crl from '%s' ...", url);
+	DBG1(DBG_LIB, "  fetching crl from '%s' ...", url);
 	if (lib->fetcher->fetch(lib->fetcher, url, &blob, FETCH_END) != SUCCESS)
 	{
-		DBG1("crl fetching failed");
+		DBG1(DBG_LIB, "crl fetching failed");
 		return FALSE;
 	}
 	crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL,
@@ -277,7 +277,8 @@ x509crl_t* fetch_crl(char *url)
 	free(blob.ptr);
 	if (!crl)
 	{
-		DBG1("crl fetched successfully but data coded in unknown format");
+		DBG1(DBG_LIB, "crl fetched successfully but data coded in unknown "
+			 "format");
 	}
 	return crl;
 }
@@ -395,7 +396,7 @@ static void fetch_ocsp_status(ocsp_location_t* location)
 	chunk_t request = build_ocsp_request(location);
 	chunk_t response = chunk_empty;
 
-	DBG1("  requesting ocsp status from '%s' ...", location->uri);
+	DBG1(DBG_LIB, "  requesting ocsp status from '%s' ...", location->uri);
 	if (lib->fetcher->fetch(lib->fetcher, location->uri, &response,
 							FETCH_REQUEST_DATA, request,
 							FETCH_REQUEST_TYPE, "application/ocsp-request",
@@ -405,7 +406,7 @@ static void fetch_ocsp_status(ocsp_location_t* location)
 	}
 	else
 	{
-		DBG1("ocsp request to %s failed", location->uri);
+		DBG1(DBG_LIB, "ocsp request to %s failed", location->uri);
 	}
 
 	free(request.ptr);
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c
index 1f8917d79..34c42e294 100644
--- a/src/pluto/ipsec_doi.c
+++ b/src/pluto/ipsec_doi.c
@@ -702,6 +702,8 @@ void accept_delete(struct state *st, struct msg_digest *md,
 				   struct payload_digest *p)
 {
 	struct isakmp_delete *d = &(p->payload.delete);
+	identification_t *this_id, *that_id;
+	ip_address peer_addr;
 	size_t sizespi;
 	int i;
 
@@ -759,6 +761,15 @@ void accept_delete(struct state *st, struct msg_digest *md,
 		return;
 	}
 
+	if (d->isad_protoid == PROTO_ISAKMP)
+	{
+		struct end *this = &st->st_connection->spd.this;
+		struct end *that = &st->st_connection->spd.that;
+		this_id = this->id->clone(this->id);
+		that_id = that->id->clone(that->id);
+		peer_addr = st->st_connection->spd.that.host_addr;
+	}
+
 	for (i = 0; i < d->isad_nospi; i++)
 	{
 		u_char *spi = p->pbs.cur + (i * sizespi);
@@ -770,7 +781,7 @@ void accept_delete(struct state *st, struct msg_digest *md,
 			 */
 			struct state *dst = find_state(spi /*iCookie*/
 				, spi+COOKIE_SIZE /*rCookie*/
-				, &st->st_connection->spd.that.host_addr
+				, &peer_addr
 				, MAINMODE_MSGID);
 
 			if (dst == NULL)
@@ -778,7 +789,8 @@ void accept_delete(struct state *st, struct msg_digest *md,
 				loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: "
 					"ISAKMP SA not found (maybe expired)");
 			}
-			else if (!same_peer_ids(st->st_connection, dst->st_connection, NULL))
+			else if (! this_id->equals(this_id, dst->st_connection->spd.this.id) ||
+					 ! that_id->equals(that_id, dst->st_connection->spd.that.id))
 			{
 				/* we've not authenticated the relevant identities */
 				loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: "
@@ -876,6 +888,12 @@ void accept_delete(struct state *st, struct msg_digest *md,
 			}
 		}
 	}
+
+	if (d->isad_protoid == PROTO_ISAKMP)
+	{
+		this_id->destroy(this_id);
+		that_id->destroy(that_id);
+	}
 }
 
 /* The whole message must be a multiple of 4 octets.
@@ -2753,6 +2771,7 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid,
 				case ESP_AES_GCM_12:
 				case ESP_AES_GCM_16:
 				case ESP_AES_CTR:
+				case ESP_AES_GMAC:
 					needed_len += 4;
 					break;
 				default:
@@ -3620,7 +3639,7 @@ stf_status main_inR2_outI3(struct msg_digest *md)
 	if (send_cert)
 	{
 		bool success;
-		chunk_t cert_encoding;	
+		chunk_t cert_encoding;
 		pb_stream cert_pbs;
 
 		struct isakmp_cert cert_hd;
@@ -3634,7 +3653,7 @@ stf_status main_inR2_outI3(struct msg_digest *md)
 		cert_encoding = mycert->cert->get_encoding(mycert->cert);
 		success = out_chunk(cert_encoding, &cert_pbs, "CERT");
 		free(cert_encoding.ptr);
-		if (!success)	
+		if (!success)
 		{
 			return STF_INTERNAL_ERROR;
 		}
@@ -4076,7 +4095,7 @@ main_inI3_outR3_tail(struct msg_digest *md
 		success = out_chunk(cert_encoding, &cert_pbs, "CERT");
 		free(cert_encoding.ptr);
 		if (!success)
-		{	
+		{
 			return STF_INTERNAL_ERROR;
 		}
 		close_output_pbs(&cert_pbs);
@@ -4871,6 +4890,21 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b,
 					 */
 					p = rw_instantiate(p, &c->spd.that.host_addr, md->sender_port
 								, his_net, c->spd.that.id);
+
+					/* inherit any virtual IP assigned by a Mode Config exchange */ 
+					if (p->spd.that.modecfg && c->spd.that.modecfg &&
+						subnetisaddr(his_net, &c->spd.that.host_srcip))
+					{
+						char srcip[ADDRTOT_BUF];
+
+						DBG(DBG_CONTROL,
+							addrtot(&c->spd.that.host_srcip, 0, srcip, sizeof(srcip));
+							DBG_log("inheriting virtual IP source address %s from ModeCfg", srcip)
+						)
+						p->spd.that.host_srcip = c->spd.that.host_srcip;
+						p->spd.that.client = c->spd.that.client;
+						p->spd.that.has_client = TRUE;
+					}
 				}
 			}
 #ifdef DEBUG
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c
index fe4655d3f..ee22fb55e 100644
--- a/src/pluto/kernel.c
+++ b/src/pluto/kernel.c
@@ -1993,6 +1993,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound)
 			case ESP_AES_GCM_12:
 			case ESP_AES_GCM_16:
 			case ESP_AES_CTR:
+			case ESP_AES_GMAC:
 				key_len += 4;
 				break;
 			default:
diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c
index bf67315e6..7c2855edc 100644
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c
@@ -395,6 +395,10 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen)
 						kernel_alg_add(satype, supp_exttype, &alg);
 					}
 				}
+
+				/* also register AES_GMAC */
+				alg.sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC;
+				kernel_alg_add(satype, supp_exttype, &alg);
 			}
 			/* if SHA2_256 is registered then also register SHA2_256_96 */
 			if (satype == SADB_SATYPE_ESP &&
diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c
index 289714b50..75d0c98d3 100644
--- a/src/pluto/kernel_netlink.c
+++ b/src/pluto/kernel_netlink.c
@@ -112,6 +112,7 @@ static sparse_names ealg_list = {
 	{ SADB_X_EALG_AES_GCM_ICV8,  "rfc4106(gcm(aes))" },
 	{ SADB_X_EALG_AES_GCM_ICV12, "rfc4106(gcm(aes))" },
 	{ SADB_X_EALG_AES_GCM_ICV16, "rfc4106(gcm(aes))" },
+	{ SADB_X_EALG_NULL_AES_GMAC, "rfc4543(gcm(aes))" },
 	{ SADB_X_EALG_CAMELLIACBC,   "cbc(camellia)" },
 	{ SADB_X_EALG_SERPENTCBC,    "serpent" },
 	{ SADB_X_EALG_TWOFISHCBC,    "twofish" },
@@ -687,6 +688,7 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace)
 			break;
 		case SADB_X_EALG_AES_CCM_ICV16:
 		case SADB_X_EALG_AES_GCM_ICV16:
+		case SADB_X_EALG_NULL_AES_GMAC:
 			icv_size += 32;
 			/* FALL */
 		case SADB_X_EALG_AES_CCM_ICV12:
diff --git a/src/pluto/lex.c b/src/pluto/lex.c
index f48d24a54..d5ebdaba9 100644
--- a/src/pluto/lex.c
+++ b/src/pluto/lex.c
@@ -205,7 +205,7 @@ flushline(const char *m)
 	{
 		if (m != NULL)
 			loglog(RC_LOG_SERIOUS, "\"%s\" line %d: %s", flp->filename, flp->lino, m);
-		do ; while (shift());
+		do {} while (shift());
 		return FALSE;
 	}
 }
diff --git a/src/pluto/log.c b/src/pluto/log.c
index 2f3536ff3..444ac2220 100644
--- a/src/pluto/log.c
+++ b/src/pluto/log.c
@@ -40,7 +40,8 @@
 #include "connections.h"
 #include "myid.h"
 #include "kernel.h"
-#include "whack.h"      /* needs connections.h */
+#include "whack.h"
+#include "whack_attribute.h"
 #include "timer.h"
 
 /* close one per-peer log */
@@ -85,7 +86,7 @@ u_int16_t cur_from_port;        /* host order */
 /**
  * pluto dbg function for libstrongswan
  */
-static void pluto_dbg(int level, char *fmt, ...)
+static void pluto_dbg(debug_t group, level_t level, char *fmt, ...)
 {
 	int priority = LOG_INFO;
 	int debug_level;
@@ -856,6 +857,7 @@ void show_status(bool all, const char *name)
 		show_myid_status();
 		show_loaded_plugins();
 		show_debug_status();
+		show_pools(name);
 		whack_log(RC_COMMENT, BLANK_FORMAT);    /* spacer */
 	}
 	show_connections_status(all, name);
diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c
index 03ec7f41f..0c4f2bd6b 100644
--- a/src/pluto/modecfg.c
+++ b/src/pluto/modecfg.c
@@ -26,6 +26,7 @@
 #include <freeswan.h>
 
 #include <library.h>
+#include <hydra.h>
 #include <attributes/attributes.h>
 #include <crypto/prfs/prf.h>
 
@@ -119,7 +120,7 @@ static void init_internal_addr(internal_addr_t *ia)
 static void get_internal_addr(connection_t *c, host_t *requested_vip,
 							  internal_addr_t *ia)
 {
-	int i, dns_idx = 0, nbns_idx = 0;
+	int dns_idx = 0, nbns_idx = 0;
 	enumerator_t *enumerator;
 	configuration_attribute_type_t type;
 	chunk_t value;
@@ -129,13 +130,13 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
 	{
 		if (c->spd.that.pool)
 		{
-			vip = lib->attributes->acquire_address(lib->attributes,
+			vip = hydra->attributes->acquire_address(hydra->attributes,
 										c->spd.that.pool, c->spd.that.id,
 										requested_vip);
 			if (vip)
 			{
 				chunk_t addr = vip->get_address(vip);
-		
+
 				plog("assigning virtual IP %H to peer", vip);
 				initaddr(addr.ptr, addr.len, vip->get_family(vip), &ia->ipaddr);
 
@@ -150,7 +151,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
 	{
 		ia->ipaddr = c->spd.that.host_srcip;
 		vip = host_create_from_sockaddr((sockaddr_t*)&ia->ipaddr);
-		plog("assigning virtual IP  %H to peer", vip);
+		plog("assigning virtual IP %H to peer", vip);
 	}
 
 	if (!isanyaddr(&ia->ipaddr))        /* We got an IP address, send it */
@@ -164,67 +165,15 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
 					 | LELEM(INTERNAL_IP4_NETMASK);
 	}
 
-	/* assign DNS servers from strongswan.conf */
-	for (i = 1; i <= DNS_SERVER_MAX; i++)
-	{
-		char dns_key[16], *dns_str;
-
-		snprintf(dns_key, sizeof(dns_key), "pluto.dns%d", i);
-		dns_str = lib->settings->get_str(lib->settings, dns_key, NULL);
-		if (dns_str)
-		{
-			err_t ugh;
-			sa_family_t family = strchr(dns_str, ':') ? AF_INET6 : AF_INET;
-
-			ugh = ttoaddr(dns_str, 0, family, &ia->dns[dns_idx]);
-			if (ugh)
-			{
-				plog("error in DNS server address: %s", ugh);
-				continue;
-			}
-			plog("assigning DNS server %s to peer", dns_str);
-
-			/* differentiate between IP4 and IP6 in modecfg_build_msg() */
-			ia->attr_set |= LELEM(INTERNAL_IP4_DNS);
-			dns_idx++;
-		}
-	}
-
-	/* assign NBNS servers from strongswan.conf */
-	for (i = 1; i <= NBNS_SERVER_MAX; i++)
-	{
-		char nbns_key[16], *nbns_str;
-
-		snprintf(nbns_key, sizeof(nbns_key), "pluto.nbns%d", i);
-		nbns_str = lib->settings->get_str(lib->settings, nbns_key, NULL);
-		if (nbns_str)
-		{
-			err_t ugh;
-			sa_family_t family = strchr(nbns_str, ':') ? AF_INET6 : AF_INET;
-
-			ugh = ttoaddr(nbns_str, 0, family, &ia->nbns[nbns_idx]);
-			if (ugh)
-			{
-				plog("error in NBNS server address: %s", ugh);
-				continue;
-			}
-			plog("assigning NBNS server %s to peer", nbns_str);
-
-			/* differentiate between IP4 and IP6 in modecfg_build_msg() */
-			ia->attr_set |= LELEM(INTERNAL_IP4_NBNS);
-			nbns_idx++;
-		}
-	}
-
 	/* assign attributes from registered providers */
-	enumerator = lib->attributes->create_responder_enumerator(lib->attributes,
+	enumerator = hydra->attributes->create_responder_enumerator(hydra->attributes,
 											c->spd.that.id, vip);
 	while (enumerator->enumerate(enumerator, &type, &value))
 	{
 		err_t ugh;
 		host_t *server;
 		sa_family_t family = AF_INET;
-		
+
 		switch (type)
 		{
 			case INTERNAL_IP6_DNS:
@@ -257,7 +206,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
 				/* fallthrough */
 			case INTERNAL_IP4_NBNS:
 				if (nbns_idx >= NBNS_SERVER_MAX)
- 				{
+				{
 					plog("exceeded the maximum number of %d NBNS servers",
 						 NBNS_SERVER_MAX);
 					break;
@@ -279,7 +228,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip,
 
 			default:
 				break;
-		}			
+		}
 	}
 	enumerator->destroy(enumerator);
 	DESTROY_IF(vip);
diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c
index 733dd2623..b24ef1a8c 100644
--- a/src/pluto/pkcs7.c
+++ b/src/pluto/pkcs7.c
@@ -146,7 +146,7 @@ bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo)
 			if (cInfo->type < OID_PKCS7_DATA
 			||  cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
 			{
-				DBG1("unknown pkcs7 content type");
+				DBG1(DBG_LIB, "unknown pkcs7 content type");
 				goto end;
 			}
 		}
@@ -187,7 +187,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
 	}
 	if (cInfo.type != OID_PKCS7_SIGNED_DATA)
 	{
-		DBG1("pkcs7 content type is not signedData");
+		DBG1(DBG_LIB, "pkcs7 content type is not signedData");
 		return FALSE;
 	}
 
@@ -202,7 +202,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
 		{
 		case PKCS7_SIGNED_VERSION:
 			version = object.len ? (int)*object.ptr : 0;
-			DBG2("  v%d", version);
+			DBG2(DBG_LIB, "  v%d", version);
 			break;
 		case PKCS7_DIGEST_ALG:
 			digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
@@ -217,7 +217,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
 			{
 				certificate_t *cert;
 
-				DBG2("  parsing pkcs7-wrapped certificate");
+				DBG2(DBG_LIB, "  parsing pkcs7-wrapped certificate");
 				cert = lib->creds->create(lib->creds,
 								  		  CRED_CERTIFICATE, CERT_X509,
 								  		  BUILD_BLOB_ASN1_DER, object,
@@ -230,17 +230,17 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
 			break;
 		case PKCS7_SIGNER_INFO:
 			signerInfos++;
-			DBG2("  signer #%d", signerInfos);
+			DBG2(DBG_LIB, "  signer #%d", signerInfos);
 			break;
 		case PKCS7_SIGNER_INFO_VERSION:
 			version = object.len ? (int)*object.ptr : 0;
-			DBG2("  v%d", version);
+			DBG2(DBG_LIB, "  v%d", version);
 			break;
 		case PKCS7_SIGNED_ISSUER:
 			{
 				identification_t *issuer = identification_create_from_encoding(
 													ID_DER_ASN1_DN, object);
-				DBG2("  \"%Y\"", issuer);
+				DBG2(DBG_LIB, "  \"%Y\"", issuer);
 				issuer->destroy(issuer);
 				break;
 			}
@@ -277,27 +277,27 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
 		scheme = signature_scheme_from_oid(digest_alg);
 		if (scheme == SIGN_UNKNOWN)
 		{
-			DBG1("unsupported signature scheme");
+			DBG1(DBG_LIB, "unsupported signature scheme");
 			return FALSE;
 		}
 		if (signerInfos == 0)
 		{
-			DBG1("no signerInfo object found");
+			DBG1(DBG_LIB, "no signerInfo object found");
 			return FALSE;
 		}
 		else if (signerInfos > 1)
 		{
-			DBG1("more than one signerInfo object found");
+			DBG1(DBG_LIB, "more than one signerInfo object found");
 			return FALSE;
 		}
 		if (attributes->ptr == NULL)
 		{
-			DBG1("no authenticatedAttributes object found");
+			DBG1(DBG_LIB, "no authenticatedAttributes object found");
 			return FALSE;
 		}
 		if (enc_alg != OID_RSA_ENCRYPTION)
 		{
-			DBG1("only RSA digest encryption supported");
+			DBG1(DBG_LIB, "only RSA digest encryption supported");
 			return FALSE;
 		}
 
@@ -305,16 +305,16 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data,
 		key = cacert->get_public_key(cacert);
 		if (key == NULL)
 		{
-			DBG1("no public key found in CA certificate");
+			DBG1(DBG_LIB, "no public key found in CA certificate");
 			return FALSE;
 		}
 		if (key->verify(key, scheme, *attributes, encrypted_digest))
 		{
-			DBG2("signature is valid");
+			DBG2(DBG_LIB, "signature is valid");
 		}
 		else
 		{
-			DBG1("invalid signature");
+			DBG1(DBG_LIB, "invalid signature");
 			success = FALSE;
 		}
 		key->destroy(key);
@@ -352,7 +352,7 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
 	}
 	if (cInfo.type != OID_PKCS7_ENVELOPED_DATA)
 	{
-		DBG1("pkcs7 content type is not envelopedData");
+		DBG1(DBG_LIB, "pkcs7 content type is not envelopedData");
 		goto failed;
 	}
 
@@ -367,19 +367,19 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
 		{
 		case PKCS7_ENVELOPED_VERSION:
 			version = object.len ? (int)*object.ptr : 0;
-			DBG2("  v%d", version);
+			DBG2(DBG_LIB, "  v%d", version);
 			if (version != 0)
 			{
-				DBG1("envelopedData version is not 0");
+				DBG1(DBG_LIB, "envelopedData version is not 0");
 				goto end;
 			}
 			break;
 		case PKCS7_RECIPIENT_INFO_VERSION:
 			version = object.len ? (int)*object.ptr : 0;
-			DBG2("  v%d", version);
+			DBG2(DBG_LIB, "  v%d", version);
 			if (version != 0)
 			{
-				DBG1("recipient info version is not 0");
+				DBG1(DBG_LIB, "recipient info version is not 0");
 				goto end;
 			}
 			break;
@@ -387,14 +387,14 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
 			{
 				identification_t *issuer = identification_create_from_encoding(
 													ID_DER_ASN1_DN, object);
-				DBG2("  \"%Y\"", issuer);
+				DBG2(DBG_LIB, "  \"%Y\"", issuer);
 				issuer->destroy(issuer);
 				break;
 			}
 		case PKCS7_SERIAL_NUMBER:
 			if (!chunk_equals(serialNumber, object))
 			{
-				DBG1("serial numbers do not match");
+				DBG1(DBG_LIB, "serial numbers do not match");
 				goto end;
 			}
 			break;
@@ -402,22 +402,22 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
 			enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
 			if (enc_alg != OID_RSA_ENCRYPTION)
 			{
-				DBG1("only rsa encryption supported");
+				DBG1(DBG_LIB, "only rsa encryption supported");
 				goto end;
 			}
 			break;
 		case PKCS7_ENCRYPTED_KEY:
 			if (!key->decrypt(key, object, &symmetric_key))
 			{
-				DBG1("symmetric key could not be decrypted with rsa");
+				DBG1(DBG_LIB, "symmetric key could not be decrypted with rsa");
 				goto end;
 			}
-			DBG4("symmetric key %B", &symmetric_key);
+			DBG4(DBG_LIB, "symmetric key %B", &symmetric_key);
 			break;
 		case PKCS7_CONTENT_TYPE:
 			if (asn1_known_oid(object) != OID_PKCS7_DATA)
 			{
-				 DBG1("encrypted content not of type pkcs7 data");
+				 DBG1(DBG_LIB, "encrypted content not of type pkcs7 data");
 				 goto end;
 			}
 			break;
@@ -426,12 +426,12 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
 
 			if (content_enc_alg == OID_UNKNOWN)
 			{
-				DBG1("unknown content encryption algorithm");
+				DBG1(DBG_LIB, "unknown content encryption algorithm");
 				goto end;
 			}
 			if (!asn1_parse_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
 			{
-				DBG1("IV could not be parsed");
+				DBG1(DBG_LIB, "IV could not be parsed");
 				goto end;
 			}
 			break;
@@ -459,28 +459,28 @@ end:
 		alg = encryption_algorithm_from_oid(content_enc_alg, &key_size);
 		if (alg == ENCR_UNDEFINED)
 		{
-			DBG1("unsupported content encryption algorithm");
+			DBG1(DBG_LIB, "unsupported content encryption algorithm");
 			goto failed;
 		}
 		crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
 		if (crypter == NULL)
 		{
-			DBG1("crypter %N not available", encryption_algorithm_names, alg);
+			DBG1(DBG_LIB, "crypter %N not available", encryption_algorithm_names, alg);
 			goto failed;
 		}
 		if (symmetric_key.len != crypter->get_key_size(crypter))
 		{
-			DBG1("symmetric key length %d is wrong", symmetric_key.len);
+			DBG1(DBG_LIB, "symmetric key length %d is wrong", symmetric_key.len);
 			goto failed;
 		}
 		if (iv.len != crypter->get_block_size(crypter))
 		{
-			DBG1("IV length %d is wrong", iv.len);
+			DBG1(DBG_LIB, "IV length %d is wrong", iv.len);
 			goto failed;
 		}
 		crypter->set_key(crypter, symmetric_key);
 		crypter->decrypt(crypter, encrypted_content, iv, data);
-		DBG4("decrypted content with padding: %B", data);
+		DBG4(DBG_LIB, "decrypted content with padding: %B", data);
 	}
 
 	/* remove the padding */
@@ -491,7 +491,7 @@ end:
 
 		if (padding > data->len)
 		{
-			DBG1("padding greater than data length");
+			DBG1(DBG_LIB, "padding greater than data length");
 			goto failed;
 		}
 		data->len -= padding;
@@ -500,7 +500,7 @@ end:
 		{
 			if (*pos-- != pattern)
 			{
-				DBG1("wrong padding pattern");
+				DBG1(DBG_LIB, "wrong padding pattern");
 				goto failed;
 			}
 		}
@@ -631,7 +631,7 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
 				, asn1_wrap(ASN1_SET, "m", signerInfo));
 
 	cInfo = pkcs7_build_contentInfo(&signedData);
-	DBG3("signedData %B", &cInfo);
+	DBG3(DBG_LIB, "signedData %B", &cInfo);
 
 	free(pkcs7Data.content.ptr);
 	free(signedData.content.ptr);
@@ -653,7 +653,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
 										  alg_key_size/BITS_PER_BYTE);
 	if (crypter == NULL)
 	{
-		DBG1("crypter for %N not available", encryption_algorithm_names, alg);
+		DBG1(DBG_LIB, "crypter for %N not available", encryption_algorithm_names, alg);
 		return chunk_empty;
 	}
 
@@ -663,12 +663,12 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
 
 		rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
 		rng->allocate_bytes(rng, crypter->get_key_size(crypter), &symmetricKey);
-		DBG4("symmetric encryption key %B", &symmetricKey);
+		DBG4(DBG_LIB, "symmetric encryption key %B", &symmetricKey);
 		rng->destroy(rng);
 
 		rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
 		rng->allocate_bytes(rng, crypter->get_block_size(crypter), &iv);
-		DBG4("initialization vector: %B", &iv);
+		DBG4(DBG_LIB, "initialization vector: %B", &iv);
 		rng->destroy(rng);
 	}
 
@@ -680,7 +680,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
 		in.len = data.len + padding;
 		in.ptr = malloc(in.len);
 
-		DBG2("padding %u bytes of data to multiple block size of %u bytes",
+		DBG2(DBG_LIB, "padding %u bytes of data to multiple block size of %u bytes",
 			 data.len, in.len);
 
 		/* copy data */
@@ -688,14 +688,14 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
 		/* append padding */
 		memset(in.ptr + data.len, padding, padding);
 	}
-	DBG3("padded unencrypted data %B", &in);
+	DBG3(DBG_LIB, "padded unencrypted data %B", &in);
 
 	/* symmetric encryption of data object */
 	crypter->set_key(crypter, symmetricKey);
 	crypter->encrypt(crypter, in, iv, &out);
 	crypter->destroy(crypter);
 	chunk_clear(&in);
-    DBG3("encrypted data %B", &out);
+    DBG3(DBG_LIB, "encrypted data %B", &out);
 
 	/* protect symmetric key by public key encryption */
 	{
@@ -703,7 +703,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
 
 		if (key == NULL)
 		{
-			DBG1("public key not found in encryption certificate");
+			DBG1(DBG_LIB, "public key not found in encryption certificate");
 			chunk_clear(&symmetricKey);
 			chunk_free(&iv);
 			chunk_free(&out);
@@ -744,7 +744,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg
 					, encryptedContentInfo);
 
 		cInfo = pkcs7_build_contentInfo(&envelopedData);
-		DBG3("envelopedData %B", &cInfo);
+		DBG3(DBG_LIB, "envelopedData %B", &cInfo);
 
 		chunk_free(&envelopedData.content);
 		chunk_free(&iv);
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 8b922df8c..aa04594bc 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -38,6 +38,7 @@
 
 #include <freeswan.h>
 
+#include <hydra.h>
 #include <library.h>
 #include <debug.h>
 #include <utils/enumerator.h>
@@ -74,6 +75,7 @@
 #include "timer.h"
 #include "vendor.h"
 #include "builder.h"
+#include "whack_attribute.h"
 
 static void usage(const char *mess)
 {
@@ -242,7 +244,7 @@ static void print_plugins()
 		len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin);
 	}
 	enumerator->destroy(enumerator);
-	DBG1("loaded plugins: %s", buf);
+	DBG1(DBG_DMN, "loaded plugins: %s", buf);
 }
 
 int main(int argc, char **argv)
@@ -273,6 +275,12 @@ int main(int argc, char **argv)
 		library_deinit();
 		exit(SS_RC_DAEMON_INTEGRITY);
 	}
+	if (!libhydra_init("pluto"))
+	{
+		libhydra_deinit();
+		library_deinit();
+		exit(SS_RC_INITIALIZATION_FAILED);
+	}
 	options = options_create();
 
 	/* handle arguments */
@@ -648,6 +656,7 @@ int main(int argc, char **argv)
 	{
 		plog("integrity tests enabled:");
 		plog("lib    'libstrongswan': passed file and segment integrity tests");
+		plog("lib    'libhydra': passed file and segment integrity tests");
 		plog("daemon 'pluto': passed file integrity test");
 	}
 
@@ -676,6 +685,7 @@ int main(int argc, char **argv)
 	init_myid();
 	fetch_initialize();
 	ac_initialize();
+	whack_attribute_initialize();
 
 	/* drop unneeded capabilities and change UID/GID */
 	prctl(PR_SET_KEEPCAPS, 1);
@@ -750,6 +760,7 @@ void exit_pluto(int status)
 	free_preshared_secrets();
 	free_remembered_public_keys();
 	delete_every_connection();
+	whack_attribute_finalize(); /* free in-memory pools */
 	fetch_finalize();           /* stop fetching thread */
 	free_crl_fetch();           /* free chain of crl fetch requests */
 	free_ocsp_fetch();          /* free chain of ocsp fetch requests */
@@ -770,6 +781,8 @@ void exit_pluto(int status)
 	free_builder();
 	delete_lock();
 	options->destroy(options);
+	lib->plugins->unload(lib->plugins);
+	libhydra_deinit();
 	library_deinit();
 	close_log();
 	exit(status);
diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c
index 826a1aa6e..bf5ccb10c 100644
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@@ -57,6 +57,7 @@
 #include "myid.h"
 #include "kernel_alg.h"
 #include "ike_alg.h"
+#include "whack_attribute.h"
 
 /* helper variables and function to decode strings from whack message */
 
@@ -326,6 +327,8 @@ void whack_handle(int whackctlfd)
 		|| !unpack_str(&msg.ike)                /* string 24 */
 		|| !unpack_str(&msg.esp)                /* string 25 */
 		|| !unpack_str(&msg.sc_data)            /* string 26 */
+		|| !unpack_str(&msg.whack_lease_ip)     /* string 27 */
+		|| !unpack_str(&msg.whack_lease_id)     /* string 28 */
 		|| str_roof - next_str != (ptrdiff_t)msg.keyval.len)    /* check chunk */
 		{
 			ugh = "message from whack contains bad string";
@@ -376,7 +379,9 @@ void whack_handle(int whackctlfd)
 	}
 
 	if (msg.whack_myid)
+	{
 		set_myid(MYID_SPECIFIED, msg.myid);
+	}
 
 	/* Deleting combined with adding a connection works as replace.
 	 * To make this more useful, in only this combination,
@@ -385,9 +390,13 @@ void whack_handle(int whackctlfd)
 	if (msg.whack_delete)
 	{
 		if (msg.whack_ca)
+		{
 			find_ca_info_by_name(msg.name, TRUE);
+		}
 		else
+		{
 			delete_connections_by_name(msg.name, !msg.whack_connection);
+		}
 	}
 
 	if (msg.whack_deletestate)
@@ -406,13 +415,19 @@ void whack_handle(int whackctlfd)
 	}
 
 	if (msg.whack_crash)
+	{
 		delete_states_by_peer(&msg.whack_crash_peer);
+	}
 
 	if (msg.whack_connection)
+	{
 		add_connection(&msg);
+	}
 
 	if (msg.whack_ca && msg.cacert != NULL)
+	{
 		add_ca_info(&msg);
+	}
 
 	/* process "listen" before any operation that could require it */
 	if (msg.whack_listen)
@@ -469,7 +484,12 @@ void whack_handle(int whackctlfd)
 		free_ocsp_cache();
 	}
 
-   if (msg.whack_list & LIST_PUBKEYS)
+	if (msg.whack_leases)
+	{
+		list_leases(msg.name, msg.whack_lease_ip, msg.whack_lease_id);
+	}
+
+	if (msg.whack_list & LIST_PUBKEYS)
 	{
 		list_public_keys(msg.whack_utc);
 	}
@@ -552,12 +572,18 @@ void whack_handle(int whackctlfd)
 			{
 				set_cur_connection(c);
 				if (!oriented(*c))
+				{
 					whack_log(RC_ORIENT
 						, "we have no ipsecN interface for either end of this connection");
+				}
 				else if (c->policy & POLICY_GROUP)
+				{
 					route_group(c);
+				}
 				else if (!trap_connection(c))
+				{
 					whack_log(RC_ROUTE, "could not route");
+				}
 				reset_cur_connection();
 			}
 		}
@@ -584,14 +610,22 @@ void whack_handle(int whackctlfd)
 				for (sr = &c->spd; sr != NULL; sr = sr->next)
 				{
 					if (sr->routing >= RT_ROUTED_TUNNEL)
+					{
 						fail++;
+					}
 				}
 				if (fail > 0)
+				{
 					whack_log(RC_RTBUSY, "cannot unroute: route busy");
+				}
 				else if (c->policy & POLICY_GROUP)
+				{
 					unroute_group(c);
+				}
 				else
+				{
 					unroute_connection(c);
+				}
 				reset_cur_connection();
 			}
 		}
@@ -618,11 +652,15 @@ void whack_handle(int whackctlfd)
 	if (msg.whack_oppo_initiate)
 	{
 		if (!listening)
+		{
 			whack_log(RC_DEAF, "need --listen before opportunistic initiation");
+		}
 		else
+		{
 			initiate_opportunistic(&msg.oppo_my_client, &msg.oppo_peer_client, 0
 				, FALSE
 				, msg.whack_async? NULL_FD : dup_any(whackfd));
+		}
 	}
 
 	if (msg.whack_terminate)
@@ -639,7 +677,9 @@ void whack_handle(int whackctlfd)
 	}
 
 	if (msg.whack_status)
+	{
 		show_status(msg.whack_statusall, msg.name);
+	}
 
 	if (msg.whack_shutdown)
 	{
@@ -650,10 +690,14 @@ void whack_handle(int whackctlfd)
 	if (msg.whack_sc_op != SC_OP_NONE)
 	{
 		if (pkcs11_proxy)
+		{
 			scx_op_via_whack(msg.sc_data, msg.inbase, msg.outbase
 						   , msg.whack_sc_op, msg.keyid, whackfd);
+		}
 		else
+		{
 		   plog("pkcs11 access to smartcard not allowed (set pkcs11proxy=yes)");
+		}
 	}
 
 	whack_log_fd = NULL_FD;
diff --git a/src/pluto/timer.c b/src/pluto/timer.c
index 74806a40c..b112d67f6 100644
--- a/src/pluto/timer.c
+++ b/src/pluto/timer.c
@@ -48,7 +48,7 @@ time_t now(void)
 {
 	static time_t delta = 0
 		, last_time = 0;
-	time_t n = time((time_t)NULL);
+	time_t n = time(NULL);
 
 	passert(n != (time_t)-1);
 	if (last_time > n)
diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c
index 7d3c96c87..99cfc5734 100644
--- a/src/pluto/vendor.c
+++ b/src/pluto/vendor.c
@@ -198,6 +198,7 @@ static struct vid_struct _vid_tab[] = {
 		 * strongSwan
 		 */
 		DEC_MD5_VID(STRONGSWAN,       "strongSwan")
+
 		DEC_MD5_VID(STRONGSWAN_4_3_5, "strongSwan 4.3.5")
 		DEC_MD5_VID(STRONGSWAN_4_3_4, "strongSwan 4.3.4")
 		DEC_MD5_VID(STRONGSWAN_4_3_3, "strongSwan 4.3.3")
@@ -234,14 +235,6 @@ static struct vid_struct _vid_tab[] = {
 		DEC_MD5_VID(STRONGSWAN_4_1_2, "strongSwan 4.1.2")
 		DEC_MD5_VID(STRONGSWAN_4_1_1, "strongSwan 4.1.1")
 		DEC_MD5_VID(STRONGSWAN_4_1_0, "strongSwan 4.1.0")
-		DEC_MD5_VID(STRONGSWAN_4_0_7, "strongSwan 4.0.7")
-		DEC_MD5_VID(STRONGSWAN_4_0_6, "strongSwan 4.0.6")
-		DEC_MD5_VID(STRONGSWAN_4_0_5, "strongSwan 4.0.5")
-		DEC_MD5_VID(STRONGSWAN_4_0_4, "strongSwan 4.0.4")
-		DEC_MD5_VID(STRONGSWAN_4_0_3, "strongSwan 4.0.3")
-		DEC_MD5_VID(STRONGSWAN_4_0_2, "strongSwan 4.0.2")
-		DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
-		DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
 
 		DEC_MD5_VID(STRONGSWAN_2_8_11,"strongSwan 2.8.11")
 		DEC_MD5_VID(STRONGSWAN_2_8_10,"strongSwan 2.8.10")
@@ -255,34 +248,6 @@ static struct vid_struct _vid_tab[] = {
 		DEC_MD5_VID(STRONGSWAN_2_8_2, "strongSwan 2.8.2")
 		DEC_MD5_VID(STRONGSWAN_2_8_1, "strongSwan 2.8.1")
 		DEC_MD5_VID(STRONGSWAN_2_8_0, "strongSwan 2.8.0")
-		DEC_MD5_VID(STRONGSWAN_2_7_3, "strongSwan 2.7.3")
-		DEC_MD5_VID(STRONGSWAN_2_7_2, "strongSwan 2.7.2")
-		DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1")
-		DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0")
-		DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4")
-		DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3")
-		DEC_MD5_VID(STRONGSWAN_2_6_2, "strongSwan 2.6.2")
-		DEC_MD5_VID(STRONGSWAN_2_6_1, "strongSwan 2.6.1")
-		DEC_MD5_VID(STRONGSWAN_2_6_0, "strongSwan 2.6.0")
-		DEC_MD5_VID(STRONGSWAN_2_5_7, "strongSwan 2.5.7")
-		DEC_MD5_VID(STRONGSWAN_2_5_6, "strongSwan 2.5.6")
-		DEC_MD5_VID(STRONGSWAN_2_5_5, "strongSwan 2.5.5")
-		DEC_MD5_VID(STRONGSWAN_2_5_4, "strongSwan 2.5.4")
-		DEC_MD5_VID(STRONGSWAN_2_5_3, "strongSwan 2.5.3")
-		DEC_MD5_VID(STRONGSWAN_2_5_2, "strongSwan 2.5.2")
-		DEC_MD5_VID(STRONGSWAN_2_5_1, "strongSwan 2.5.1")
-		DEC_MD5_VID(STRONGSWAN_2_5_0, "strongSwan 2.5.0")
-		DEC_MD5_VID(STRONGSWAN_2_4_4, "strongSwan 2.4.4")
-		DEC_MD5_VID(STRONGSWAN_2_4_3, "strongSwan 2.4.3")
-		DEC_MD5_VID(STRONGSWAN_2_4_2, "strongSwan 2.4.2")
-		DEC_MD5_VID(STRONGSWAN_2_4_1, "strongSwan 2.4.1")
-		DEC_MD5_VID(STRONGSWAN_2_4_0, "strongSwan 2.4.0")
-		DEC_MD5_VID(STRONGSWAN_2_3_2, "strongSwan 2.3.2")
-		DEC_MD5_VID(STRONGSWAN_2_3_1, "strongSwan 2.3.1")
-		DEC_MD5_VID(STRONGSWAN_2_3_0, "strongSwan 2.3.0")
-		DEC_MD5_VID(STRONGSWAN_2_2_2, "strongSwan 2.2.2")
-		DEC_MD5_VID(STRONGSWAN_2_2_1, "strongSwan 2.2.1")
-		DEC_MD5_VID(STRONGSWAN_2_2_0, "strongSwan 2.2.0")
 
 		/* NAT-Traversal */
 
@@ -375,51 +340,63 @@ static void handle_known_vendorid (struct msg_digest *md, const char *vidstr,
 	bool vid_useful = FALSE;
 	size_t i, j;
 
-	switch (vid->id) {
-	/* Remote side supports OpenPGP certificates */
-	case VID_OPENPGP:
-		md->openpgp = TRUE;
-		vid_useful = TRUE;
-		break;
+	switch (vid->id)
+	 {
+		/* Remote side is a strongSwan host */
+		case VID_STRONGSWAN:
+			vid_useful = TRUE;
+			break;
+		
+		/* Remote side supports OpenPGP certificates */
+		case VID_OPENPGP:
+			md->openpgp = TRUE;
+			vid_useful = TRUE;
+			break;
 
-	/*
-	 * Use most recent supported NAT-Traversal method and ignore the
-	 * other ones (implementations will send all supported methods but
-	 * only one will be used)
-	 *
-	 * Note: most recent == higher id in vendor.h
-	 */
-	case VID_NATT_IETF_00:
-		if (!nat_traversal_support_non_ike)
+		/* Remote side is a Windows 2000+ host */
+		case VID_MS_NT5:
+			md->ms_nt5 = TRUE;
+			vid_useful = TRUE;
 			break;
-		if ((nat_traversal_enabled) && (!md->nat_traversal_vid))
-		{
-			md->nat_traversal_vid = vid->id;
+
+		/*
+		 * Use most recent supported NAT-Traversal method and ignore the
+		 * other ones (implementations will send all supported methods but
+		 * only one will be used)
+		 *
+		 * Note: most recent == higher id in vendor.h
+		 */
+		case VID_NATT_IETF_00:
+			if (!nat_traversal_support_non_ike)
+				break;
+			if ((nat_traversal_enabled) && (!md->nat_traversal_vid))
+			{
+				md->nat_traversal_vid = vid->id;
+				vid_useful = TRUE;
+			}
+			break;
+		case VID_NATT_IETF_02:
+		case VID_NATT_IETF_02_N:
+		case VID_NATT_IETF_03:
+		case VID_NATT_RFC:
+			if (nat_traversal_support_port_floating
+			&& md->nat_traversal_vid < vid->id)
+			{
+				md->nat_traversal_vid = vid->id;
+				vid_useful = TRUE;
+			}
+			break;
+
+		/* Remote side would like to do DPD with us on this connection */
+		case VID_MISC_DPD:
+			md->dpd = TRUE;
 			vid_useful = TRUE;
-		}
-		break;
-	case VID_NATT_IETF_02:
-	case VID_NATT_IETF_02_N:
-	case VID_NATT_IETF_03:
-	case VID_NATT_RFC:
-		if (nat_traversal_support_port_floating
-		&& md->nat_traversal_vid < vid->id)
-		{
-			md->nat_traversal_vid = vid->id;
+			break;
+		case VID_MISC_XAUTH:
 			vid_useful = TRUE;
-		}
-		break;
-
-	/* Remote side would like to do DPD with us on this connection */
-	case VID_MISC_DPD:
-		md->dpd = TRUE;
-		vid_useful = TRUE;
-		break;
-	case VID_MISC_XAUTH:
-		vid_useful = TRUE;
-		break;
-	default:
-		break;
+			break;
+		default:
+			break;
 	}
 
 	if (vid->flags & VID_SUBSTRING_DUMPHEXA)
diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h
index 3df1a8196..ac6b0d420 100644
--- a/src/pluto/vendor.h
+++ b/src/pluto/vendor.h
@@ -53,56 +53,21 @@ enum known_vendorid {
   VID_VISTA_AUTHIP2             = 34,
   VID_VISTA_AUTHIP3             = 35,
 
-  VID_STRONGSWAN                = 37,
-  VID_STRONGSWAN_2_2_0          = 38,
-  VID_STRONGSWAN_2_2_1          = 39,
-  VID_STRONGSWAN_2_2_2          = 40,
-  VID_STRONGSWAN_2_3_0          = 41,
-  VID_STRONGSWAN_2_3_1          = 42,
-  VID_STRONGSWAN_2_3_2          = 43,
-  VID_STRONGSWAN_2_4_0          = 44,
-  VID_STRONGSWAN_2_4_1          = 45,
-  VID_STRONGSWAN_2_4_2          = 46,
-  VID_STRONGSWAN_2_4_3          = 47,
-  VID_STRONGSWAN_2_4_4          = 48,
-  VID_STRONGSWAN_2_5_0          = 49,
-  VID_STRONGSWAN_2_5_1          = 50,
-  VID_STRONGSWAN_2_5_2          = 51,
-  VID_STRONGSWAN_2_5_3          = 52,
-  VID_STRONGSWAN_2_5_4          = 53,
-  VID_STRONGSWAN_2_5_5          = 54,
-  VID_STRONGSWAN_2_5_6          = 55,
-  VID_STRONGSWAN_2_5_7          = 56,
-  VID_STRONGSWAN_2_6_0          = 57,
-  VID_STRONGSWAN_2_6_1          = 58,
-  VID_STRONGSWAN_2_6_2          = 59,
-  VID_STRONGSWAN_2_6_3          = 60,
-  VID_STRONGSWAN_2_6_4          = 61,
-  VID_STRONGSWAN_2_7_0          = 62,
-  VID_STRONGSWAN_2_7_1          = 63,
-  VID_STRONGSWAN_2_7_2          = 64,
-  VID_STRONGSWAN_2_7_3          = 65,
-  VID_STRONGSWAN_2_8_0          = 66,
-  VID_STRONGSWAN_2_8_1          = 67,
-  VID_STRONGSWAN_2_8_2          = 68,
-  VID_STRONGSWAN_2_8_3          = 69,
-  VID_STRONGSWAN_2_8_4          = 70,
-  VID_STRONGSWAN_2_8_5          = 71,
-  VID_STRONGSWAN_2_8_6          = 72,
-  VID_STRONGSWAN_2_8_7          = 73,
-  VID_STRONGSWAN_2_8_8          = 74,
-  VID_STRONGSWAN_2_8_9          = 75,
-  VID_STRONGSWAN_2_8_10         = 76,
-  VID_STRONGSWAN_2_8_11         = 77,
+  VID_STRONGSWAN                = 36,
+
+  VID_STRONGSWAN_2_8_0          = 37,
+  VID_STRONGSWAN_2_8_1          = 38,
+  VID_STRONGSWAN_2_8_2          = 39,
+  VID_STRONGSWAN_2_8_3          = 40,
+  VID_STRONGSWAN_2_8_4          = 41,
+  VID_STRONGSWAN_2_8_5          = 42,
+  VID_STRONGSWAN_2_8_6          = 43,
+  VID_STRONGSWAN_2_8_7          = 44,
+  VID_STRONGSWAN_2_8_8          = 45,
+  VID_STRONGSWAN_2_8_9          = 46,
+  VID_STRONGSWAN_2_8_10         = 47,
+  VID_STRONGSWAN_2_8_11         = 48,
 
-  VID_STRONGSWAN_4_0_0          = 80,
-  VID_STRONGSWAN_4_0_1          = 81,
-  VID_STRONGSWAN_4_0_2          = 82,
-  VID_STRONGSWAN_4_0_3          = 83,
-  VID_STRONGSWAN_4_0_4          = 84,
-  VID_STRONGSWAN_4_0_5          = 85,
-  VID_STRONGSWAN_4_0_6          = 86,
-  VID_STRONGSWAN_4_0_7          = 87,
   VID_STRONGSWAN_4_1_0          = 88,
   VID_STRONGSWAN_4_1_1          = 89,
   VID_STRONGSWAN_4_1_2          = 90,
@@ -115,7 +80,6 @@ enum known_vendorid {
   VID_STRONGSWAN_4_1_9          = 97,
   VID_STRONGSWAN_4_1_10         = 98,
   VID_STRONGSWAN_4_1_11         = 99,
-
   VID_STRONGSWAN_4_2_0          =100,
   VID_STRONGSWAN_4_2_1          =101,
   VID_STRONGSWAN_4_2_2          =102,
diff --git a/src/pluto/whack_attribute.c b/src/pluto/whack_attribute.c
new file mode 100644
index 000000000..6a12f0c09
--- /dev/null
+++ b/src/pluto/whack_attribute.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "whack_attribute.h"
+
+#include "log.h"
+
+/* these are defined as constants in constant.h but redefined as enum values in
+ * attributes/attributes.h */
+#undef INTERNAL_IP4_SERVER
+#undef INTERNAL_IP6_SERVER
+
+#include <hydra.h>
+#include <attributes/mem_pool.h>
+#include <utils/linked_list.h>
+#include <threading/rwlock.h>
+
+typedef struct private_whack_attribute_t private_whack_attribute_t;
+
+/**
+ * private data of whack_attribute
+ */
+struct private_whack_attribute_t {
+
+	/**
+	 * public functions
+	 */
+	whack_attribute_t public;
+
+	/**
+	 * list of pools, contains mem_pool_t
+	 */
+	linked_list_t *pools;
+
+	/**
+	 * rwlock to lock access to pools
+	 */
+	rwlock_t *lock;
+};
+
+/**
+ * global object
+ */
+whack_attribute_t *whack_attr;
+
+/**
+ * compare pools by name
+ */
+static bool pool_match(mem_pool_t *current, char *name)
+{
+	return name && streq(name, current->get_name(current));
+}
+
+/**
+ * find a pool by name
+ */
+static mem_pool_t *find_pool(private_whack_attribute_t *this, char *name)
+{
+	mem_pool_t *found;
+	if (this->pools->find_first(this->pools, (linked_list_match_t)pool_match,
+		(void**)&found, name) == SUCCESS)
+	{
+		return found;
+	}
+	return NULL;
+}
+
+METHOD(attribute_provider_t, acquire_address, host_t*,
+	   private_whack_attribute_t *this, char *name, identification_t *id,
+	   host_t *requested)
+{
+	mem_pool_t *pool;
+	host_t *addr = NULL;
+	this->lock->read_lock(this->lock);
+	pool = find_pool(this, name);
+	if (pool)
+	{
+		addr = pool->acquire_address(pool, id, requested);
+	}
+	this->lock->unlock(this->lock);
+	return addr;
+}
+
+METHOD(attribute_provider_t, release_address, bool,
+	   private_whack_attribute_t *this, char *name, host_t *address,
+	   identification_t *id)
+{
+	mem_pool_t *pool;
+	bool found = FALSE;
+	this->lock->read_lock(this->lock);
+	pool = find_pool(this, name);
+	if (pool)
+	{
+		found = pool->release_address(pool, address, id);
+	}
+	this->lock->unlock(this->lock);
+	return found;
+}
+
+METHOD(whack_attribute_t, add_pool, bool,
+	   private_whack_attribute_t *this, const char *name,
+	   const whack_end_t *right)
+{
+	mem_pool_t *pool;
+	host_t *base = NULL;
+	u_int32_t bits = 0;
+
+	/* named pool */
+	if (right->sourceip_mask <= 0)
+	{
+		return FALSE;
+	}
+
+	/* if %config, add an empty pool, otherwise */
+	if (right->sourceip)
+	{
+		DBG(DBG_CONTROL,
+			DBG_log("adding virtual IP address pool '%s': %s/%d",
+					name, right->sourceip, right->sourceip_mask);
+		);
+		base = host_create_from_string(right->sourceip, 0);
+		if (!base)
+		{
+			loglog(RC_LOG_SERIOUS, "virtual IP address invalid, discarded");
+			return FALSE;
+		}
+		bits = right->sourceip_mask;
+	}
+	pool = mem_pool_create((char*)name, base, bits);
+	DESTROY_IF(base);
+
+	this->lock->write_lock(this->lock);
+	this->pools->insert_last(this->pools, pool);
+	this->lock->unlock(this->lock);
+	return TRUE;
+}
+
+METHOD(whack_attribute_t, del_pool, void,
+	   private_whack_attribute_t *this, char *name)
+{
+	enumerator_t *enumerator;
+	mem_pool_t *pool;
+
+	this->lock->write_lock(this->lock);
+	enumerator = this->pools->create_enumerator(this->pools);
+	while (enumerator->enumerate(enumerator, &pool))
+	{
+		if (streq(name, pool->get_name(pool)))
+		{
+			DBG(DBG_CONTROL,
+				DBG_log("deleting virtual IP address pool '%s'", name)
+			);
+			this->pools->remove_at(this->pools, enumerator);
+			pool->destroy(pool);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	this->lock->unlock(this->lock);
+}
+
+/**
+ * Pool enumerator filter function, converts pool_t to name, size, ...
+ */
+static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name,
+						void *d1, u_int *size, void *d2, u_int *online,
+						void *d3, u_int *offline)
+{
+	mem_pool_t *pool = *poolp;
+	*name = pool->get_name(pool);
+	*size = pool->get_size(pool);
+	*online = pool->get_online(pool);
+	*offline = pool->get_offline(pool);
+	return TRUE;
+}
+
+METHOD(whack_attribute_t, create_pool_enumerator, enumerator_t*,
+	   private_whack_attribute_t *this)
+{
+	this->lock->read_lock(this->lock);
+	return enumerator_create_filter(this->pools->create_enumerator(this->pools),
+									(void*)pool_filter,
+									this->lock, (void*)this->lock->unlock);
+}
+
+METHOD(whack_attribute_t, create_lease_enumerator, enumerator_t*,
+	   private_whack_attribute_t *this, char *name)
+{
+	mem_pool_t *pool;
+	this->lock->read_lock(this->lock);
+	pool = find_pool(this, name);
+	if (!pool)
+	{
+		this->lock->unlock(this->lock);
+		return NULL;
+	}
+	return enumerator_create_cleaner(pool->create_lease_enumerator(pool),
+									 (void*)this->lock->unlock, this->lock);
+}
+
+/**
+ * see header file
+ */
+void whack_attribute_finalize()
+{
+	private_whack_attribute_t *this;
+
+	if (whack_attr)
+	{
+ 		this = (private_whack_attribute_t*)whack_attr;
+		hydra->attributes->remove_provider(hydra->attributes,
+									   &this->public.provider);
+		this->lock->destroy(this->lock);
+		this->pools->destroy_offset(this->pools, offsetof(mem_pool_t, destroy));
+		free(this);
+	}
+}
+
+/**
+ * see header file
+ */
+void whack_attribute_initialize()
+{
+	private_whack_attribute_t *this;
+
+	INIT(this,
+		.public = {
+			.provider = {
+				.acquire_address = _acquire_address,
+				.release_address = _release_address,
+				.create_attribute_enumerator = enumerator_create_empty,
+			},
+			.add_pool = _add_pool,
+			.del_pool = _del_pool,
+			.create_pool_enumerator = _create_pool_enumerator,
+			.create_lease_enumerator = _create_lease_enumerator,
+		},
+		.pools = linked_list_create(),
+		.lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+	);
+
+	hydra->attributes->add_provider(hydra->attributes, &this->public.provider);
+
+	whack_attr = &this->public;
+}
+
+/**
+ * list leases of a single pool
+ */
+static void pool_leases(char *pool, host_t *address,
+						identification_t *identification,
+						u_int size, u_int online, u_int offline)
+{
+
+	enumerator_t *enumerator;
+	identification_t *id;
+	host_t *lease;
+	bool on, found = FALSE;
+
+	whack_log(RC_COMMENT, "Leases in pool '%s', usage: %lu/%lu, %lu online",
+			  pool, online + offline, size, online);
+	enumerator = whack_attr->create_lease_enumerator(whack_attr, pool);
+	while (enumerator && enumerator->enumerate(enumerator, &id, &lease, &on))
+	{
+		if ((!address && !identification) ||
+			(address && address->ip_equals(address, lease)) ||
+			(identification && identification->equals(identification, id)))
+		{
+			whack_log(RC_COMMENT, "  %15H   %s   '%Y'",
+					  lease, on ? "online" : "offline", id);
+			found = TRUE;
+		}
+	}
+	enumerator->destroy(enumerator);
+	if (!found)
+	{
+		whack_log(RC_COMMENT, "  no matching leases found");
+	}
+}
+
+/**
+ * see header file
+ */
+void list_leases(char *name, char *addr, char *id)
+{
+	identification_t *identification = NULL;
+	host_t *address = NULL;
+	bool found = FALSE;
+	enumerator_t *enumerator;
+	u_int size, online, offline;
+	char *pool;
+
+	if (addr)
+	{
+		address = host_create_from_string(addr, 0);
+	}
+	if (id)
+	{
+		identification = identification_create_from_string(id);
+	}
+
+	enumerator = whack_attr->create_pool_enumerator(whack_attr);
+	while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
+	{
+		if (!name || streq(name, pool))
+		{
+			pool_leases(pool, address, identification, size, online, offline);
+			found = TRUE;
+		}
+	}
+	enumerator->destroy(enumerator);
+	if (!found)
+	{
+		if (name)
+		{
+			whack_log(RC_COMMENT, "pool '%s' not found", name);
+		}
+		else
+		{
+			whack_log(RC_COMMENT, "no pools found");
+		}
+	}
+	DESTROY_IF(identification);
+	DESTROY_IF(address);
+}
+
+/**
+ * see header file
+ */
+void show_pools(const char *name)
+{
+	enumerator_t *enumerator;
+	u_int size, online, offline;
+	char *pool;
+	bool first = TRUE;
+
+	enumerator = whack_attr->create_pool_enumerator(whack_attr);
+	while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline))
+	{
+		if (name && !streq(name, pool))
+		{
+			continue;
+		}
+		if (first)
+		{
+			first = FALSE;
+			whack_log(RC_COMMENT, "Virtual IP pools (size/online/offline):");
+		}
+		whack_log(RC_COMMENT, "\"%s\": %u/%u/%u", pool, size, online, offline);
+	}
+	enumerator->destroy(enumerator);
+}
diff --git a/src/pluto/whack_attribute.h b/src/pluto/whack_attribute.h
new file mode 100644
index 000000000..58441b973
--- /dev/null
+++ b/src/pluto/whack_attribute.h
@@ -0,0 +1,111 @@
+/*
+ * Copyright (C) 2010 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup whack_attribute
+ * @{ @ingroup pluto
+ */
+
+#ifndef WHACK_ATTRIBUTE_H_
+#define WHACK_ATTRIBUTE_H_
+
+#include <whack.h>
+#include <attributes/attribute_provider.h>
+
+typedef struct whack_attribute_t whack_attribute_t;
+
+/**
+ * Whack attribute provider (basically an in-memory IP address pool)
+ */
+struct whack_attribute_t {
+
+	/**
+	 * Implements attribute provider interface
+	 */
+	attribute_provider_t provider;
+
+	/**
+	 * Add a virtual IP address pool.
+	 *
+	 * @param name		name of the pool
+	 * @param right		"right" end of whack message
+	 * @return			TRUE, if the pool was successfully added
+	 */
+	bool (*add_pool)(whack_attribute_t *this, const char *name,
+					 const whack_end_t *right);
+
+	/**
+	 * Remove a virtual IP address pool.
+	 *
+	 * @param name		name of the pool
+	 */
+	void (*del_pool)(whack_attribute_t *this, char *name);
+
+	/**
+	 * Create an enumerator over installed pools.
+	 *
+	 * Enumerator enumerates over
+	 * char *pool, u_int size, u_int offline, u_int online.
+	 *
+	 * @return			enumerator
+	 */
+	enumerator_t* (*create_pool_enumerator)(whack_attribute_t *this);
+
+	/**
+	 * Create an enumerator over the leases of a pool.
+	 *
+	 * Enumerator enumerates over
+	 * identification_t *id, host_t *address, bool online
+	 *
+	 * @param name		name of the pool to enumerate
+	 * @return			enumerator, NULL if pool not found
+	 */
+	enumerator_t* (*create_lease_enumerator)(whack_attribute_t *this,
+											 char *name);
+};
+
+/**
+ * Global object to manage pools. Set between calls to
+ * whack_attribute_initialize() and whack_attribute_finalize().
+ */
+extern whack_attribute_t *whack_attr;
+
+/**
+ * Initialize the whack attribute provider
+ */
+void whack_attribute_initialize();
+
+/**
+ * Finalize the whack attribute provider
+ */
+void whack_attribute_finalize();
+
+/**
+ * List the leases matching the given parameters.
+ *
+ * @param name		name of the pool, NULL for all pools
+ * @param addr		ip address of the lease to list, NULL to ignore
+ * @param id		id of the lease to list, NULL to ignore
+ */
+void list_leases(char *name, char *addr, char *id);
+
+/**
+ * List either all pools or the pool with a given name
+ *
+ * @param name		name of the pool, NULL for all pools
+ */
+void show_pools(const char *name);
+
+#endif /** WHACK_ATTRIBUTE_H_ @}*/
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index d8e887955..0a29830ea 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -419,11 +419,11 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
 				check_expiry(notAfter, CA_CERT_WARNING_INTERVAL, TRUE));
 
 			key = certificate->get_public_key(certificate);
-			if (key);
+			if (key)
 			{
 				whack_log(RC_COMMENT, "  pubkey:    %N %4d bits%s",
 					key_type_names, key->get_type(key),
-					key->get_keysize(key) * BITS_PER_BYTE,				
+					key->get_keysize(key) * BITS_PER_BYTE,
 					cert->smartcard ? ", on smartcard" :
 					(has_private_key(cert)? ", has private key" : ""));
 
diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am
index 3693b7532..dd4a4a63d 100644
--- a/src/scepclient/Makefile.am
+++ b/src/scepclient/Makefile.am
@@ -1,16 +1,20 @@
 ipsec_PROGRAMS = scepclient
 scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c
 
+scepclient.o :	$(top_builddir)/config.status
+
 PLUTODIR=$(top_srcdir)/src/pluto
 OPENACDIR=$(top_srcdir)/src/openac
 WHACKDIR=$(top_srcdir)/src/whack
 LIBFREESWANDIR=$(top_srcdir)/src/libfreeswan
 LIBSTRONGSWANDIR=$(top_srcdir)/src/libstrongswan
+LIBHYDRADIR=$(top_srcdir)/src/libhydra
 LIBCRYPTODIR=$(top_srcdir)/src/libcrypto
 
 INCLUDES = \
 -I$(LIBFREESWANDIR) \
 -I$(LIBSTRONGSWANDIR) \
+-I$(LIBHYDRADIR) \
 -I$(PLUTODIR) \
 -I$(LIBCRYPTODIR) \
 -I$(WHACKDIR)
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 8438b81f9..db930756a 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -228,6 +228,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -268,10 +269,12 @@ OPENACDIR = $(top_srcdir)/src/openac
 WHACKDIR = $(top_srcdir)/src/whack
 LIBFREESWANDIR = $(top_srcdir)/src/libfreeswan
 LIBSTRONGSWANDIR = $(top_srcdir)/src/libstrongswan
+LIBHYDRADIR = $(top_srcdir)/src/libhydra
 LIBCRYPTODIR = $(top_srcdir)/src/libcrypto
 INCLUDES = \
 -I$(LIBFREESWANDIR) \
 -I$(LIBSTRONGSWANDIR) \
+-I$(LIBHYDRADIR) \
 -I$(PLUTODIR) \
 -I$(LIBCRYPTODIR) \
 -I$(WHACKDIR)
@@ -659,6 +662,8 @@ uninstall-man: uninstall-man8
 	uninstall-man uninstall-man8
 
 
+scepclient.o :	$(top_builddir)/config.status
+
 constants.o :	$(PLUTODIR)/constants.c $(PLUTODIR)/constants.h
 		$(COMPILE) $(INCLUDES) -c -o $@ $<
 
diff --git a/src/scepclient/loglite.c b/src/scepclient/loglite.c
index 539bb5f72..96dc54390 100644
--- a/src/scepclient/loglite.c
+++ b/src/scepclient/loglite.c
@@ -41,7 +41,7 @@ bool
 /**
  * @brief scepclient dbg function
  */
-static void scepclient_dbg(int level, char *fmt, ...)
+static void scepclient_dbg(debug_t group, level_t level, char *fmt, ...)
 {
 	int priority = LOG_INFO;
 	int debug_level;
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index 576ce1dc5..385f6f328 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -289,7 +289,7 @@ static void print_plugins()
 		len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin);
 	}
 	enumerator->destroy(enumerator);
-	DBG1("  loaded plugins: %s", buf);
+	DBG1(DBG_LIB, "  loaded plugins: %s", buf);
 }
 
 /**
diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index 7524b5f26..a235013f2 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -38,7 +38,7 @@ if USE_CHARON
   AM_CFLAGS += -DSTART_CHARON
 endif
 
-lex.yy.c:	$(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h
+lex.yy.c:	$(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h
 		$(LEX) $(srcdir)/parser.l
 
 y.tab.c:	$(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 79ea9de32..11449f465 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -232,6 +232,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
@@ -718,7 +719,7 @@ uninstall-man: uninstall-man5 uninstall-man8
 	uninstall-man8
 
 
-lex.yy.c:	$(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h
+lex.yy.c:	$(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h
 		$(LEX) $(srcdir)/parser.l
 
 y.tab.c:	$(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h
diff --git a/src/starter/args.c b/src/starter/args.c
index ebbd42cc8..512f2f46f 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -248,11 +248,12 @@ static const token_info_t token_info[] =
 
 	/* end keywords */
 	{ ARG_MISC, 0, NULL  /* KW_HOST */                                             },
+	{ ARG_UINT, offsetof(starter_end_t, ikeport), NULL                             },
 	{ ARG_MISC, 0, NULL  /* KW_NEXTHOP */                                          },
 	{ ARG_STR, offsetof(starter_end_t, subnet), NULL                               },
 	{ ARG_MISC, 0, NULL  /* KW_SUBNETWITHIN */                                     },
 	{ ARG_MISC, 0, NULL  /* KW_PROTOPORT */                                        },
-	{ ARG_MISC, 0, NULL  /* KW_SOURCEIP */		                                   },
+	{ ARG_STR,  offsetof(starter_end_t, sourceip), NULL                            },
 	{ ARG_MISC, 0, NULL  /* KW_NATIP */                                            },
 	{ ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool                        },
 	{ ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool                      },
diff --git a/src/starter/cmp.c b/src/starter/cmp.c
index 8462a4819..33a057b44 100644
--- a/src/starter/cmp.c
+++ b/src/starter/cmp.c
@@ -43,6 +43,7 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2)
 	{
 		ADDCMP(addr);
 	}
+	VARCMP(ikeport);
 	ADDCMP(nexthop);
 	VARCMP(has_client);
 	VARCMP(has_client_wildcard);
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 07cc11503..e9b9028d5 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -96,6 +96,8 @@ static void default_values(starter_config_t *cfg)
 	anyaddr(AF_INET, &cfg->conn_default.left.nexthop);
 	anyaddr(AF_INET, &cfg->conn_default.right.addr);
 	anyaddr(AF_INET, &cfg->conn_default.right.nexthop);
+	cfg->conn_default.left.ikeport = 500;
+	cfg->conn_default.right.ikeport = 500;
 
 	cfg->ca_default.seen = LEMPTY;
 }
@@ -105,8 +107,7 @@ static void default_values(starter_config_t *cfg)
 		else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \
 		else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
 
-static void
-load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
+static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
 {
 	kw_list_t *kw;
 
@@ -193,11 +194,13 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 				streq(value, "%config") || streq(value, "%cfg"))
 			{
 				/* request ip via config payload */
+				free(end->sourceip);
 				end->sourceip = NULL;
 				end->sourceip_mask = 1;
 			}
 			else
 			{	/* %poolname, strip %, serve ip requests */
+				free(end->sourceip);
 				end->sourceip = clone_str(value+1);
 				end->sourceip_mask = 0;
 			}
@@ -221,6 +224,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 					goto err;
 				 }
 				*pos = '\0';
+				free(end->sourceip);
 				end->sourceip = clone_str(value);
 				end->sourceip_mask = atoi(pos + 1);
 			}
@@ -232,7 +236,6 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
 					plog("# bad addr: %s=%s [%s]", name, value, ugh);
 					goto err;
 				}
-				end->sourceip = clone_str(value);
 				end->sourceip_mask = (conn->tunnel_addr_family == AF_INET) ?
 									  32 : 128;
 			}
@@ -419,8 +422,8 @@ err:
 /*
  * handles left|right=<FQDN> DNS resolution failure
  */
-static void
-handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg)
+static void handle_dns_failure(const char *label, starter_end_t *end,
+							   starter_config_t *cfg)
 {
 	if (end->dns_failed)
 	{
@@ -440,8 +443,8 @@ handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg
 /*
  * handles left|rightfirewall and left|rightupdown parameters
  */
-static void
-handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
+static void handle_firewall(const char *label, starter_end_t *end,
+							starter_config_t *cfg)
 {
 	if (end->firewall && (end->seen & LELEM(KW_FIREWALL - KW_END_FIRST)))
 	{
@@ -461,8 +464,7 @@ handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg)
 /*
  * parse a conn section
  */
-static void
-load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
+static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
 {
 	char *conn_name = (conn->name == NULL)? "%default":conn->name;
 
@@ -718,8 +720,7 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
 /*
  * initialize a conn object with the default conn
  */
-static void
-conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
+static void conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
 {
 	memcpy(conn, def, sizeof(starter_conn_t));
 	conn->name = clone_str(name);
@@ -732,8 +733,7 @@ conn_default(char *name, starter_conn_t *conn, starter_conn_t *def)
 /*
  * parse a ca section
  */
-static void
-load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
+static void load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
 {
 	char *ca_name = (ca->name == NULL)? "%default":ca->name;
 
@@ -786,8 +786,7 @@ load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg)
 /*
  * initialize a ca object with the default ca
  */
-static void
-ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
+static void ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
 {
 	memcpy(ca, def, sizeof(starter_ca_t));
 	ca->name = clone_str(name);
@@ -795,11 +794,11 @@ ca_default(char *name, starter_ca_t *ca, starter_ca_t *def)
 	clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def);
 }
 
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg);
+static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn,
+								 starter_config_t *cfg);
 
-static void
-load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg)
+static void load_also_conns(starter_conn_t *conn, also_t *also,
+							starter_config_t *cfg)
 {
 	while (also != NULL)
 	{
@@ -825,8 +824,8 @@ load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg)
 /*
  * find a conn included by also
  */
-static kw_list_t*
-find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg)
+static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn, 
+								 starter_config_t *cfg)
 {
 	starter_conn_t *c = cfg->conn_first;
 
@@ -852,11 +851,10 @@ find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg)
 	return NULL;
 }
 
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg);
+static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
+							   starter_config_t *cfg);
 
-static void
-load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
+static void load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
 {
 	while (also != NULL)
 	{
@@ -882,8 +880,8 @@ load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg)
 /*
  * find a ca included by also
  */
-static kw_list_t*
-find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg)
+static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca,
+							   starter_config_t *cfg)
 {
 	starter_ca_t *c = cfg->ca_first;
 
@@ -912,8 +910,7 @@ find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg)
 /*
  * free the memory used by also_t objects
  */
-static void
-free_also(also_t *head)
+static void free_also(also_t *head)
 {
 	while (head != NULL)
 	{
@@ -928,8 +925,7 @@ free_also(also_t *head)
 /*
  * free the memory used by a starter_conn_t object
  */
-static void
-confread_free_conn(starter_conn_t *conn)
+static void confread_free_conn(starter_conn_t *conn)
 {
 	free_args(KW_END_FIRST, KW_END_LAST,  (char *)&conn->left);
 	free_args(KW_END_FIRST, KW_END_LAST,  (char *)&conn->right);
@@ -950,8 +946,7 @@ confread_free_ca(starter_ca_t *ca)
 /*
  * free the memory used by a starter_config_t object
  */
-void
-confread_free(starter_config_t *cfg)
+void confread_free(starter_config_t *cfg)
 {
 	starter_conn_t *conn = cfg->conn_first;
 	starter_ca_t   *ca   = cfg->ca_first;
@@ -986,8 +981,7 @@ confread_free(starter_config_t *cfg)
 /*
  * load and parse an IPsec configuration file
  */
-starter_config_t *
-confread_load(const char *file)
+starter_config_t* confread_load(const char *file)
 {
 	starter_config_t *cfg = NULL;
 	config_parsed_t  *cfgp;
diff --git a/src/starter/confread.h b/src/starter/confread.h
index 7f3211628..199fab642 100644
--- a/src/starter/confread.h
+++ b/src/starter/confread.h
@@ -66,6 +66,7 @@ struct starter_end {
 		char            *groups;
 		char            *iface;
 		ip_address      addr;
+		u_int           ikeport;
 		ip_address      nexthop;
 		char            *subnet;
 		bool            has_client;
diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5
index d4dd7238f..4cb1cb0fc 100644
--- a/src/starter/ipsec.conf.5
+++ b/src/starter/ipsec.conf.5
@@ -604,6 +604,13 @@ identity to use for a second authentication for the left participant
 (IKEv2 only); defaults to
 .BR leftid .
 .TP
+.B leftikeport
+UDP port the left participant uses for IKE communication. Currently supported in
+IKEv2 connections only. If unspecified, port 500 is used with port floating to
+4500 if NAT is detected or MOBIKE enabled. Specifying a local IKE port
+different from the default additionally requires a socket implementation that
+listens to this port.
+.TP
 .B leftnexthop
 this parameter is not needed any more because the NETKEY IPsec stack does
 not require explicit routing entries for the traffic to be tunneled.
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index e379f78e9..df39f0dc7 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -54,12 +54,12 @@ struct kw_entry {
     kw_token_t token;
 };
 
-#define TOTAL_KEYWORDS 119
+#define TOTAL_KEYWORDS 121
 #define MIN_WORD_LENGTH 3
 #define MAX_WORD_LENGTH 17
-#define MIN_HASH_VALUE 17
-#define MAX_HASH_VALUE 215
-/* maximum key range = 199, duplicates = 0 */
+#define MIN_HASH_VALUE 11
+#define MAX_HASH_VALUE 230
+/* maximum key range = 220, duplicates = 0 */
 
 #ifdef __GNUC__
 __inline
@@ -75,32 +75,32 @@ hash (str, len)
 {
   static const unsigned char asso_values[] =
     {
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216,  12,
-       78, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216,   4, 216,  20, 216,  45,
-       55,   4,  77,  14,  78,   4, 216, 119,   4,  89,
-       46,  34,  29, 216,   6,  12,   5,  56,  34, 216,
-        4,  20,   5, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216, 216, 216, 216, 216,
-      216, 216, 216, 216, 216, 216
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231,  26,
+       75, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231,   2, 231,  25, 231,  40,
+       61,   2, 114,  24,   3,   2, 231, 101,   2,  96,
+       48,  35,  23, 231,   4,  10,   3,  69,  25, 231,
+        2,  18,  16, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231, 231, 231, 231, 231,
+      231, 231, 231, 231, 231, 231
     };
   register int hval = len;
 
@@ -128,119 +128,121 @@ static const struct kw_entry wordlist[] =
     {"right",             KW_RIGHT},
     {"lifetime",          KW_KEYLIFE},
     {"leftcert",          KW_LEFTCERT,},
+    {"reauth",            KW_REAUTH},
     {"leftfirewall",      KW_LEFTFIREWALL},
     {"leftsendcert",      KW_LEFTSENDCERT},
+    {"rightikeport",      KW_RIGHTIKEPORT},
     {"leftprotoport",     KW_LEFTPROTOPORT},
     {"type",              KW_TYPE},
-    {"rekey",             KW_REKEY},
     {"leftgroups",        KW_LEFTGROUPS},
+    {"rekey",             KW_REKEY},
     {"rightsubnet",       KW_RIGHTSUBNET},
     {"rightsendcert",     KW_RIGHTSENDCERT},
+    {"righthostaccess",   KW_RIGHTHOSTACCESS},
+    {"xauth",             KW_XAUTH},
     {"leftallowany",      KW_LEFTALLOWANY},
-    {"rightgroups",       KW_RIGHTGROUPS},
     {"esp",               KW_ESP},
+    {"leftnexthop",       KW_LEFTNEXTHOP},
     {"lifebytes",         KW_LIFEBYTES},
     {"rightrsasigkey",    KW_RIGHTRSASIGKEY},
-    {"lifepackets",       KW_LIFEPACKETS},
-    {"leftnexthop",       KW_LEFTNEXTHOP},
+    {"rightauth",         KW_RIGHTAUTH},
     {"leftrsasigkey",     KW_LEFTRSASIGKEY},
-    {"leftca",            KW_LEFTCA},
-    {"eap",               KW_EAP},
-    {"strictcrlpolicy",   KW_STRICTCRLPOLICY},
     {"rightprotoport",    KW_RIGHTPROTOPORT},
     {"plutostart",        KW_PLUTOSTART},
-    {"also",              KW_ALSO},
-    {"rightallowany",     KW_RIGHTALLOWANY},
+    {"strictcrlpolicy",   KW_STRICTCRLPOLICY},
+    {"lifepackets",       KW_LIFEPACKETS},
+    {"rightgroups",       KW_RIGHTGROUPS},
     {"rightsourceip",     KW_RIGHTSOURCEIP},
+    {"eap",               KW_EAP},
     {"crluri",            KW_CRLURI},
-    {"leftnatip",         KW_LEFTNATIP},
-    {"lefthostaccess",    KW_LEFTHOSTACCESS},
+    {"hidetos",           KW_HIDETOS},
     {"rightcert",         KW_RIGHTCERT},
     {"certuribase",       KW_CERTURIBASE},
+    {"leftca",            KW_LEFTCA},
+    {"leftnatip",         KW_LEFTNATIP},
+    {"rightallowany",     KW_RIGHTALLOWANY},
+    {"lefthostaccess",    KW_LEFTHOSTACCESS},
+    {"crlcheckinterval",  KW_CRLCHECKINTERVAL},
+    {"also",              KW_ALSO},
     {"packetdefault",     KW_PACKETDEFAULT},
+    {"virtual_private",   KW_VIRTUAL_PRIVATE},
     {"plutostderrlog",    KW_PLUTOSTDERRLOG},
-    {"crluri1",           KW_CRLURI},
-    {"crlcheckinterval",  KW_CRLCHECKINTERVAL},
+    {"leftsourceip",      KW_LEFTSOURCEIP},
     {"rightid",           KW_RIGHTID},
-    {"virtual_private",   KW_VIRTUAL_PRIVATE},
-    {"leftsubnet",        KW_LEFTSUBNET},
     {"cacert",            KW_CACERT},
     {"rightca",           KW_RIGHTCA},
-    {"leftsourceip",      KW_LEFTSOURCEIP},
+    {"crluri1",           KW_CRLURI},
     {"inactivity",        KW_INACTIVITY},
     {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN},
     {"installpolicy",     KW_INSTALLPOLICY},
-    {"nat_traversal",     KW_NAT_TRAVERSAL},
-    {"ldapbase",          KW_LDAPBASE},
+    {"leftauth",          KW_LEFTAUTH},
     {"leftupdown",        KW_LEFTUPDOWN},
+    {"leftsubnet",        KW_LEFTSUBNET},
     {"rightnatip",        KW_RIGHTNATIP},
     {"ocspuri",           KW_OCSPURI},
     {"rightnexthop",      KW_RIGHTNEXTHOP},
     {"leftcert2",         KW_LEFTCERT2,},
     {"rightid2",          KW_RIGHTID2},
-    {"rekeyfuzz",         KW_REKEYFUZZ},
+    {"nat_traversal",     KW_NAT_TRAVERSAL},
     {"compress",          KW_COMPRESS},
-    {"rightfirewall",     KW_RIGHTFIREWALL},
-    {"ocspuri1",          KW_OCSPURI},
-    {"ldaphost",          KW_LDAPHOST},
-    {"xauth",             KW_XAUTH},
+    {"ldapbase",          KW_LDAPBASE},
+    {"auth",              KW_AUTH},
     {"postpluto",         KW_POSTPLUTO},
-    {"eap_identity",      KW_EAP_IDENTITY},
-    {"plutodebug",        KW_PLUTODEBUG},
+    {"charonstart",       KW_CHARONSTART},
+    {"ike",               KW_IKE},
+    {"ldaphost",          KW_LDAPHOST},
     {"leftca2",           KW_LEFTCA2},
-    {"auto",              KW_AUTO},
-    {"righthostaccess",   KW_RIGHTHOSTACCESS},
     {"dpddelay",          KW_DPDDELAY},
-    {"rightauth",         KW_RIGHTAUTH},
+    {"ocspuri1",          KW_OCSPURI},
     {"rightauth2",        KW_RIGHTAUTH2},
-    {"pfs",               KW_PFS},
-    {"authby",            KW_AUTHBY},
-    {"rightupdown",       KW_RIGHTUPDOWN},
+    {"eap_identity",      KW_EAP_IDENTITY},
+    {"leftikeport",       KW_LEFTIKEPORT},
+    {"plutodebug",        KW_PLUTODEBUG},
+    {"cachecrls",         KW_CACHECRLS},
+    {"charondebug",       KW_CHARONDEBUG},
+    {"crluri2",           KW_CRLURI2},
+    {"rightca2",          KW_RIGHTCA2},
+    {"mediated_by",       KW_MEDIATED_BY},
+    {"rightcert2",        KW_RIGHTCERT2},
     {"leftid",            KW_LEFTID},
+    {"auto",              KW_AUTO},
+    {"rightupdown",       KW_RIGHTUPDOWN},
+    {"rightfirewall",     KW_RIGHTFIREWALL},
+    {"authby",            KW_AUTHBY},
     {"leftsubnetwithin",  KW_LEFTSUBNETWITHIN},
     {"uniqueids",         KW_UNIQUEIDS},
-    {"dumpdir",           KW_DUMPDIR},
-    {"mediated_by",       KW_MEDIATED_BY},
-    {"ike",               KW_IKE},
-    {"cachecrls",         KW_CACHECRLS},
     {"prepluto",          KW_PREPLUTO},
-    {"force_keepalive",   KW_FORCE_KEEPALIVE},
-    {"hidetos",           KW_HIDETOS},
+    {"keep_alive",        KW_KEEP_ALIVE},
     {"mobike",	           KW_MOBIKE},
-    {"forceencaps",       KW_FORCEENCAPS},
     {"overridemtu",       KW_OVERRIDEMTU},
-    {"crluri2",           KW_CRLURI2},
-    {"rightca2",          KW_RIGHTCA2},
-    {"rightcert2",        KW_RIGHTCERT2},
+    {"dumpdir",           KW_DUMPDIR},
     {"dpdaction",         KW_DPDACTION},
-    {"nocrsend",          KW_NOCRSEND},
+    {"rekeyfuzz",         KW_REKEYFUZZ},
     {"leftid2",           KW_LEFTID2},
-    {"interfaces",        KW_INTERFACES},
-    {"leftauth",          KW_LEFTAUTH},
+    {"keyingtries",       KW_KEYINGTRIES},
+    {"pfs",               KW_PFS},
+    {"nocrsend",          KW_NOCRSEND},
+    {"keyexchange",       KW_KEYEXCHANGE},
     {"leftauth2",         KW_LEFTAUTH2},
     {"mediation",         KW_MEDIATION},
     {"rekeymargin",       KW_REKEYMARGIN},
-    {"keep_alive",        KW_KEEP_ALIVE},
-    {"auth",              KW_AUTH},
-    {"keyingtries",       KW_KEYINGTRIES},
-    {"me_peerid",         KW_ME_PEERID},
-    {"fragicmp",          KW_FRAGICMP},
-    {"margintime",        KW_REKEYMARGIN},
     {"ocspuri2",          KW_OCSPURI2},
-    {"reauth",            KW_REAUTH},
     {"pkcs11module",      KW_PKCS11MODULE},
-    {"pfsgroup",          KW_PFSGROUP},
-    {"marginbytes",       KW_MARGINBYTES},
     {"pkcs11keepstate",   KW_PKCS11KEEPSTATE},
-    {"marginpackets",     KW_MARGINPACKETS},
-    {"modeconfig",        KW_MODECONFIG},
-    {"keyexchange",       KW_KEYEXCHANGE},
-    {"charonstart",       KW_CHARONSTART},
+    {"force_keepalive",   KW_FORCE_KEEPALIVE},
+    {"me_peerid",         KW_ME_PEERID},
+    {"forceencaps",       KW_FORCEENCAPS},
     {"pkcs11initargs",    KW_PKCS11INITARGS},
-    {"dpdtimeout",        KW_DPDTIMEOUT},
     {"pkcs11proxy",       KW_PKCS11PROXY},
-    {"charondebug",       KW_CHARONDEBUG},
+    {"margintime",        KW_REKEYMARGIN},
+    {"interfaces",        KW_INTERFACES},
+    {"fragicmp",          KW_FRAGICMP},
+    {"marginbytes",       KW_MARGINBYTES},
+    {"marginpackets",     KW_MARGINPACKETS},
+    {"dpdtimeout",        KW_DPDTIMEOUT},
     {"klipsdebug",        KW_KLIPSDEBUG},
+    {"modeconfig",        KW_MODECONFIG},
+    {"pfsgroup",          KW_PFSGROUP},
     {"keylife",           KW_KEYLIFE},
     {"ikelifetime",       KW_IKELIFETIME}
   };
@@ -248,27 +250,29 @@ static const struct kw_entry wordlist[] =
 static const short lookup[] =
   {
      -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1,  -1,  -1,  -1,  -1,  -1,   0,  -1,  -1,
-      1,  -1,  -1,  -1,   2,   3,  -1,  -1,   4,   5,
-     -1,  -1,   6,   7,  -1,   8,   9,  -1,  10,  -1,
-     11,  -1,  -1,  -1,  12,  -1,  -1,  13,  14,  15,
-     16,  17,  18,  19,  20,  -1,  21,  22,  23,  -1,
-     24,  -1,  25,  26,  27,  28,  29,  -1,  30,  31,
-     32,  -1,  33,  34,  35,  36,  37,  38,  -1,  39,
-     -1,  40,  41,  42,  43,  44,  -1,  45,  -1,  46,
-     -1,  47,  -1,  48,  -1,  49,  50,  51,  -1,  52,
-     53,  54,  -1,  55,  56,  57,  58,  59,  -1,  -1,
-     60,  61,  62,  63,  64,  65,  66,  67,  68,  -1,
-     -1,  69,  70,  71,  72,  -1,  73,  74,  75,  76,
-     77,  78,  -1,  79,  80,  81,  -1,  82,  83,  84,
-     85,  86,  -1,  87,  88,  -1,  -1,  89,  90,  91,
-     92,  93,  -1,  94,  -1,  -1,  95,  96,  97,  -1,
-     98,  99,  -1,  -1,  -1, 100,  -1,  -1,  -1, 101,
-     -1, 102, 103,  -1,  -1,  -1, 104, 105, 106, 107,
-    108, 109,  -1, 110,  -1, 111, 112,  -1, 113,  -1,
-     -1, 114,  -1,  -1, 115,  -1,  -1,  -1,  -1,  -1,
-     -1,  -1, 116,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
-     -1, 117,  -1,  -1,  -1, 118
+     -1,   0,  -1,  -1,   1,  -1,   2,   3,   4,  -1,
+      5,   6,  -1,   7,   8,  -1,  -1,   9,  10,  11,
+     12,  -1,  13,  -1,  14,  15,  16,  -1,  17,  -1,
+     18,  19,  20,  21,  -1,  22,  23,  -1,  24,  25,
+     26,  27,  28,  29,  30,  -1,  -1,  31,  32,  33,
+     34,  35,  36,  37,  38,  -1,  39,  40,  -1,  41,
+     -1,  -1,  -1,  42,  43,  -1,  44,  45,  46,  47,
+     48,  49,  -1,  50,  51,  52,  53,  54,  55,  56,
+     57,  58,  59,  -1,  -1,  60,  -1,  -1,  61,  -1,
+     -1,  62,  -1,  -1,  63,  64,  -1,  -1,  65,  66,
+     -1,  67,  68,  69,  -1,  -1,  70,  -1,  71,  72,
+     73,  -1,  -1,  -1,  74,  -1,  75,  -1,  76,  77,
+     78,  79,  80,  81,  82,  83,  84,  85,  86,  87,
+     88,  89,  90,  91,  92,  93,  -1,  94,  95,  -1,
+     96,  -1,  -1,  -1,  97,  -1,  98,  99, 100,  -1,
+     -1, 101, 102,  -1, 103,  -1,  -1, 104, 105,  -1,
+    106,  -1, 107,  -1, 108,  -1,  -1,  -1,  -1, 109,
+     -1, 110,  -1,  -1, 111,  -1,  -1,  -1,  -1, 112,
+    113,  -1, 114, 115,  -1,  -1,  -1,  -1, 116,  -1,
+    117,  -1,  -1, 118,  -1,  -1,  -1,  -1,  -1,  -1,
+     -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,  -1,
+     -1,  -1,  -1,  -1,  -1,  -1, 119,  -1,  -1,  -1,
+    120
   };
 
 #ifdef __GNUC__
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 8be31d148..6c3907a6a 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -118,6 +118,7 @@ typedef enum {
    /* end keywords */
 	KW_HOST,
 	KW_NEXTHOP,
+	KW_IKEPORT,
 	KW_SUBNET,
 	KW_SUBNETWITHIN,
 	KW_PROTOPORT,
@@ -145,6 +146,7 @@ typedef enum {
 
    /* left end keywords */
 	KW_LEFT,
+	KW_LEFTIKEPORT,
 	KW_LEFTNEXTHOP,
 	KW_LEFTSUBNET,
 	KW_LEFTSUBNETWITHIN,
@@ -172,6 +174,7 @@ typedef enum {
 
    /* right end keywords */
 	KW_RIGHT,
+	KW_RIGHTIKEPORT,
 	KW_RIGHTNEXTHOP,
 	KW_RIGHTSUBNET,
 	KW_RIGHTSUBNETWITHIN,
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index adf3069bf..12037a685 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -98,6 +98,7 @@ ocspuri1,          KW_OCSPURI
 ocspuri2,          KW_OCSPURI2
 certuribase,       KW_CERTURIBASE
 left,              KW_LEFT
+leftikeport,       KW_LEFTIKEPORT
 leftnexthop,       KW_LEFTNEXTHOP
 leftsubnet,        KW_LEFTSUBNET
 leftsubnetwithin,  KW_LEFTSUBNETWITHIN
@@ -120,6 +121,7 @@ leftca,            KW_LEFTCA
 leftca2,           KW_LEFTCA2
 leftgroups,        KW_LEFTGROUPS
 right,             KW_RIGHT
+rightikeport,      KW_RIGHTIKEPORT
 rightnexthop,      KW_RIGHTNEXTHOP
 rightsubnet,       KW_RIGHTSUBNET
 rightsubnetwithin, KW_RIGHTSUBNETWITHIN
diff --git a/src/starter/lex.yy.c b/src/starter/lex.yy.c
index 4596c0cc3..13bf87f0b 100644
--- a/src/starter/lex.yy.c
+++ b/src/starter/lex.yy.c
@@ -513,7 +513,8 @@ char *yytext;
 #define MAX_INCLUDE_DEPTH  20
 
 extern void yyerror(const char *);
-extern int yylex (void);
+extern int yylex(void);
+extern int yylex_destroy(void);
 
 static struct {
 	int stack_ptr;
@@ -557,6 +558,7 @@ void _parser_y_fini (void)
 			fclose(__parser_y_private.file[i]);
 	}
 	memset(&__parser_y_private, 0, sizeof(__parser_y_private));
+	yylex_destroy();
 }
 
 int _parser_y_include (const char *filename)
@@ -617,7 +619,7 @@ int _parser_y_include (const char *filename)
 	return 0;
 }
 
-#line 621 "lex.yy.c"
+#line 623 "lex.yy.c"
 
 #define INITIAL 0
 
@@ -805,10 +807,10 @@ YY_DECL
 	register char *yy_cp, *yy_bp;
 	register int yy_act;
     
-#line 133 "./parser.l"
+#line 135 "./parser.l"
 
 
-#line 812 "lex.yy.c"
+#line 814 "lex.yy.c"
 
 	if ( !(yy_init) )
 		{
@@ -893,7 +895,7 @@ do_action:	/* This label is used only to access EOF actions. */
 			goto yy_find_action;
 
 case YY_STATE_EOF(INITIAL):
-#line 135 "./parser.l"
+#line 137 "./parser.l"
 {
 		if (__parser_y_private.filename[__parser_y_private.stack_ptr]) {
 				free(__parser_y_private.filename[__parser_y_private.stack_ptr]);
@@ -913,23 +915,23 @@ case YY_STATE_EOF(INITIAL):
 	YY_BREAK
 case 1:
 YY_RULE_SETUP
-#line 152 "./parser.l"
+#line 154 "./parser.l"
 return FIRST_SPACES;
 	YY_BREAK
 case 2:
 YY_RULE_SETUP
-#line 154 "./parser.l"
+#line 156 "./parser.l"
 /* ignore spaces in line */ ;
 	YY_BREAK
 case 3:
 YY_RULE_SETUP
-#line 156 "./parser.l"
+#line 158 "./parser.l"
 return EQUAL;
 	YY_BREAK
 case 4:
 /* rule 4 can match eol */
 YY_RULE_SETUP
-#line 158 "./parser.l"
+#line 160 "./parser.l"
 {
 										__parser_y_private.line[__parser_y_private.stack_ptr]++;
 										return EOL;
@@ -937,37 +939,37 @@ YY_RULE_SETUP
 	YY_BREAK
 case 5:
 YY_RULE_SETUP
-#line 163 "./parser.l"
+#line 165 "./parser.l"
 return CONFIG;
 	YY_BREAK
 case 6:
 YY_RULE_SETUP
-#line 164 "./parser.l"
+#line 166 "./parser.l"
 return SETUP;
 	YY_BREAK
 case 7:
 YY_RULE_SETUP
-#line 165 "./parser.l"
+#line 167 "./parser.l"
 return CONN;
 	YY_BREAK
 case 8:
 YY_RULE_SETUP
-#line 166 "./parser.l"
+#line 168 "./parser.l"
 return CA;
 	YY_BREAK
 case 9:
 YY_RULE_SETUP
-#line 167 "./parser.l"
+#line 169 "./parser.l"
 return INCLUDE;
 	YY_BREAK
 case 10:
 YY_RULE_SETUP
-#line 168 "./parser.l"
+#line 170 "./parser.l"
 return FILE_VERSION;
 	YY_BREAK
 case 11:
 YY_RULE_SETUP
-#line 170 "./parser.l"
+#line 172 "./parser.l"
 {
 										yylval.s = strdup(yytext);
 										return STRING;
@@ -975,7 +977,7 @@ YY_RULE_SETUP
 	YY_BREAK
 case 12:
 YY_RULE_SETUP
-#line 175 "./parser.l"
+#line 177 "./parser.l"
 {
 										yylval.s = strdup(yytext+1);
 										if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0';
@@ -984,15 +986,15 @@ YY_RULE_SETUP
 	YY_BREAK
 case 13:
 YY_RULE_SETUP
-#line 181 "./parser.l"
+#line 183 "./parser.l"
 yyerror(yytext);
 	YY_BREAK
 case 14:
 YY_RULE_SETUP
-#line 183 "./parser.l"
+#line 185 "./parser.l"
 ECHO;
 	YY_BREAK
-#line 996 "lex.yy.c"
+#line 998 "lex.yy.c"
 
 	case YY_END_OF_BUFFER:
 		{
@@ -1954,7 +1956,7 @@ void yyfree (void * ptr )
 
 #define YYTABLES_NAME "yytables"
 
-#line 183 "./parser.l"
+#line 185 "./parser.l"
 
 
 
diff --git a/src/starter/parser.l b/src/starter/parser.l
index 5857c0815..c45847c5c 100644
--- a/src/starter/parser.l
+++ b/src/starter/parser.l
@@ -24,7 +24,8 @@
 #define MAX_INCLUDE_DEPTH  20
 
 extern void yyerror(const char *);
-extern int yylex (void);
+extern int yylex(void);
+extern int yylex_destroy(void);
 
 static struct {
 	int stack_ptr;
@@ -68,6 +69,7 @@ void _parser_y_fini (void)
 			fclose(__parser_y_private.file[i]);
 	}
 	memset(&__parser_y_private, 0, sizeof(__parser_y_private));
+	yylex_destroy();
 }
 
 int _parser_y_include (const char *filename)
diff --git a/src/starter/parser.y b/src/starter/parser.y
index 4533228c2..b0b1f6f21 100644
--- a/src/starter/parser.y
+++ b/src/starter/parser.y
@@ -156,21 +156,20 @@ statement_kw:
 
 %%
 
-void
-yyerror(const char *s)
+void yyerror(const char *s)
 {
 	if (_save_errors_)
 		_parser_y_error(parser_errstring, ERRSTRING_LEN, s);
 }
 
-config_parsed_t *
-parser_load_conf(const char *file)
+config_parsed_t *parser_load_conf(const char *file)
 {
 	config_parsed_t *cfg = NULL;
 	int err = 0;
 	FILE *f;
 
-	extern void _parser_y_init (const char *f);
+	extern void _parser_y_init(const char *f);
+	extern void _parser_y_fini(void);
 	extern FILE *yyin;
 
 	memset(parser_errstring, 0, ERRSTRING_LEN+1);
@@ -231,11 +230,11 @@ parser_load_conf(const char *file)
 		cfg = NULL;
 	}
 
+	_parser_y_fini();
 	return cfg;
 }
 
-static void
-parser_free_kwlist(kw_list_t *list)
+static void parser_free_kwlist(kw_list_t *list)
 {
 	kw_list_t *elt;
 
@@ -248,8 +247,7 @@ parser_free_kwlist(kw_list_t *list)
 	}
 }
 
-void
-parser_free_conf(config_parsed_t *cfg)
+void parser_free_conf(config_parsed_t *cfg)
 {
 	section_list_t *sec;
 	if (cfg)
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 0aab76d43..50ef9c07b 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -28,6 +28,7 @@
 #include <grp.h>
 
 #include <freeswan.h>
+#include <library.h>
 
 #include "../pluto/constants.h"
 #include "../pluto/defs.h"
@@ -245,6 +246,9 @@ int main (int argc, char **argv)
 	log_to_stderr = TRUE;
 	base_debugging = DBG_NONE;
 
+	library_init(NULL);
+	atexit(library_deinit);
+
 	/* parse command line */
 	for (i = 1; i < argc; i++)
 	{
@@ -358,6 +362,7 @@ int main (int argc, char **argv)
 	if (stat(STARTER_PID_FILE, &stb) == 0)
 	{
 		plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE);
+		confread_free(cfg);
 		exit(LSB_RC_SUCCESS);
 	}
 
@@ -388,6 +393,7 @@ int main (int argc, char **argv)
 				plog("can't fork: %s", strerror(errno));
 				break;
 			default:
+				confread_free(cfg);
 				exit(LSB_RC_SUCCESS);
 		}
 	}
@@ -422,11 +428,8 @@ int main (int argc, char **argv)
 			confread_free(cfg);
 			unlink(STARTER_PID_FILE);
 			unlink(INFO_FILE);
-#ifdef LEAK_DETECTIVE
-			report_leaks();
-#endif /* LEAK_DETECTIVE */
-			close_log();
 			plog("ipsec starter stopped");
+			close_log();
 			exit(LSB_RC_SUCCESS);
 		}
 
diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 665350c00..d877661ec 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -186,6 +186,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta
 	msg_end->updown = push_string(msg, conn_end->updown);
 	ip_address2string(&conn_end->addr, buffer, sizeof(buffer));
 	msg_end->address = push_string(msg, buffer);
+	msg_end->ikeport = conn_end->ikeport;
 	msg_end->subnets = push_string(msg, conn_end->subnet);
 	msg_end->sourceip = push_string(msg, conn_end->sourceip);
 	msg_end->sourceip_mask = conn_end->sourceip_mask;
diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c
index 67916395f..527142a4e 100644
--- a/src/starter/starterwhack.c
+++ b/src/starter/starterwhack.c
@@ -91,6 +91,8 @@ static int send_whack_msg (whack_message_t *msg)
 	||  !pack_str(&msg->ike,            &str_next, &str_roof)
 	||  !pack_str(&msg->esp,            &str_next, &str_roof)
 	||  !pack_str(&msg->sc_data,        &str_next, &str_roof)
+	||  !pack_str(&msg->whack_lease_ip, &str_next, &str_roof)
+	||  !pack_str(&msg->whack_lease_id, &str_next, &str_roof)
 	||  (str_roof - str_next < msg->keyval.len))
 	{
 		plog("send_wack_msg(): can't pack strings");
@@ -138,14 +140,12 @@ static void init_whack_msg(whack_message_t *msg)
 	msg->magic = WHACK_MAGIC;
 }
 
-static char *connection_name(starter_conn_t *conn)
+static char *connection_name(starter_conn_t *conn, char *buf, size_t size)
 {
 	/* if connection name is '%auto', create a new name like conn_xxxxx */
-	static char buf[32];
-
 	if (streq(conn->name, "%auto"))
 	{
-		sprintf(buf, "conn_%ld", conn->id);
+		snprintf(buf, size, "conn_%ld", conn->id);
 		return buf;
 	}
 	return conn->name;
@@ -161,7 +161,7 @@ static void set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family
 	w->has_client          = end->has_client;
 	w->sourceip            = end->sourceip;
 	w->sourceip_mask       = end->sourceip_mask;
-	
+
 	if (end->sourceip && end->sourceip_mask > 0)
 	{
 		ttoaddr(end->sourceip, 0, ip_version(end->sourceip), &w->host_srcip);
@@ -226,10 +226,11 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
 {
 	const char *err;
 	static char keyspace[1024 + 4];
-	char buf[ADDRTOT_BUF];
+	char buf[ADDRTOT_BUF], name[32];
 	whack_message_t msg;
 
 	init_whack_msg(&msg);
+	connection_name(conn, name, sizeof(name));
 
 	msg.whack_key = TRUE;
 	msg.pubkey_alg = PUBKEY_ALG_RSA;
@@ -246,7 +247,7 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
 		err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len);
 		if (err)
 		{
-			plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err);
+			plog("conn %s/%s: rsakey malformed [%s]", name, lr, err);
 			return 1;
 		}
 		if (end->id)
@@ -266,13 +267,14 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end
 
 int starter_whack_add_conn(starter_conn_t *conn)
 {
+	char esp_buf[256], name[32];
 	whack_message_t msg;
 	int r;
 
 	init_whack_msg(&msg);
 
 	msg.whack_connection = TRUE;
-	msg.name = connection_name(conn);
+	msg.name = connection_name(conn, name, sizeof(name));
 
 	msg.ikev1                 = conn->keyexchange != KEY_EXCHANGE_IKEV2;
 	msg.addr_family           = conn->addr_family;
@@ -302,8 +304,6 @@ int starter_whack_add_conn(starter_conn_t *conn)
 	/* taken from pluto/whack.c */
 	if (msg.pfsgroup)
 	{
-		char esp_buf[256];
-
 		snprintf(esp_buf, sizeof (esp_buf), "%s;%s"
 				   , msg.esp ? msg.esp : ""
 				   , msg.pfsgroup ? msg.pfsgroup : "");
@@ -331,32 +331,35 @@ int starter_whack_add_conn(starter_conn_t *conn)
 
 int starter_whack_del_conn(starter_conn_t *conn)
 {
+	char name[32];
 	whack_message_t msg;
 
 	init_whack_msg(&msg);
 	msg.whack_delete = TRUE;
-	msg.name = connection_name(conn);
+	msg.name = connection_name(conn, name, sizeof(name));
 	return send_whack_msg(&msg);
 }
 
 int starter_whack_route_conn(starter_conn_t *conn)
 {
+	char name[32];
 	whack_message_t msg;
 
 	init_whack_msg(&msg);
 	msg.whack_route = TRUE;
-	msg.name = connection_name(conn);
+	msg.name = connection_name(conn, name, sizeof(name));
 	return send_whack_msg(&msg);
 }
 
 int starter_whack_initiate_conn(starter_conn_t *conn)
 {
+	char name[32];
 	whack_message_t msg;
 
 	init_whack_msg(&msg);
 	msg.whack_initiate = TRUE;
 	msg.whack_async = TRUE;
-	msg.name = connection_name(conn);
+	msg.name = connection_name(conn, name, sizeof(name));
 	return send_whack_msg(&msg);
 }
 
diff --git a/src/starter/y.tab.c b/src/starter/y.tab.c
index b78c1b1f9..504b5589e 100644
--- a/src/starter/y.tab.c
+++ b/src/starter/y.tab.c
@@ -1,24 +1,23 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
 
-/* Skeleton implementation for Bison's Yacc-like parsers in C
+/* A Bison parser, made by GNU Bison 2.4.1.  */
 
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+/* Skeleton implementation for Bison's Yacc-like parsers in C
+   
+      Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
    Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
+   
+   This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+   
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-
+   
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
 
 /* As a special exception, you may create a larger work that contains
    part or all of the Bison parser skeleton and distribute that work
@@ -29,7 +28,7 @@
    special exception, which will cause the skeleton and the resulting
    Bison output files to be licensed under the GNU General Public
    License without this special exception.
-
+   
    This special exception was added by the Free Software Foundation in
    version 2.2 of Bison.  */
 
@@ -47,7 +46,7 @@
 #define YYBISON 1
 
 /* Bison version.  */
-#define YYBISON_VERSION "2.3"
+#define YYBISON_VERSION "2.4.1"
 
 /* Skeleton name.  */
 #define YYSKELETON_NAME "yacc.c"
@@ -55,45 +54,20 @@
 /* Pure parsers.  */
 #define YYPURE 0
 
-/* Using locations.  */
-#define YYLSP_NEEDED 0
-
+/* Push parsers.  */
+#define YYPUSH 0
 
+/* Pull parsers.  */
+#define YYPULL 1
 
-/* Tokens.  */
-#ifndef YYTOKENTYPE
-# define YYTOKENTYPE
-   /* Put the tokens into the symbol table, so that GDB and other debuggers
-      know about them.  */
-   enum yytokentype {
-     EQUAL = 258,
-     FIRST_SPACES = 259,
-     EOL = 260,
-     CONFIG = 261,
-     SETUP = 262,
-     CONN = 263,
-     CA = 264,
-     INCLUDE = 265,
-     FILE_VERSION = 266,
-     STRING = 267
-   };
-#endif
-/* Tokens.  */
-#define EQUAL 258
-#define FIRST_SPACES 259
-#define EOL 260
-#define CONFIG 261
-#define SETUP 262
-#define CONN 263
-#define CA 264
-#define INCLUDE 265
-#define FILE_VERSION 266
-#define STRING 267
-
+/* Using locations.  */
+#define YYLSP_NEEDED 0
 
 
 
 /* Copy the first part of user declarations.  */
+
+/* Line 189 of yacc.c  */
 #line 1 "./parser.y"
 
 /* strongSwan config file parser (parser.y)
@@ -148,6 +122,9 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
 
 
 
+/* Line 189 of yacc.c  */
+#line 127 "y.tab.c"
+
 /* Enabling traces.  */
 #ifndef YYDEBUG
 # define YYDEBUG 0
@@ -166,25 +143,63 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len);
 # define YYTOKEN_TABLE 0
 #endif
 
+
+/* Tokens.  */
+#ifndef YYTOKENTYPE
+# define YYTOKENTYPE
+   /* Put the tokens into the symbol table, so that GDB and other debuggers
+      know about them.  */
+   enum yytokentype {
+     EQUAL = 258,
+     FIRST_SPACES = 259,
+     EOL = 260,
+     CONFIG = 261,
+     SETUP = 262,
+     CONN = 263,
+     CA = 264,
+     INCLUDE = 265,
+     FILE_VERSION = 266,
+     STRING = 267
+   };
+#endif
+/* Tokens.  */
+#define EQUAL 258
+#define FIRST_SPACES 259
+#define EOL 260
+#define CONFIG 261
+#define SETUP 262
+#define CONN 263
+#define CA 264
+#define INCLUDE 265
+#define FILE_VERSION 266
+#define STRING 267
+
+
+
+
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
 typedef union YYSTYPE
+{
+
+/* Line 214 of yacc.c  */
 #line 54 "./parser.y"
-{ char *s; }
-/* Line 187 of yacc.c.  */
-#line 175 "y.tab.c"
-	YYSTYPE;
+ char *s; 
+
+
+/* Line 214 of yacc.c  */
+#line 191 "y.tab.c"
+} YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
 # define yystype YYSTYPE /* obsolescent; will be withdrawn */
 # define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
 #endif
 
 
-
 /* Copy the second part of user declarations.  */
 
 
-/* Line 216 of yacc.c.  */
-#line 188 "y.tab.c"
+/* Line 264 of yacc.c  */
+#line 203 "y.tab.c"
 
 #ifdef short
 # undef short
@@ -259,14 +274,14 @@ typedef short int yytype_int16;
 #if (defined __STDC__ || defined __C99__FUNC__ \
      || defined __cplusplus || defined _MSC_VER)
 static int
-YYID (int i)
+YYID (int yyi)
 #else
 static int
-YYID (i)
-    int i;
+YYID (yyi)
+    int yyi;
 #endif
 {
-  return i;
+  return yyi;
 }
 #endif
 
@@ -347,9 +362,9 @@ void free (void *); /* INFRINGES ON USER NAME SPACE */
 /* A type that is properly aligned for any stack member.  */
 union yyalloc
 {
-  yytype_int16 yyss;
-  YYSTYPE yyvs;
-  };
+  yytype_int16 yyss_alloc;
+  YYSTYPE yyvs_alloc;
+};
 
 /* The size of the maximum gap between one aligned stack and the next.  */
 # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1)
@@ -383,12 +398,12 @@ union yyalloc
    elements in the stack, and YYPTR gives the new location of the
    stack.  Advance YYPTR to a properly aligned location for the next
    stack.  */
-# define YYSTACK_RELOCATE(Stack)					\
+# define YYSTACK_RELOCATE(Stack_alloc, Stack)				\
     do									\
       {									\
 	YYSIZE_T yynewbytes;						\
-	YYCOPY (&yyptr->Stack, Stack, yysize);				\
-	Stack = &yyptr->Stack;						\
+	YYCOPY (&yyptr->Stack_alloc, Stack, yysize);			\
+	Stack = &yyptr->Stack_alloc;					\
 	yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \
 	yyptr += yynewbytes / sizeof (*yyptr);				\
       }									\
@@ -484,7 +499,7 @@ static const char *const yytname[] =
 {
   "$end", "error", "$undefined", "EQUAL", "FIRST_SPACES", "EOL", "CONFIG",
   "SETUP", "CONN", "CA", "INCLUDE", "FILE_VERSION", "STRING", "$accept",
-  "config_file", "section_or_include", "@1", "@2", "@3", "@4",
+  "config_file", "section_or_include", "$@1", "$@2", "$@3", "$@4",
   "kw_section", "statement_kw", 0
 };
 #endif
@@ -758,17 +773,20 @@ yy_symbol_print (yyoutput, yytype, yyvaluep)
 #if (defined __STDC__ || defined __C99__FUNC__ \
      || defined __cplusplus || defined _MSC_VER)
 static void
-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top)
+yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop)
 #else
 static void
-yy_stack_print (bottom, top)
-    yytype_int16 *bottom;
-    yytype_int16 *top;
+yy_stack_print (yybottom, yytop)
+    yytype_int16 *yybottom;
+    yytype_int16 *yytop;
 #endif
 {
   YYFPRINTF (stderr, "Stack now");
-  for (; bottom <= top; ++bottom)
-    YYFPRINTF (stderr, " %d", *bottom);
+  for (; yybottom <= yytop; yybottom++)
+    {
+      int yybot = *yybottom;
+      YYFPRINTF (stderr, " %d", yybot);
+    }
   YYFPRINTF (stderr, "\n");
 }
 
@@ -802,11 +820,11 @@ yy_reduce_print (yyvsp, yyrule)
   /* The symbols being reduced.  */
   for (yyi = 0; yyi < yynrhs; yyi++)
     {
-      fprintf (stderr, "   $%d = ", yyi + 1);
+      YYFPRINTF (stderr, "   $%d = ", yyi + 1);
       yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi],
 		       &(yyvsp[(yyi + 1) - (yynrhs)])
 		       		       );
-      fprintf (stderr, "\n");
+      YYFPRINTF (stderr, "\n");
     }
 }
 
@@ -1086,10 +1104,8 @@ yydestruct (yymsg, yytype, yyvaluep)
 	break;
     }
 }
-
 
 /* Prevent warnings from -Wmissing-prototypes.  */
-
 #ifdef YYPARSE_PARAM
 #if defined __STDC__ || defined __cplusplus
 int yyparse (void *YYPARSE_PARAM);
@@ -1105,11 +1121,10 @@ int yyparse ();
 #endif /* ! YYPARSE_PARAM */
 
 
-
-/* The look-ahead symbol.  */
+/* The lookahead symbol.  */
 int yychar;
 
-/* The semantic value of the look-ahead symbol.  */
+/* The semantic value of the lookahead symbol.  */
 YYSTYPE yylval;
 
 /* Number of syntax errors so far.  */
@@ -1117,9 +1132,9 @@ int yynerrs;
 
 
 
-/*----------.
-| yyparse.  |
-`----------*/
+/*-------------------------.
+| yyparse or yypush_parse.  |
+`-------------------------*/
 
 #ifdef YYPARSE_PARAM
 #if (defined __STDC__ || defined __C99__FUNC__ \
@@ -1143,66 +1158,68 @@ yyparse ()
 #endif
 #endif
 {
-  
-  int yystate;
-  int yyn;
-  int yyresult;
-  /* Number of tokens to shift before error messages enabled.  */
-  int yyerrstatus;
-  /* Look-ahead token as an internal (translated) token number.  */
-  int yytoken = 0;
-#if YYERROR_VERBOSE
-  /* Buffer for error messages, and its allocated size.  */
-  char yymsgbuf[128];
-  char *yymsg = yymsgbuf;
-  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
-#endif
 
-  /* Three stacks and their tools:
-     `yyss': related to states,
-     `yyvs': related to semantic values,
-     `yyls': related to locations.
 
-     Refer to the stacks thru separate pointers, to allow yyoverflow
-     to reallocate them elsewhere.  */
+    int yystate;
+    /* Number of tokens to shift before error messages enabled.  */
+    int yyerrstatus;
 
-  /* The state stack.  */
-  yytype_int16 yyssa[YYINITDEPTH];
-  yytype_int16 *yyss = yyssa;
-  yytype_int16 *yyssp;
+    /* The stacks and their tools:
+       `yyss': related to states.
+       `yyvs': related to semantic values.
 
-  /* The semantic value stack.  */
-  YYSTYPE yyvsa[YYINITDEPTH];
-  YYSTYPE *yyvs = yyvsa;
-  YYSTYPE *yyvsp;
+       Refer to the stacks thru separate pointers, to allow yyoverflow
+       to reallocate them elsewhere.  */
 
+    /* The state stack.  */
+    yytype_int16 yyssa[YYINITDEPTH];
+    yytype_int16 *yyss;
+    yytype_int16 *yyssp;
 
+    /* The semantic value stack.  */
+    YYSTYPE yyvsa[YYINITDEPTH];
+    YYSTYPE *yyvs;
+    YYSTYPE *yyvsp;
 
-#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
-
-  YYSIZE_T yystacksize = YYINITDEPTH;
+    YYSIZE_T yystacksize;
 
+  int yyn;
+  int yyresult;
+  /* Lookahead token as an internal (translated) token number.  */
+  int yytoken;
   /* The variables used to return semantic value and location from the
      action routines.  */
   YYSTYPE yyval;
 
+#if YYERROR_VERBOSE
+  /* Buffer for error messages, and its allocated size.  */
+  char yymsgbuf[128];
+  char *yymsg = yymsgbuf;
+  YYSIZE_T yymsg_alloc = sizeof yymsgbuf;
+#endif
+
+#define YYPOPSTACK(N)   (yyvsp -= (N), yyssp -= (N))
 
   /* The number of symbols on the RHS of the reduced rule.
      Keep to zero when no symbol should be popped.  */
   int yylen = 0;
 
+  yytoken = 0;
+  yyss = yyssa;
+  yyvs = yyvsa;
+  yystacksize = YYINITDEPTH;
+
   YYDPRINTF ((stderr, "Starting parse\n"));
 
   yystate = 0;
   yyerrstatus = 0;
   yynerrs = 0;
-  yychar = YYEMPTY;		/* Cause a token to be read.  */
+  yychar = YYEMPTY; /* Cause a token to be read.  */
 
   /* Initialize stack pointers.
      Waste one element of value and location stack
      so that they stay on the same level as the state stack.
      The wasted elements are never initialized.  */
-
   yyssp = yyss;
   yyvsp = yyvs;
 
@@ -1232,7 +1249,6 @@ yyparse ()
 	YYSTYPE *yyvs1 = yyvs;
 	yytype_int16 *yyss1 = yyss;
 
-
 	/* Each stack pointer address is followed by the size of the
 	   data in use in that stack, in bytes.  This used to be a
 	   conditional around just the two extra args, but that might
@@ -1240,7 +1256,6 @@ yyparse ()
 	yyoverflow (YY_("memory exhausted"),
 		    &yyss1, yysize * sizeof (*yyssp),
 		    &yyvs1, yysize * sizeof (*yyvsp),
-
 		    &yystacksize);
 
 	yyss = yyss1;
@@ -1263,9 +1278,8 @@ yyparse ()
 	  (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
 	if (! yyptr)
 	  goto yyexhaustedlab;
-	YYSTACK_RELOCATE (yyss);
-	YYSTACK_RELOCATE (yyvs);
-
+	YYSTACK_RELOCATE (yyss_alloc, yyss);
+	YYSTACK_RELOCATE (yyvs_alloc, yyvs);
 #  undef YYSTACK_RELOCATE
 	if (yyss1 != yyssa)
 	  YYSTACK_FREE (yyss1);
@@ -1276,7 +1290,6 @@ yyparse ()
       yyssp = yyss + yysize - 1;
       yyvsp = yyvs + yysize - 1;
 
-
       YYDPRINTF ((stderr, "Stack size increased to %lu\n",
 		  (unsigned long int) yystacksize));
 
@@ -1286,6 +1299,9 @@ yyparse ()
 
   YYDPRINTF ((stderr, "Entering state %d\n", yystate));
 
+  if (yystate == YYFINAL)
+    YYACCEPT;
+
   goto yybackup;
 
 /*-----------.
@@ -1294,16 +1310,16 @@ yyparse ()
 yybackup:
 
   /* Do appropriate processing given the current state.  Read a
-     look-ahead token if we need one and don't already have one.  */
+     lookahead token if we need one and don't already have one.  */
 
-  /* First try to decide what to do without reference to look-ahead token.  */
+  /* First try to decide what to do without reference to lookahead token.  */
   yyn = yypact[yystate];
   if (yyn == YYPACT_NINF)
     goto yydefault;
 
-  /* Not known => get a look-ahead token if don't already have one.  */
+  /* Not known => get a lookahead token if don't already have one.  */
 
-  /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol.  */
+  /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol.  */
   if (yychar == YYEMPTY)
     {
       YYDPRINTF ((stderr, "Reading a token: "));
@@ -1335,20 +1351,16 @@ yybackup:
       goto yyreduce;
     }
 
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
   /* Count tokens shifted since error; after three, turn off error
      status.  */
   if (yyerrstatus)
     yyerrstatus--;
 
-  /* Shift the look-ahead token.  */
+  /* Shift the lookahead token.  */
   YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc);
 
-  /* Discard the shifted token unless it is eof.  */
-  if (yychar != YYEOF)
-    yychar = YYEMPTY;
+  /* Discard the shifted token.  */
+  yychar = YYEMPTY;
 
   yystate = yyn;
   *++yyvsp = yylval;
@@ -1388,6 +1400,8 @@ yyreduce:
   switch (yyn)
     {
         case 4:
+
+/* Line 1455 of yacc.c  */
 #line 71 "./parser.y"
     {
 		free((yyvsp[(2) - (3)].s));
@@ -1395,6 +1409,8 @@ yyreduce:
     break;
 
   case 5:
+
+/* Line 1455 of yacc.c  */
 #line 75 "./parser.y"
     {
 		_parser_kw = &(_parser_cfg->config_setup);
@@ -1403,6 +1419,8 @@ yyreduce:
     break;
 
   case 7:
+
+/* Line 1455 of yacc.c  */
 #line 80 "./parser.y"
     {
 		section_list_t *section = malloc_thing(section_list_t);
@@ -1422,6 +1440,8 @@ yyreduce:
     break;
 
   case 9:
+
+/* Line 1455 of yacc.c  */
 #line 96 "./parser.y"
     {
 		section_list_t *section = malloc_thing(section_list_t);
@@ -1440,6 +1460,8 @@ yyreduce:
     break;
 
   case 11:
+
+/* Line 1455 of yacc.c  */
 #line 111 "./parser.y"
     {
 		extern void _parser_y_include (const char *f);
@@ -1449,6 +1471,8 @@ yyreduce:
     break;
 
   case 16:
+
+/* Line 1455 of yacc.c  */
 #line 126 "./parser.y"
     {
 		kw_list_t  *new;
@@ -1477,6 +1501,8 @@ yyreduce:
     break;
 
   case 17:
+
+/* Line 1455 of yacc.c  */
 #line 151 "./parser.y"
     {
 		free((yyvsp[(1) - (2)].s));
@@ -1484,8 +1510,9 @@ yyreduce:
     break;
 
 
-/* Line 1267 of yacc.c.  */
-#line 1489 "y.tab.c"
+
+/* Line 1455 of yacc.c  */
+#line 1516 "y.tab.c"
       default: break;
     }
   YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
@@ -1496,7 +1523,6 @@ yyreduce:
 
   *++yyvsp = yyval;
 
-
   /* Now `shift' the result of the reduction.  Determine what state
      that goes to, based on the state we popped back to and the rule
      number reduced by.  */
@@ -1561,7 +1587,7 @@ yyerrlab:
 
   if (yyerrstatus == 3)
     {
-      /* If just tried and failed to reuse look-ahead token after an
+      /* If just tried and failed to reuse lookahead token after an
 	 error, discard it.  */
 
       if (yychar <= YYEOF)
@@ -1578,7 +1604,7 @@ yyerrlab:
 	}
     }
 
-  /* Else will try to reuse look-ahead token after shifting the error
+  /* Else will try to reuse lookahead token after shifting the error
      token.  */
   goto yyerrlab1;
 
@@ -1635,9 +1661,6 @@ yyerrlab1:
       YY_STACK_PRINT (yyss, yyssp);
     }
 
-  if (yyn == YYFINAL)
-    YYACCEPT;
-
   *++yyvsp = yylval;
 
 
@@ -1662,7 +1685,7 @@ yyabortlab:
   yyresult = 1;
   goto yyreturn;
 
-#ifndef yyoverflow
+#if !defined(yyoverflow) || YYERROR_VERBOSE
 /*-------------------------------------------------.
 | yyexhaustedlab -- memory exhaustion comes here.  |
 `-------------------------------------------------*/
@@ -1673,7 +1696,7 @@ yyexhaustedlab:
 #endif
 
 yyreturn:
-  if (yychar != YYEOF && yychar != YYEMPTY)
+  if (yychar != YYEMPTY)
      yydestruct ("Cleanup: discarding lookahead",
 		 yytoken, &yylval);
   /* Do not reclaim the symbols of the rule which action triggered
@@ -1699,24 +1722,25 @@ yyreturn:
 }
 
 
+
+/* Line 1675 of yacc.c  */
 #line 157 "./parser.y"
 
 
-void
-yyerror(const char *s)
+void yyerror(const char *s)
 {
 	if (_save_errors_)
 		_parser_y_error(parser_errstring, ERRSTRING_LEN, s);
 }
 
-config_parsed_t *
-parser_load_conf(const char *file)
+config_parsed_t *parser_load_conf(const char *file)
 {
 	config_parsed_t *cfg = NULL;
 	int err = 0;
 	FILE *f;
 
-	extern void _parser_y_init (const char *f);
+	extern void _parser_y_init(const char *f);
+	extern void _parser_y_fini(void);
 	extern FILE *yyin;
 
 	memset(parser_errstring, 0, ERRSTRING_LEN+1);
@@ -1777,11 +1801,11 @@ parser_load_conf(const char *file)
 		cfg = NULL;
 	}
 
+	_parser_y_fini();
 	return cfg;
 }
 
-static void
-parser_free_kwlist(kw_list_t *list)
+static void parser_free_kwlist(kw_list_t *list)
 {
 	kw_list_t *elt;
 
@@ -1794,8 +1818,7 @@ parser_free_kwlist(kw_list_t *list)
 	}
 }
 
-void
-parser_free_conf(config_parsed_t *cfg)
+void parser_free_conf(config_parsed_t *cfg)
 {
 	section_list_t *sec;
 	if (cfg)
diff --git a/src/starter/y.tab.h b/src/starter/y.tab.h
index 871de1e97..caf6ea172 100644
--- a/src/starter/y.tab.h
+++ b/src/starter/y.tab.h
@@ -1,24 +1,23 @@
-/* A Bison parser, made by GNU Bison 2.3.  */
 
-/* Skeleton interface for Bison's Yacc-like parsers in C
+/* A Bison parser, made by GNU Bison 2.4.1.  */
 
-   Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
+/* Skeleton interface for Bison's Yacc-like parsers in C
+   
+      Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
    Free Software Foundation, Inc.
-
-   This program is free software; you can redistribute it and/or modify
+   
+   This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2, or (at your option)
-   any later version.
-
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+   
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-
+   
    You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor,
-   Boston, MA 02110-1301, USA.  */
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
 
 /* As a special exception, you may create a larger work that contains
    part or all of the Bison parser skeleton and distribute that work
@@ -29,10 +28,11 @@
    special exception, which will cause the skeleton and the resulting
    Bison output files to be licensed under the GNU General Public
    License without this special exception.
-
+   
    This special exception was added by the Free Software Foundation in
    version 2.2 of Bison.  */
 
+
 /* Tokens.  */
 #ifndef YYTOKENTYPE
 # define YYTOKENTYPE
@@ -68,15 +68,21 @@
 
 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
 typedef union YYSTYPE
+{
+
+/* Line 1676 of yacc.c  */
 #line 54 "./parser.y"
-{ char *s; }
-/* Line 1489 of yacc.c.  */
-#line 75 "y.tab.h"
-	YYSTYPE;
+ char *s; 
+
+
+/* Line 1676 of yacc.c  */
+#line 80 "y.tab.h"
+} YYSTYPE;
+# define YYSTYPE_IS_TRIVIAL 1
 # define yystype YYSTYPE /* obsolescent; will be withdrawn */
 # define YYSTYPE_IS_DECLARED 1
-# define YYSTYPE_IS_TRIVIAL 1
 #endif
 
 extern YYSTYPE yylval;
 
+
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index 82f2be13d..4353928b5 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -197,6 +197,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c
index 955e49535..4fa0f76a8 100644
--- a/src/stroke/stroke.c
+++ b/src/stroke/stroke.c
@@ -27,6 +27,8 @@
 #include <stddef.h>
 #include <string.h>
 
+#include <library.h>
+
 #include "stroke_msg.h"
 #include "stroke_keywords.h"
 
@@ -96,7 +98,7 @@ static int send_stroke_msg (stroke_msg_t *msg)
 		{
 			if (fgets(buffer, sizeof(buffer), stdin))
 			{
-				if (write(sock, buffer, strlen(buffer)));
+				ignore_result(write(sock, buffer, strlen(buffer)));
 			}
 		}
 	}
@@ -129,11 +131,13 @@ static int add_connection(char *name,
 
 	msg.add_conn.me.id = push_string(&msg, my_id);
 	msg.add_conn.me.address = push_string(&msg, my_addr);
+	msg.add_conn.me.ikeport = 500;
 	msg.add_conn.me.subnets = push_string(&msg, my_nets);
 	msg.add_conn.me.sendcert = 1;
 
 	msg.add_conn.other.id = push_string(&msg, other_id);
 	msg.add_conn.other.address = push_string(&msg, other_addr);
+	msg.add_conn.other.ikeport = 500;
 	msg.add_conn.other.subnets = push_string(&msg, other_nets);
 	msg.add_conn.other.sendcert = 1;
 
@@ -355,6 +359,9 @@ int main(int argc, char *argv[])
 	const stroke_token_t *token;
 	int res = 0;
 
+	library_init(NULL);
+	atexit(library_deinit);
+
 	if (argc < 2)
 	{
 		exit_usage(NULL);
diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h
index 56a7a158f..ffc67039e 100644
--- a/src/stroke/stroke_msg.h
+++ b/src/stroke/stroke_msg.h
@@ -137,6 +137,7 @@ struct stroke_end_t {
 	char *groups;
 	char *updown;
 	char *address;
+	u_int16_t ikeport;
 	char *sourceip;
 	int sourceip_mask;
 	char *subnets;
diff --git a/src/whack/Makefile.in b/src/whack/Makefile.in
index eb6238d80..098e5110e 100644
--- a/src/whack/Makefile.in
+++ b/src/whack/Makefile.in
@@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/src/whack/whack.c b/src/whack/whack.c
index c458d6760..5f986108b 100644
--- a/src/whack/whack.c
+++ b/src/whack/whack.c
@@ -185,6 +185,10 @@ static void help(void)
 			" [--debug-private]"
 			"\n\n"
 #endif
+		"leases: whack --leases"
+			" [--name <connection_name>]"
+			" [--lease-addr <ip-address> | --lease-id <identity>]"
+			"\n\n"
 		"listen: whack"
 			" (--listen | --unlisten)"
 			"\n\n"
@@ -322,6 +326,10 @@ enum {
 	OPT_LISTEN,
 	OPT_UNLISTEN,
 
+	OPT_LEASES,
+	OPT_LEASEADDR,
+	OPT_LEASEID,
+
 	OPT_PURGEOCSP,
 
 	OPT_REREADSECRETS,
@@ -519,6 +527,10 @@ static const struct option long_opts[] = {
 	{ "listen", no_argument, NULL, OPT_LISTEN + OO },
 	{ "unlisten", no_argument, NULL, OPT_UNLISTEN + OO },
 
+	{ "leases", no_argument, NULL, OPT_LEASES + OO },
+	{ "lease-addr", required_argument, NULL, OPT_LEASEADDR + OO },
+	{ "lease-id", required_argument, NULL, OPT_LEASEID + OO },
+
 	{ "purgeocsp", no_argument, NULL, OPT_PURGEOCSP + OO },
 
 	{ "rereadsecrets", no_argument, NULL, OPT_REREADSECRETS + OO },
@@ -1103,6 +1115,18 @@ int main(int argc, char **argv)
 				diagq("0.0.0.0 or 0::0 isn't a valid client address", optarg);
 			continue;
 
+		case OPT_LEASES:        /* --leases */
+			msg.whack_leases = TRUE;
+			continue;
+
+		case OPT_LEASEADDR:     /* --lease-addr <ip-address> */
+			msg.whack_lease_ip = optarg;      /* decoded by Pluto */
+			continue;
+
+		case OPT_LEASEID:       /* --lease-id <identity> */
+			msg.whack_lease_id = optarg;      /* decoded by Pluto */
+			continue;
+
 		case OPT_LISTEN:        /* --listen */
 			msg.whack_listen = TRUE;
 			continue;
@@ -1618,6 +1642,12 @@ int main(int argc, char **argv)
 		break;
 	}
 
+	/* check leases */
+	if (LHAS(opts_seen, OPT_LEASEADDR) && LHAS(opts_seen, OPT_LEASEID))
+	{
+		diag("--lease-addr and --lease-id cannot be used together");
+	}
+
 	/* check connection description */
 	if (LHAS(opts_seen, OPT_CD))
 	{
@@ -1682,7 +1712,7 @@ int main(int argc, char **argv)
 		if (!LHAS(opts_seen, OPT_NAME) && !msg.whack_ca)
 			diag("missing --name <connection_name>");
 	}
-	else if (!msg.whack_options && !msg.whack_status)
+	else if (!msg.whack_options && !msg.whack_status && !msg.whack_leases)
 	{
 		if (LHAS(opts_seen, OPT_NAME))
 			diag("no reason for --name");
@@ -1698,9 +1728,10 @@ int main(int argc, char **argv)
 	|| msg.whack_delete || msg.whack_deletestate
 	|| msg.whack_initiate || msg.whack_oppo_initiate || msg.whack_terminate
 	|| msg.whack_route || msg.whack_unroute || msg.whack_listen
-	|| msg.whack_unlisten || msg.whack_list || msg.whack_purgeocsp || msg.whack_reread
-	|| msg.whack_ca || msg.whack_status || msg.whack_options || msg.whack_shutdown
-	|| msg.whack_sc_op))
+	|| msg.whack_unlisten || msg.whack_list || msg.whack_purgeocsp
+	|| msg.whack_reread || msg.whack_ca || msg.whack_status
+	|| msg.whack_options || msg.whack_shutdown || msg.whack_sc_op
+	|| msg.whack_leases))
 	{
 		diag("no action specified; try --help for hints");
 	}
@@ -1771,6 +1802,8 @@ int main(int argc, char **argv)
 	||  !pack_str(&msg.ike)              /* string 24 */
 	||  !pack_str(&msg.esp)              /* string 25 */
 	||  !pack_str(&msg.sc_data)          /* string 26 */
+	||  !pack_str(&msg.whack_lease_ip)   /* string 27 */
+	||  !pack_str(&msg.whack_lease_id)   /* string 28 */
 	||  str_roof - next_str < (ptrdiff_t)msg.keyval.len)
 		diag("too many bytes of strings to fit in message to pluto");
 
diff --git a/src/whack/whack.h b/src/whack/whack.h
index 3f66a7b4f..b495d3489 100644
--- a/src/whack/whack.h
+++ b/src/whack/whack.h
@@ -65,7 +65,7 @@ struct whack_end {
 	int   sourceip_mask;
 	ip_address host_addr;
 	ip_address host_nexthop;
-	ip_address host_srcip;	
+	ip_address host_srcip;
 	ip_subnet client;
 	bool key_from_DNS_on_demand;
 	bool has_client;
@@ -177,6 +177,10 @@ struct whack_message {
 	bool whack_deletestate;
 	so_serial_t whack_deletestateno;
 
+	/* for WHACK_LEASES: */
+	bool whack_leases;
+	char *whack_lease_ip, *whack_lease_id;
+
 	/* for WHACK_LISTEN: */
 	bool whack_listen, whack_unlisten;
 
diff --git a/testing/Makefile.in b/testing/Makefile.in
index 6a5fd31f2..c60f9b2ea 100644
--- a/testing/Makefile.in
+++ b/testing/Makefile.in
@@ -175,6 +175,7 @@ ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
+libhydra_plugins = @libhydra_plugins@
 libstrongswan_plugins = @libstrongswan_plugins@
 linux_headers = @linux_headers@
 localedir = @localedir@
diff --git a/testing/do-tests.in b/testing/do-tests.in
index 7dbb5487a..2a869515d 100755
--- a/testing/do-tests.in
+++ b/testing/do-tests.in
@@ -348,7 +348,7 @@ do
 	    do
 		host=`echo $host_iface | awk -F ":" '{print $1}'`
 		iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'`
-		tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &"
+		tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain > /tmp/tcpdump.log 2>&1 &"
 		echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG
 		ssh root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'`
 		eval TDUP_${host}="true"
diff --git a/testing/hosts/default/etc/hosts b/testing/hosts/default/etc/hosts
index 7d343d857..fb07a2f6e 100644
--- a/testing/hosts/default/etc/hosts
+++ b/testing/hosts/default/etc/hosts
@@ -14,6 +14,10 @@
 
 10.1.0.10	alice.strongswan.org	alice
 10.1.0.20	venus.strongswan.org	venus
+10.1.0.30	carol2.strongswan.org	carol2
+10.1.0.40	dave2.strongswan.org	dave2
+10.1.0.50	carol3.strongswan.org	carol3
+10.1.0.51	dave3.strongswan.org	dave3
 10.1.0.1	moon1.strongswan.org	moon1
 192.168.0.1	moon.strongswan.org	moon
 192.168.0.50	alice1.strongswan.org	alice1
diff --git a/testing/hosts/default/etc/ipsec.d/tables.sql b/testing/hosts/default/etc/ipsec.d/tables.sql
index a7c5f1d81..0e880826d 100644
--- a/testing/hosts/default/etc/ipsec.d/tables.sql
+++ b/testing/hosts/default/etc/ipsec.d/tables.sql
@@ -197,9 +197,9 @@ CREATE TABLE ike_sas (
   id INTEGER NOT NULL,
   initiator INTEGER NOT NULL,
   local_id_type INTEGER NOT NULL,
-  local_id_data BLOB NOT NULL,
+  local_id_data BLOB DEFAULT NULL,
   remote_id_type INTEGER NOT NULL,
-  remote_id_data BLOB NOT NULL,
+  remote_id_data BLOB DEFAULT NULL,
   host_family INTEGER NOT NULL,
   local_host_data BLOB NOT NULL,
   remote_host_data BLOB NOT NULL,
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt
index abdbb857b..58a88a3cb 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/index.txt
@@ -8,11 +8,11 @@ R	090909112548Z	041226135423Z,keyCompromise	07	unknown	/C=CH/O=Linux strongSwan/
 R	090909112651Z	090827094754Z,superseded	08	unknown	/C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
 R	091118162928Z	091124124946Z,superseded	09	unknown	/C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
 R	091231214318Z	090827113123Z,superseded	0A	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
-V	100216084430Z		0B	unknown	/C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+R	100216084430Z	100227205840Z,superseded	0B	unknown	/C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
 R	140321062536Z	050621195214Z,CACompromise	0C	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
-V	140321062916Z		0D	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
+R	140321062916Z	100406094423Z,superseded	0D	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
 R	100607191714Z	070427213122Z,superseded	0E	unknown	/C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org
-V	100620195806Z		0F	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+R	100620195806Z	100406093001Z,superseded	0F	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
 V	111007105811Z		10	unknown	/C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org
 V	111007121250Z		11	unknown	/C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
 V	111007122112Z		12	unknown	/C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org
@@ -28,3 +28,6 @@ R	140826103106Z	090827103405Z,keyCompromise	1B	unknown	/C=CH/O=Linux strongSwan/
 V	140826103739Z		1C	unknown	/C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
 V	140826104451Z		1D	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
 V	141123125153Z		1E	unknown	/C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
+V	150226210530Z		1F	unknown	/C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+V	190404095350Z		20	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+V	190404095433Z		21	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old
index 67a737e0e..5fd137735 100644
--- a/testing/hosts/winnetou/etc/openssl/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/index.txt.old
@@ -8,11 +8,11 @@ R	090909112548Z	041226135423Z,keyCompromise	07	unknown	/C=CH/O=Linux strongSwan/
 R	090909112651Z	090827094754Z,superseded	08	unknown	/C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
 R	091118162928Z	091124124946Z,superseded	09	unknown	/C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
 R	091231214318Z	090827113123Z,superseded	0A	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
-V	100216084430Z		0B	unknown	/C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+R	100216084430Z	100227205840Z,superseded	0B	unknown	/C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
 R	140321062536Z	050621195214Z,CACompromise	0C	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
-V	140321062916Z		0D	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
+R	140321062916Z	100406094423Z,superseded	0D	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
 R	100607191714Z	070427213122Z,superseded	0E	unknown	/C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org
-V	100620195806Z		0F	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
+R	100620195806Z	100406093001Z,superseded	0F	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
 V	111007105811Z		10	unknown	/C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org
 V	111007121250Z		11	unknown	/C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org
 V	111007122112Z		12	unknown	/C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org
@@ -27,3 +27,6 @@ V	140826100818Z		1A	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongsw
 R	140826103106Z	090827103405Z,keyCompromise	1B	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
 V	140826103739Z		1C	unknown	/C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org
 V	140826104451Z		1D	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+V	141123125153Z		1E	unknown	/C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org
+V	150226210530Z		1F	unknown	/C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org
+V	190404095350Z		20	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem
new file mode 100644
index 000000000..61d1c34e2
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv
+cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS
+dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx
+p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn
+d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K
+SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm
+s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC
+AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO
+LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
+Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
+bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh
+QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry
+b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K
+atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3
+u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/
+aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL
+wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov
+G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5
+8mcNXcKmqcyP2Tlnvbo=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/20.pem b/testing/hosts/winnetou/etc/openssl/newcerts/20.pem
new file mode 100644
index 000000000..d51918e89
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/20.pem
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 32 (0x20)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA
+        Validity
+            Not Before: Apr  6 09:53:50 2010 GMT
+            Not After : Apr  4 09:53:50 2019 GMT
+        Subject: C=CH, O=Linux strongSwan, OU=Research, CN=Research CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:b6:39:b2:3a:a6:e0:07:5b:58:a7:3f:4f:b2:5a:
+                    85:6a:72:f7:1b:5d:3d:b1:e7:80:13:7a:95:b9:e9:
+                    61:a1:df:af:19:c6:b2:f9:83:14:21:59:1c:27:7b:
+                    7a:04:6a:43:f0:2e:24:71:dc:12:fd:c3:51:d7:c9:
+                    59:60:32:a5:59:d4:bd:d9:5c:a7:9f:21:06:3a:71:
+                    7d:33:d7:3f:d2:03:07:1c:d0:69:0c:94:ce:c1:31:
+                    20:65:8e:55:46:36:7b:bc:49:e4:12:81:9d:75:64:
+                    a2:4d:e1:b5:8e:07:af:51:9d:a8:d8:7e:dc:b1:26:
+                    6d:e8:09:06:78:13:45:24:71:e0:f2:89:e7:81:4e:
+                    fd:be:fc:2d:4c:c1:fa:b3:31:af:3c:70:fe:59:c8:
+                    f2:31:26:02:d2:a5:ba:04:3b:73:d6:ae:31:e1:42:
+                    cf:e3:66:95:27:e7:4a:85:a1:1c:de:6a:9b:ed:22:
+                    34:ac:b4:0b:ed:b9:22:e1:3c:36:af:a2:de:3b:41:
+                    88:8f:01:c0:1a:87:63:7b:b6:22:e7:e5:52:1f:4d:
+                    73:d7:7f:47:ab:c6:b1:13:cc:1e:cd:f4:5f:51:da:
+                    fe:6d:14:83:8f:78:fb:0c:2a:c1:f1:01:65:18:f3:
+                    c4:c9:8c:17:fd:52:1b:82:35:13:74:c3:38:9d:ec:
+                    ae:39
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                E7:75:F0:A0:F2:AD:20:CD:CD:60:23:CC:C7:C8:0F:29:F3:DD:54:20
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF
+                DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA
+                serial:00
+
+    Signature Algorithm: sha256WithRSAEncryption
+        8d:6d:a1:6d:1b:2d:cc:81:5c:0a:32:15:e2:ca:1b:2e:12:89:
+        b7:0d:05:9b:3f:ae:80:a1:73:05:1a:bf:47:e8:c8:b7:42:60:
+        c6:05:28:47:87:38:bb:c8:b1:32:23:89:fa:58:e0:c3:f2:dd:
+        20:60:43:95:e9:72:ce:6f:38:5c:16:f7:b8:cc:e9:87:c1:ca:
+        a8:f1:e3:ee:ea:4c:1a:8e:68:b3:17:05:b7:89:dc:b2:30:43:
+        22:62:ae:9a:87:67:39:6c:3a:c7:1c:87:10:a3:70:c0:0c:3c:
+        e0:46:99:68:e9:74:ea:94:2e:82:e5:c1:7f:44:16:10:40:da:
+        b1:19:07:58:9a:9a:06:d4:27:93:39:79:13:44:b9:b9:bc:c5:
+        1e:81:6b:0f:f4:39:1c:ff:b6:df:ad:c4:2f:63:c5:c8:c7:a0:
+        99:ce:15:5d:2c:b3:b5:ec:dd:dd:f6:3e:a8:6f:28:68:01:c6:
+        35:4b:67:2a:b7:cc:3f:eb:30:6d:b1:5d:5c:8a:3d:4e:3a:cd:
+        e9:4c:08:fd:54:76:c3:3a:da:d2:f5:73:00:22:e2:ca:24:6b:
+        4d:86:42:b3:ff:af:00:61:1e:dd:b6:6c:93:0d:e2:03:6c:e4:
+        d4:af:85:37:63:8e:0c:15:63:32:ee:eb:72:05:60:1b:d6:f2:
+        c1:66:89:92
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
+cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
+FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU
+zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO
+/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0
+C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E
+BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
+VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
+BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/21.pem b/testing/hosts/winnetou/etc/openssl/newcerts/21.pem
new file mode 100644
index 000000000..965543286
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/newcerts/21.pem
@@ -0,0 +1,83 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 33 (0x21)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA
+        Validity
+            Not Before: Apr  6 09:54:33 2010 GMT
+            Not After : Apr  4 09:54:33 2019 GMT
+        Subject: C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c2:4e:4d:26:99:8c:37:b9:51:1f:a1:25:ba:1d:
+                    70:4e:34:58:1c:56:9b:ea:f4:16:20:fe:14:b7:36:
+                    73:48:47:fd:07:16:9b:55:df:aa:77:3d:a9:a3:cf:
+                    1a:8c:4e:d8:17:f0:5e:01:44:1d:f3:9d:43:31:c6:
+                    ba:d8:61:b2:f7:4c:3e:49:96:3f:56:77:b8:3a:f0:
+                    b1:ca:ab:98:bc:aa:e0:92:3c:ed:ec:52:7a:7d:60:
+                    82:60:95:12:26:f9:e5:3e:1f:37:1a:d3:20:62:5a:
+                    a1:ee:89:9f:db:fd:67:01:b6:07:e5:2b:de:71:40:
+                    ff:07:5c:91:27:6a:27:17:3a:5c:bf:43:29:c4:64:
+                    dd:3c:59:b6:ff:52:b8:37:ed:13:d1:bb:f3:b3:ba:
+                    3c:94:b2:7f:25:18:86:57:73:d4:46:5e:e4:f4:ec:
+                    52:80:1b:04:9d:03:0d:72:71:df:9e:b6:90:3b:5f:
+                    41:dc:1e:cd:ab:74:2c:0c:8e:b1:56:9b:62:af:f4:
+                    1b:f7:c1:67:02:cb:7a:be:2a:18:5d:be:dc:2b:2f:
+                    3f:b8:cd:5e:78:51:61:e4:af:db:ee:22:da:60:23:
+                    81:b0:51:23:50:37:8a:aa:14:dc:da:b5:bc:f0:2a:
+                    ce:b7:a4:38:8f:d1:57:d1:eb:7b:d2:f5:af:c5:f5:
+                    74:81
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                5F:9B:13:46:F9:20:72:C8:00:D5:88:B5:A7:4C:2E:97:EA:0B:93:28
+            X509v3 Authority Key Identifier: 
+                keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF
+                DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA
+                serial:00
+
+    Signature Algorithm: sha256WithRSAEncryption
+        24:65:4e:a5:cc:8c:7c:bb:af:ba:d6:9e:af:f4:f7:21:67:4d:
+        de:9d:fb:2e:8a:90:78:fd:92:f6:12:03:9a:bb:c5:87:66:3f:
+        72:38:f9:83:f6:aa:93:e7:62:34:9e:c9:f3:02:97:86:48:c8:
+        c5:e7:7d:46:f3:e4:eb:ee:5e:9e:12:09:2d:20:21:42:7a:98:
+        ae:be:e5:fd:5a:dd:44:9d:07:80:9e:d0:e7:78:9a:45:08:42:
+        62:f3:28:50:91:4a:a7:61:5a:85:73:34:9a:e5:f8:14:f5:6b:
+        97:7d:f9:a2:d6:00:be:52:da:9a:94:a1:03:e0:1b:ae:0c:3e:
+        08:72:dd:2c:94:6f:8a:81:7a:99:64:dc:97:51:ff:a3:a0:03:
+        92:d0:78:db:4b:88:8e:d8:fd:d6:cc:33:64:6f:9f:6f:38:44:
+        82:31:a7:64:ea:37:61:ee:a7:a0:4d:2c:7b:fa:7c:b8:b1:74:
+        9a:4c:fa:71:bb:66:31:98:7f:ee:dd:9e:e6:3a:64:38:6f:22:
+        dd:7c:ce:bf:f6:9f:51:0b:05:03:e1:33:94:a3:62:11:90:21:
+        95:66:37:33:43:ac:a1:95:00:ab:5a:e4:b1:bc:07:00:46:8b:
+        4b:97:73:d7:c1:5d:64:5c:7d:f2:37:37:5f:c8:66:3f:e8:6f:
+        9b:77:58:28
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
+MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
+GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV
+Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S
+uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO
+sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1
+vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
+VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
+MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt
index 75e87f2c9..98aa9e3e4 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt
@@ -1,5 +1,6 @@
-V	100322070423Z		01	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+R	100322070423Z	100407091025Z,superseded	01	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
 V	100615195710Z		02	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
 V	120323210330Z		03	unknown	/C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
 V	140323203747Z		04	unknown	/C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
 V	151103161503Z		05	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
+V	150406092057Z		06	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt.old b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
index 26e68d4f3..2a68119f8 100644
--- a/testing/hosts/winnetou/etc/openssl/research/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/research/index.txt.old
@@ -1,4 +1,5 @@
-V	100322070423Z		01	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
+R	100322070423Z	100407091025Z	01	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org
 V	100615195710Z		02	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA
 V	120323210330Z		03	unknown	/C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org
 V	140323203747Z		04	unknown	/C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org
+V	151103161503Z		05	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA
diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem
new file mode 100644
index 000000000..69e5c05e3
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
+YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
index 693af7c28..23f120b29 100644
--- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
@@ -42,7 +42,7 @@ crl_extensions	= crl_ext  		  # The extentions to add to the CRL
 
 default_days    = 1825                    # how long to certify for
 default_crl_days= 30			  # how long before next CRL
-default_md      = sha1                    # which md to use.
+default_md      = sha256                  # which md to use.
 preserve        = no                      # keep passed DN ordering
 email_in_dn	= no			  # allow/forbid EMail in DN
 
@@ -74,7 +74,7 @@ emailAddress		= optional
 ####################################################################
 
 [ req ]
-default_bits		= 1024
+default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
diff --git a/testing/hosts/winnetou/etc/openssl/research/researchCert.der b/testing/hosts/winnetou/etc/openssl/research/researchCert.der
index 2a52f620d..0cbb57b99 100644
--- a/testing/hosts/winnetou/etc/openssl/research/researchCert.der
+++ b/testing/hosts/winnetou/etc/openssl/research/researchCert.der
diff --git a/testing/hosts/winnetou/etc/openssl/research/researchCert.pem b/testing/hosts/winnetou/etc/openssl/research/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/hosts/winnetou/etc/openssl/research/researchCert.pem
+++ b/testing/hosts/winnetou/etc/openssl/research/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial b/testing/hosts/winnetou/etc/openssl/research/serial
index cd672a533..2c7456e3e 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial
+++ b/testing/hosts/winnetou/etc/openssl/research/serial
@@ -1 +1 @@
-06
+07
diff --git a/testing/hosts/winnetou/etc/openssl/research/serial.old b/testing/hosts/winnetou/etc/openssl/research/serial.old
index eeee65ec4..cd672a533 100644
--- a/testing/hosts/winnetou/etc/openssl/research/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/research/serial.old
@@ -1 +1 @@
-05
+06
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt
index 3e39e973b..c4e05f253 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt
@@ -1,4 +1,5 @@
-V	100322071017Z		01	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+R	100322071017Z	100407093948Z,superseded	01	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
 V	100615195536Z		02	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
 V	120323211811Z		03	unknown	/C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
 V	140323211053Z		04	unknown	/C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
+V	150406094241Z		05	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old
new file mode 100644
index 000000000..8f7e63a34
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old
@@ -0,0 +1 @@
+unique_subject = yes
diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
index ab3c06416..f377c3588 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old
@@ -1,3 +1,4 @@
-V	100322071017Z		01	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
+R	100322071017Z	100407093948Z,superseded	01	unknown	/C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org
 V	100615195536Z		02	unknown	/C=CH/O=Linux strongSwan/OU=Research/CN=Research CA
 V	120323211811Z		03	unknown	/C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org
+V	140323211053Z		04	unknown	/C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem
new file mode 100644
index 000000000..91df37a81
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
+BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
index 75816c432..547b2edbc 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
@@ -42,7 +42,7 @@ crl_extensions	= crl_ext  		  # The extentions to add to the CRL
 
 default_days    = 1825                    # how long to certify for
 default_crl_days= 30			  # how long before next CRL
-default_md      = sha1                    # which md to use.
+default_md      = sha256                  # which md to use.
 preserve        = no                      # keep passed DN ordering
 email_in_dn	= no			  # allow/forbid EMail in DN
 
@@ -74,7 +74,7 @@ emailAddress		= optional
 ####################################################################
 
 [ req ]
-default_bits		= 1024
+default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
diff --git a/testing/hosts/winnetou/etc/openssl/sales/salesCert.der b/testing/hosts/winnetou/etc/openssl/sales/salesCert.der
index 529fd2d45..dafc9ed48 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/salesCert.der
+++ b/testing/hosts/winnetou/etc/openssl/sales/salesCert.der
diff --git a/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem b/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem
+++ b/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial b/testing/hosts/winnetou/etc/openssl/sales/serial
index eeee65ec4..cd672a533 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial
@@ -1 +1 @@
-05
+06
diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial.old b/testing/hosts/winnetou/etc/openssl/sales/serial.old
index 64969239d..eeee65ec4 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/sales/serial.old
@@ -1 +1 @@
-04
+05
diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial
index 33c1ce6c7..2bd5a0a98 100644
--- a/testing/hosts/winnetou/etc/openssl/serial
+++ b/testing/hosts/winnetou/etc/openssl/serial
@@ -1 +1 @@
-1F
+22
diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old
index e28e17eb7..aabe6ec39 100644
--- a/testing/hosts/winnetou/etc/openssl/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/serial.old
@@ -1 +1 @@
-1E
+21
diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs
index 4a561b857..16dd843b9 100755
--- a/testing/scripts/build-umlrootfs
+++ b/testing/scripts/build-umlrootfs
@@ -206,9 +206,9 @@ then
     echo -n " --enable-leak-detective" >> $INSTALLSHELL
 fi
 
-if [ "$USE_LOAD_TESTS" = "yes" ]
+if [ "$USE_LOAD_TESTER" = "yes" ]
 then
-    echo -n " --enable-load-tests" >> $INSTALLSHELL
+    echo -n " --enable-load-tester" >> $INSTALLSHELL
 fi
 
 if [ "$USE_TEST_VECTORS" = "yes" ]
@@ -221,6 +221,26 @@ then
     echo -n " --enable-gcrypt" >> $INSTALLSHELL
 fi
 
+if [ "$USE_SOCKET_DEFAULT" = "yes" ]
+then
+    echo -n " --enable-socket-default" >> $INSTALLSHELL
+fi
+
+if [ "$USE_SOCKET_DYNAMIC" = "yes" ]
+then
+    echo -n " --enable-socket-dynamic" >> $INSTALLSHELL
+fi
+
+if [ "$USE_DHCP" = "yes" ]
+then
+    echo -n " --enable-dhcp" >> $INSTALLSHELL
+fi
+
+if [ "$USE_FARP" = "yes" ]
+then
+    echo -n " --enable-farp" >> $INSTALLSHELL
+fi
+
 echo "" >> $INSTALLSHELL
 echo "make" >> $INSTALLSHELL
 echo "make install" >> $INSTALLSHELL
diff --git a/testing/testing.conf b/testing/testing.conf
index e86f60ae2..c7852d28f 100755
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -19,19 +19,19 @@ UMLTESTDIR=~/strongswan-testing
 
 # Bzipped kernel sources
 # (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.31.5.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.33.3.tar.bz2
 
 # Extract kernel version
 KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
 
 # Kernel configuration file
-KERNELCONFIG=$UMLTESTDIR/.config-2.6.31
+KERNELCONFIG=$UMLTESTDIR/.config-2.6.33
 
 # Bzipped uml patch for kernel
-#UMLPATCH=$UMLTESTDIR/aead_init.patch.bz2
+UMLPATCH=$UMLTESTDIR/aes_gmac.patch.bz2
 
 # Bzipped source of strongSwan
-STRONGSWAN=$UMLTESTDIR/strongswan-4.3.6.tar.bz2
+STRONGSWAN=$UMLTESTDIR/strongswan-4.4.0.tar.bz2
 
 # strongSwan compile options (use "yes" or "no")
 USE_LIBCURL="yes"
@@ -49,15 +49,19 @@ USE_BLOWFISH="yes"
 USE_KERNEL_PFKEY="yes"
 USE_INTEGRITY_TEST="yes"
 USE_LEAK_DETECTIVE="yes"
-USE_LOAD_TESTS="yes"
+USE_LOAD_TESTER="yes"
 USE_TEST_VECTORS="yes"
 USE_GCRYPT="yes"
+USE_SOCKET_DEFAULT="yes"
+USE_SOCKET_DYNAMIC="yes"
+USE_DHCP="yes"
+USE_FARP="yes"
 
 # Gentoo linux root filesystem
 ROOTFS=$UMLTESTDIR/gentoo-fs-20090615.tar.bz2
 
 # Size of the finished root filesystem in MB
-ROOTFSSIZE=600
+ROOTFSSIZE=700
 
 # Amount of Memory to use per UML [MB].
 # If "auto" is stated 1/12 of total host ram will be used.
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index 586a3dc5e..48b36cec7 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown
+  load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index 586a3dc5e..48b36cec7 100644
--- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown
+  load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index b15a55fa5..0113aa780 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown
+  load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index ab6f08e2d..6fcefc56a 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index b15a55fa5..0113aa780 100644
--- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown
+  load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
index 6f4ec2510..774042329 100644
--- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
 
 libstrongswan {
diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
index ff3faf993..1f442a7dd 100644
--- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw
 }
 
 pluto {
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
index cf4893014..831790f1e 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw
 }
 
 pluto {
diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ike2/description.txt b/testing/tests/ike2/description.txt
new file mode 100644
index 000000000..31d24cda6
--- /dev/null
+++ b/testing/tests/ike2/description.txt
@@ -0,0 +1,6 @@
+The router <b>moon</b> sets up a connection to gateway <b>sun</b> in order
+to reach the subnet hidden behind <b>sun</b>. The gateway <b>sun</b> assigns a
+virtual IP address to router <b>moon</b>. A special updown script on <b>moon</b>
+specified by <b>leftupdown=/etc/nat_updown</b> dynamically inserts a source NAT rule
+which maps the IP address of client <b>alice</b> to the virtual IP of <b>moon</b>.
+This allows <b>alice</b> to access client <b>bob</b> via the established IPsec tunnel.
diff --git a/testing/tests/ike2/evaltest.dat b/testing/tests/ike2/evaltest.dat
new file mode 100644
index 000000000..75d5ffbd3
--- /dev/null
+++ b/testing/tests/ike2/evaltest.dat
@@ -0,0 +1,8 @@
+moon::ipsec statusall::net-net.*ESTABLISHED::YES
+sun::ipsec statusall::net-net.*ESTABLISHED::YES
+moon::cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES
+alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES
+sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES
+sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES
+bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES
+bob::tcpdump::IP bob.strongswan.org > alice2.strongswan.org: ICMP::YES
diff --git a/testing/tests/ike2/hosts/bob/etc/hosts b/testing/tests/ike2/hosts/bob/etc/hosts
new file mode 100644
index 000000000..ee854da09
--- /dev/null
+++ b/testing/tests/ike2/hosts/bob/etc/hosts
@@ -0,0 +1,70 @@
+# /etc/hosts:  This file describes a number of hostname-to-address
+#              mappings for the TCP/IP subsystem.  It is mostly
+#              used at boot time, when no name servers are running.
+#              On small systems, this file can be used instead of a
+#              "named" name server.  Just add the names, addresses
+#              and any aliases to this file...
+#
+
+127.0.0.1	localhost
+
+192.168.0.254	uml0.strongswan.org	uml0
+10.1.0.254	uml1.strongswan.org	uml1
+10.2.0.254	uml1.strongswan.org	uml2
+
+10.1.0.10	alice.strongswan.org	alice
+10.1.0.20	venus.strongswan.org	venus
+10.1.0.1	moon1.strongswan.org	moon1
+192.168.0.1	moon.strongswan.org	moon
+192.168.0.50	alice1.strongswan.org	alice1
+192.168.0.100	carol.strongswan.org	carol
+10.3.0.1	carol1.strongswan.org	carol1
+192.168.0.150	winnetou.strongswan.org	winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org
+192.168.0.200	dave.strongswan.org	dave
+10.3.0.2	dave1.strongswan.org	dave1
+192.168.0.2	sun.strongswan.org	sun
+10.2.0.1	sun1.strongswan.org	sun1
+10.2.0.10	bob.strongswan.org	bob
+10.4.0.1	alice2.strongswan.org	alice2
+
+# IPv6 versions of localhost and co
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
+
+# IPv6 solicited-node multicast addresses
+ff02::1:ff00:1	ip6-mcast-1
+ff02::1:ff00:2	ip6-mcast-2
+ff02::1:ff00:10	ip6-mcast-10
+ff02::1:ff00:15	ip6-mcast-15
+ff02::1:ff00:20	ip6-mcast-20
+
+# IPv6 site-local addresses
+fec0::5		ip6-alice1.strongswan.org   ip6-alice1
+fec1::10	ip6-alice.strongswan.org    ip6-alice
+fec1::20	ip6-venus.strongswan.org    ip6-venus
+fec1::1 	ip6-moon1.strongswan.org    ip6-moon1
+fec0::1 	ip6-moon.strongswan.org     ip6-moon
+fec0::10	ip6-carol.strongswan.org    ip6-carol
+fec3::1 	ip6-carol1.strongswan.org   ip6-carol1
+fec0::15	ip6-winnetou.strongswan.org ip6-winnetou 
+fec0::20	ip6-dave.strongswan.org     ip6-dave
+fec3::2 	ip6-dave1.strongswan.org    ip6-dave1
+fec0::2 	ip6-sun.strongswan.org      ip6-sun
+fec2::1 	ip6-sun1.strongswan.org     ip6-sun1
+fec2::10	ip6-bob.strongswan.org      ip6-bob
+
+# IPv6 link-local HW derived addresses
+fe80::fcfd:0aff:fe01:14	ip6-hw-venus.strongswan.org    ip6-hw-venus
+fe80::fcfd:0aff:fe01:0a	ip6-hw-alice.strongswan.org    ip6-hw-alice
+fe80::fcfd:0aff:fe01:01	ip6-hw-moon1.strongswan.org    ip6-hw-moon1
+fe80::fcfd:c0ff:fea8:01 ip6-hw-moon.strongswan.org     ip6-hw-moon
+fe80::fcfd:c0ff:fea8:64	ip6-hw-carol.strongswan.org    ip6-hw-carol
+fe80::fcfd:c0ff:fea8:96 ip6-hw-winnetou.strongswan.org ip6-hw-winnetou
+fe80::fcfd:c0ff:fea8:c8	ip6-hw-dave.strongswan.org     ip6-hw-dave
+fe80::fcfd:c0ff:fea8:02	ip6-hw-sun.strongswan.org      ip6-hw-sun
+fe80::fcfd:0aff:fe02:01	ip6-hw-sun1.strongswan.org     ip6-hw-sun1
+fe80::fcfd:0aff:fe02:0a ip6-hw-bob.strongswan.org      ip6-hw-bob
diff --git a/testing/tests/ike2/hosts/moon/etc/ipsec.conf b/testing/tests/ike2/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e43e0d785
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+
+conn net-net 
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsourceip=%config
+	leftupdown=/etc/nat_updown
+	right=PH_IP_SUN
+	rightid=@sun.strongswan.org
+	rightsubnet=10.2.0.0/16
+	auto=add
diff --git a/testing/tests/ike2/hosts/moon/etc/nat_updown b/testing/tests/ike2/hosts/moon/etc/nat_updown
new file mode 100755
index 000000000..aab1df687
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/nat_updown
@@ -0,0 +1,152 @@
+#! /bin/sh
+# NAT updown script
+#
+# Copyright (C) 2010 Andreas Steffen <andreas.steffen@strongswan.org>
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+
+# things that this script gets (from ipsec_pluto(8) man page)
+#
+#      PLUTO_VERSION
+#              indicates  what  version of this interface is being
+#              used.  This document describes version  1.1.   This
+#              is upwardly compatible with version 1.0.
+#
+#       PLUTO_VERB
+#              specifies the name of the operation to be performed
+#              (prepare-host, prepare-client, up-host, up-client,
+#              down-host, or down-client).  If the address family
+#              for security gateway to security gateway communica-
+#              tions is IPv6, then a suffix of -v6 is added to the
+#              verb.
+#
+#       PLUTO_CONNECTION
+#              is the name of the  connection  for  which  we  are
+#              routing.
+#
+#       PLUTO_NEXT_HOP
+#              is the next hop to which packets bound for the peer
+#              must be sent.
+#
+#       PLUTO_INTERFACE
+#              is the name of the ipsec interface to be used.
+#
+#       PLUTO_REQID
+#              is the requid of the ESP policy
+#
+#       PLUTO_ME
+#              is the IP address of our host.
+#
+#       PLUTO_MY_ID
+#              is the ID of our host.
+#
+#       PLUTO_MY_CLIENT
+#              is the IP address / count of our client subnet.  If
+#              the  client  is  just  the  host,  this will be the
+#              host's own IP address / max (where max  is  32  for
+#              IPv4 and 128 for IPv6).
+#
+#       PLUTO_MY_CLIENT_NET
+#              is the IP address of our client net.  If the client
+#              is just the host, this will be the  host's  own  IP
+#              address.
+#
+#       PLUTO_MY_CLIENT_MASK
+#              is  the  mask for our client net.  If the client is
+#              just the host, this will be 255.255.255.255.
+#
+#       PLUTO_MY_SOURCEIP
+#              if non-empty, then the source address for the route will be
+#              set to this IP address.
+#
+#       PLUTO_MY_PROTOCOL
+#              is the IP protocol that will be transported.
+#
+#       PLUTO_MY_PORT
+#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
+#              restricted on our side.
+#
+#       PLUTO_PEER
+#              is the IP address of our peer.
+#
+#       PLUTO_PEER_ID
+#              is the ID of our peer.
+#
+#       PLUTO_PEER_CA
+#              is the CA which issued the cert of our peer.
+#
+#       PLUTO_PEER_CLIENT
+#              is the IP address / count of the peer's client sub-
+#              net.   If the client is just the peer, this will be
+#              the peer's own IP address / max (where  max  is  32
+#              for IPv4 and 128 for IPv6).
+#
+#       PLUTO_PEER_CLIENT_NET
+#              is the IP address of the peer's client net.  If the
+#              client is just the peer, this will  be  the  peer's
+#              own IP address.
+#
+#       PLUTO_PEER_CLIENT_MASK
+#              is  the  mask  for  the  peer's client net.  If the
+#              client   is   just   the   peer,   this   will   be
+#              255.255.255.255.
+#
+#       PLUTO_PEER_PROTOCOL
+#              is the IP protocol that will be transported.
+#
+#       PLUTO_PEER_PORT
+#              is  the  UDP/TCP  port  to  which  the IPsec SA  is
+#              restricted on the peer side.
+#
+
+# define a minimum PATH environment in case it is not set
+PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin"
+export PATH
+
+# resolve octal escape sequences
+PLUTO_MY_ID=`printf "$PLUTO_MY_ID"`
+PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"`
+
+case "$PLUTO_VERB:$1" in
+up-host:)
+	# connection to me coming up
+	# If you are doing a custom version, firewall commands go here.
+	;;
+down-host:)
+	# connection to me going down
+	# If you are doing a custom version, firewall commands go here.
+	;;
+up-client:)
+	# connection to my client subnet coming up
+	# If you are doing a custom version, firewall commands go here.
+	iptables -A FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+	    -d $PLUTO_PEER_CLIENT -j ACCEPT
+        iptables -A FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \
+            -s $PLUTO_PEER_CLIENT -j ACCEPT
+	iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+	    -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP
+	echo "inserted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2 
+	;;
+down-client:)
+	# connection to my client subnet going down
+	# If you are doing a custom version, firewall commands go here.
+        iptables -D FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+            -d $PLUTO_PEER_CLIENT -j ACCEPT
+        iptables -D FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \
+            -s $PLUTO_PEER_CLIENT -j ACCEPT
+         iptables -t nat -D POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \
+            -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP
+        echo "deleted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2    
+	;;
+*)	echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
+	exit 1
+	;;
+esac
diff --git a/testing/tests/ike2/hosts/moon/etc/strongswan.conf b/testing/tests/ike2/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..161934454
--- /dev/null
+++ b/testing/tests/ike2/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown
+  multiple_authentication = no
+}
diff --git a/testing/tests/ike2/hosts/sun/etc/ipsec.conf b/testing/tests/ike2/hosts/sun/etc/ipsec.conf
new file mode 100755
index 000000000..9cede8d56
--- /dev/null
+++ b/testing/tests/ike2/hosts/sun/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+        keyingtries=1
+	keyexchange=ikev2
+	mobike=no
+
+conn net-net 
+	left=PH_IP_SUN
+	leftcert=sunCert.pem
+	leftid=@sun.strongswan.org
+	leftsubnet=10.2.0.0/16
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsourceip=10.4.0.0/24
+	auto=add
diff --git a/testing/tests/ike2/hosts/sun/etc/strongswan.conf b/testing/tests/ike2/hosts/sun/etc/strongswan.conf
new file mode 100644
index 000000000..161934454
--- /dev/null
+++ b/testing/tests/ike2/hosts/sun/etc/strongswan.conf
@@ -0,0 +1,6 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown
+  multiple_authentication = no
+}
diff --git a/testing/tests/ike2/posttest.dat b/testing/tests/ike2/posttest.dat
new file mode 100644
index 000000000..b121de27d
--- /dev/null
+++ b/testing/tests/ike2/posttest.dat
@@ -0,0 +1,5 @@
+moon::ipsec stop
+sun::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+sun::/etc/init.d/iptables stop 2> /dev/null
+moon::conntrack -F
diff --git a/testing/tests/ike2/pretest.dat b/testing/tests/ike2/pretest.dat
new file mode 100644
index 000000000..abbca90d7
--- /dev/null
+++ b/testing/tests/ike2/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+sun::/etc/init.d/iptables start 2> /dev/null
+moon::conntrack -F
+moon::echo 1 > /proc/sys/net/ipv4/ip_forward
+moon::ipsec start
+sun::ipsec start
+moon::sleep 1 
+moon::ipsec up net-net
+moon::sleep 1
diff --git a/testing/tests/ike2/test.conf b/testing/tests/ike2/test.conf
new file mode 100644
index 000000000..1971a33ab
--- /dev/null
+++ b/testing/tests/ike2/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon winnetou sun bob"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-w-s-b.png"
+ 
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="sun bob"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon sun"
diff --git a/testing/tests/ikev1/alg-modp-subgroup/description.txt b/testing/tests/ikev1/alg-modp-subgroup/description.txt
new file mode 100644
index 000000000..cb7d11720
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/description.txt
@@ -0,0 +1,14 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b>
+with <b>Prime Order Subgroups</b>.
+<p/>
+<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas
+<b>dave</b> proposes MODP_2048_224 and MODP_2048_256.
+Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to
+MODP_1024_160 and MODP_2048_256, respectively.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
new file mode 100644
index 000000000..0f71ba5f5
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat
@@ -0,0 +1,13 @@
+moon::cat /var/log/auth.log::MODP_2048_224.*refused due to strict flag::YES
+moon::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IPsec SA established::YES
+carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1/MODP_1024_160::YES
+dave::ipsec statusall::IPsec SA established::YES
+dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..944524020
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160!
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..a9de84e91
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256!
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..424f78bb4
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160!
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1/alg-modp-subgroup/posttest.dat b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev1/alg-modp-subgroup/test.conf b/testing/tests/ikev1/alg-modp-subgroup/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev1/alg-modp-subgroup/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
index 3c5c5d91d..61d1c34e2 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIBCzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDIxNzA4NDQzMFoXDTEwMDIxNjA4NDQzMFowZjELMAkGA1UE
+b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv
 cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2Czo4Mds6Jz15DWop6ExWI
-wWt9zU8Xu//ow1F0Kf9a4DLjo8qO+km3gybByNQQv1LrZ1eq+82Gy4RYXU1FnhC6
-dc8aobDmUQkY/8uYXtUmevKF5QcbYciDLp01W1q0DONAlc/9wmvJWhvjs9itWOBC
-fAUcH3eUNvMgkc7hlQTqreZTH4zyJ6M54JibkTsyfVg/1yOT41zUU3b+vI/r9kNB
-CYcp2DrdhdxX6mEiSTyDA/OMlgvCa7kPinUL4FJtQOFBozCsGcD28ONLc8Abkggf
-NABXCclPVAXOTawJF3dRWcMhIlNLWxWMVRvEt5OkAEdy/mXGBvtVArmGnmA+8zcC
-AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFA+6
-5KwThPKc9Vxn0048uRThft1tMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS
+dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx
+p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn
+d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K
+SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm
+s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC
+AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO
+LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq
 Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh
 bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh
 QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry
-b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEEBQADggEBAIeg
-CjgR2yIGSuyrFolvEM/qoT3j+LpQREDZbx9BKr3kGmbqF75clwfpysJ4FlXZZ2CR
-aH2GoPOZGXwsYc3poqGeeWSxo+fpt4XIGUc1eREXm1rKVMd+qb0u0PXuhq2+u1aY
-ZJDY0yqUU2/7AInXjzG7lI120W+K6tuTM/5UVI5EPpAFwUVlCxnMh4Sl4VkgZ2Hw
-YnO3/8SEHmHR03/GhOd5d8hD8a0AGHtdOPpZnUOR9PH5FszpQ/alUdn+NTdQ7O2v
-Q8jqPCeQSAAkJbBBRvGA4bD6KXt1k74fXXUofiKWpQUozlO1Cc978Kfl5/do5bov
-wTLSA/z7c8nVCVoZI9Y=
+b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K
+atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3
+u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/
+aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL
+wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov
+G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5
+8mcNXcKmqcyP2Tlnvbo=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
index 209b48f3a..250441ad0 100644
--- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
+++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvYLOjgx2zonPXkNainoTFYjBa33NTxe7/+jDUXQp/1rgMuOj
-yo76SbeDJsHI1BC/UutnV6r7zYbLhFhdTUWeELp1zxqhsOZRCRj/y5he1SZ68oXl
-BxthyIMunTVbWrQM40CVz/3Ca8laG+Oz2K1Y4EJ8BRwfd5Q28yCRzuGVBOqt5lMf
-jPInozngmJuROzJ9WD/XI5PjXNRTdv68j+v2Q0EJhynYOt2F3FfqYSJJPIMD84yW
-C8JruQ+KdQvgUm1A4UGjMKwZwPbw40tzwBuSCB80AFcJyU9UBc5NrAkXd1FZwyEi
-U0tbFYxVG8S3k6QAR3L+ZcYG+1UCuYaeYD7zNwIDAQABAoIBAQCCGgsz+dqWcIWs
-cRD3gFcZsYkYAoWwhtrKFUIB6X3rkLfaN+16Yi3x7cpcES2OaPDwPCv2Q6warS+K
-7B8hrWmWkmvOgrn+eB+p3z+8xh5UttYxKTrSZjn7LhQSWU8eNf2jBfPTlqKi3Ni/
-zNLrLhaV3w7Fc0knDtmqj/GJ1dQ4SrUpME3sREpWbGSzjJ2UsR7iqQiDsYwWHzK2
-nWWwzrSmpObhDR3jiyOwBy/DEjXRC7h0fUL8eBghJvLWgFgifI5Z36FXa0FasxQr
-zKZnQdwuJHqQz7+sVjAmKtNd7x7RE5Ii0oQYiWDFr0OAwKD5UfMNydpcOVC/bV2n
-SKWmguoBAoGBAO73MTPP9ne4cfC7t4k2+F9hkb7mAjAbk9GbTyZyEKSDKH2bL02W
-G4kXdlkvZVgKhIDg8PCouRSQKv2IxubDrarFURb5KMJlyfBV1Q8JSxpVtxK69clq
-yIu/AtiiBE/n11MdmdoJLr6l2nNStJummj2jw5OyN8sdJarf83rCy+ITAoGBAMsF
-IfivZ+Tueavy0tGRb1qqKalIhwzLBRmWCna39bB9rK4eTNio5Oes95mC7t8mslmO
-18enKUTO87svWLzo8NVYIKSqg5B+kIN44hROErlV6HHPVd5vJzZFjH7SSfy5y8Ka
-wmsA1xiG6NEgEndc6F6uQ2YdaZAHWFO6CiTNpq7NAoGADXglb9QzAkCFO5p5F+Tf
-TxEC1A3G5ctII7JrXbFkOsGh0KKkoezqFGocI57GSZYeLd1/9zCrbftKUQwamftB
-mLSSg4b7wylVnpRX9AcEErHuJcIgBIBeWXIkyO0o7RAWVPsAJwgJeHmEvKdWwsc7
-PmoypeqPtoUoEF+bK7o7H70CgYAYlYaHlrX+AuK4766XsgTJ9dEVrrKr2enEL2cU
-+THHLXC7pO+pTMprQ4a4ECLc4tK2BZYblyJoMqdRA2q7dXm0W/eX+Q31cV4OjZTS
-4KFj0ANVxMWhKdSVvdZFhTFwaQ9DgXoJexCQ58VJjZiu25FH5dJDi0w9JKaNfPm9
-eym0AQKBgHhfqD9EXxazoP27NyZAFUSA3r4u06qFjbAEjbuJVAJNSuEu6Sht2uIg
-lCHpTPssDLHVSY0faQwY4vPqJZVg0k/rAu2VlvbJxYrdzXr8eTfPRJrhv/s/Tbro
-n1rmisBKov1P2Cu2e03a8+GDO3lpSZr9YNG/e7wggSbfAvqCoUDF
+MIIEowIBAAKCAQEArDQ1aDwWmStagi03N7ESJpJ0RIX5uXDb7bLnW9WZsOT1518l
+yOTME0gS9j/QZc4OZy2GMTGJM2CY24J1DBqkIfGnf0doP3TavOa9+UjjR1lOaUVy
+fQ+njXA1u+NVo6mft/oyi/rxiaygtCvjv45Tqyd3dzyvH4Fc7iDpjJEHTGnAHaR8
+7fgVmHsXA57ixUAm7kTu6srSGKPZbX5p1k0WDspI/aLuWV+ijFalL7pWLpmO4n91
+wbK9eleevQfbHnyxl5oHmfwDL6aE8NfvbFd/ASazt/O2SGqaaLHZNUQf3p1H32i4
+IQ0XUKbw4JtHWSSFZF4vo/S0JuKtvAVtnEq05QIDAQABAoIBAQCbfhUPhtp8+imi
+zANFFW2nSK0VxsgEi4T7MIU6Zjh+A3CLuF2c9gPUEUuV8W9SzeoxfmjieLFDpCDC
+bR0VjeTRBazR//+A9RoiYlP+CbO4FEr6QYwsovsPetf6TT9iJeMjtBb6UODTCP6f
+UdY3fOPN8zgrga87yorINw3MMJSfiI21zSzCkueOQloktBgih5Wueu8FDFUB2fVa
+uLTUa+wOhXUBPyF5OXLox5TxE6gBPkiUsnNXP8X/kHLPk2iBQmdxz+uwG/Pz6pS2
+JsmX2WzFJ0+Rj4cJpoa4Ev5uAx79kcXnQT3d5/HIwuh7ZEMKorb1m8w8lhAW4ARU
+ddjhLkWhAoGBAOCpDGfLwQHWVejOcjEwfWts0hHLdlNfZEgsLSex2k/U6Mk1TjCo
+tAHQOvmqxZDxypJEem3RPaWZh+gttTpHvGkS9fsvTpyARcDp0FXI40hwARPsnMbI
+0fDmpVfOOLZdQKMDg42TrZC/mipU68gFP/rYC7xalJs0pe0LL3ffsSC5AoGBAMQ5
+3V6nuucpL87I0fKg56z0/3lcRxI46KuIXhHSAjxNb76cQuxiK8s5TPCot3Unq6GQ
+R7Y+dYd1FVEh2i3Q7/Yh/BSeYiDcDf5aELCwY32O/OnSSoNTbgGR5FT+/SHJK5bg
+j/O5S7+dajqtC2JZJl8smOeB5c187bc4FU72+6eNAoGAZUiRSTI434Ur0ftQzBBa
+WtYClvctb0TwRwFzkhPCon8QO7YGfDVygebIz8pHq6L2ep7Yuy28Jy5icTA6Jf41
+WQGtWALp4/CIggJnZGVe4kdslPj1bUEYNQ0mucFFHCJKg7OP2YIcm8dlz3PdoJ2N
+TJ+eGtqTaK2BqK6ERfzZNDECgYBbVTOcYyWzgpAmB4LxE8PB1Sc0LadG7AYgERD3
+6m/v8XsZlVHxBKCtrrYJLf52IUjZonY+dUPvEKgjY0ZSHPYT8i2Ky02RTduVkAZE
+t1UXk/5UNvVHuwVw5Z8JkMXxe9k2GL/oCU8gmPxg4zpxRF1/3xosZ2G3C3b52LjS
+UFNB4QKBgDX2UmLgRHAXDsmksNZaMUSNk+xws0B1M/EDd9h7e79ilENkOPDLo5+E
+z22WPNrgzKEUz44FZZOsislfPE7ffgQcRTxtNWqoElwxuHLuy46jaReL7zJSDtpv
+wtn4YoOpH0DnC994nziTQif33FBF/2o8hWoq4vcXKNSMGTwGzi/a
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
new file mode 100644
index 000000000..bc9b7c760
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac!</b>
+in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
+the established tunnel.
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
new file mode 100644
index 000000000..3ec271cf1
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec statusall::rw.*IPsec SA established::YES
+carol::ipsec statusall::home.*IPsec SA established::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::ESP proposal: AES_GMAC_256::YES
+carol::ipsec statusall::ESP proposal: AES_GMAC_256::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..69ef8d49d
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,26 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=aes256-sha384-modp2048!
+	esp=aes256gmac!
+
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..41a583763
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	ike=aes256-sha384-modp2048!
+	esp=aes256gmac!
+
+conn rw
+	left=PH_IP_MOON
+	leftfirewall=yes
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/test.conf b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf
new file mode 100644
index 000000000..acb73b06f
--- /dev/null
+++ b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
index 5a444f19c..90eb30a9b 100644
--- a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf
@@ -4,7 +4,7 @@ pluto {
   load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
index 5a444f19c..90eb30a9b 100644
--- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -4,7 +4,7 @@ pluto {
   load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev1/ip-pool/description.txt b/testing/tests/ikev1/ip-pool/description.txt
new file mode 100644
index 000000000..b3f584c57
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/description.txt
@@ -0,0 +1,10 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>.
+Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv1 Mode Config payload
+by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual
+IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously
+increasing order. 
+<p>
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass
+the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping
+the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two
+pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively.
diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat
new file mode 100644
index 000000000..f67ab321b
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/evaltest.dat
@@ -0,0 +1,26 @@
+carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES
+carol::ip addr list dev eth0::PH_IP_CAROL1::YES
+carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES
+carol::ipsec status::home.*IPsec SA established::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES
+dave::ip addr list dev eth0::PH_IP_DAVE1::YES
+dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES
+dave::ipsec status::home.*IPsec SA established::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool::YES
+moon::cat /var/log/auth.log::peer requested virtual IP %any::YES
+moon::cat /var/log/auth.log::assigning virtual IP::YES
+moon::ipsec leases rw::2/15, 2 online::YES
+moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES
+moon::ipsec statusall::rw.*carol@strongswan.org.*erouted::YES
+moon::ipsec statusall::rw.*dave@strongswan.org.*erouted::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..0c770de9f
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..163c19516
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..ddedd7e7b
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn rw
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=%any
+	rightsourceip=10.3.0.0/28
+	auto=add
diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-pool/posttest.dat b/testing/tests/ikev1/ip-pool/posttest.dat
new file mode 100644
index 000000000..a68e84cbd
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/posttest.dat
@@ -0,0 +1,8 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+dave::ip addr del 10.3.0.2/32 dev eth0
diff --git a/testing/tests/ikev1/ip-pool/pretest.dat b/testing/tests/ikev1/ip-pool/pretest.dat
new file mode 100644
index 000000000..014e80517
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/pretest.dat
@@ -0,0 +1,10 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev1/ip-pool/test.conf b/testing/tests/ikev1/ip-pool/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev1/ip-pool/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/description.txt b/testing/tests/ikev1/ip-two-pools-mixed/description.txt
new file mode 100644
index 000000000..3869ced0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/description.txt
@@ -0,0 +1,9 @@
+The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
+Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
+<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
+addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
+to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from an SQLite-based pool
+named <b>intpool</b> [10.4.0.1..10.4.1.244] to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
+<p>
+Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and 
+both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
new file mode 100644
index 000000000..f237ce53f
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat
@@ -0,0 +1,17 @@
+carol::ipsec status::home.*IPsec SA established::YES
+alice::ipsec status::home.*IPsec SA established::YES
+moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
+moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon::ipsec leases ext::1/15, 1 online::YES
+moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES
+moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
new file mode 100755
index 000000000..97b773645
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables
@@ -0,0 +1,78 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+	before net
+	need logger
+}
+
+start() {
+	ebegin "Starting firewall"
+
+	# default policy is DROP
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P OUTPUT DROP
+	/sbin/iptables -P FORWARD DROP
+
+        # allow ESP 
+        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+        iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+	# allow IKE
+        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+			
+	# allow MOBIKE 
+	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+
+	# allow crl fetch from winnetou
+	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+	# allow ssh
+	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+	
+			if [ $a == nat ]; then
+				/sbin/iptables -t nat -P PREROUTING ACCEPT
+				/sbin/iptables -t nat -P POSTROUTING ACCEPT
+				/sbin/iptables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				/sbin/iptables -t mangle -P PREROUTING ACCEPT
+				/sbin/iptables -t mangle -P INPUT ACCEPT
+				/sbin/iptables -t mangle -P FORWARD ACCEPT
+				/sbin/iptables -t mangle -P OUTPUT ACCEPT
+				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				/sbin/iptables -t filter -P INPUT ACCEPT
+				/sbin/iptables -t filter -P FORWARD ACCEPT
+				/sbin/iptables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+reload() {
+	ebegin "Flushing firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+		done;
+        eend $?
+	start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..e8077b22a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+		
+conn home 
+	left=%defaultroute
+	leftsourceip=%config
+	leftcert=aliceCert.pem
+	leftid=alice@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON1
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..99a8c60ff
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..bb9d03acd
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+	before net
+	need logger
+}
+
+start() {
+	ebegin "Starting firewall"
+
+	# enable IP forwarding
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	
+	# default policy is DROP
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P OUTPUT DROP
+	/sbin/iptables -P FORWARD DROP
+
+	# allow esp
+	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+        iptables -A INPUT  -i eth1 -p 50 -j ACCEPT
+        iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
+
+	# allow IKE
+	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+        iptables -A INPUT  -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
+        iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
+
+	# allow MobIKE
+	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+        iptables -A INPUT  -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
+        iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+	# allow crl fetch from winnetou
+	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+	iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+	# masquerade crl fetches to winnetou
+	iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
+
+	# allow ssh
+	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+	
+			if [ $a == nat ]; then
+				/sbin/iptables -t nat -P PREROUTING ACCEPT
+				/sbin/iptables -t nat -P POSTROUTING ACCEPT
+				/sbin/iptables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				/sbin/iptables -t mangle -P PREROUTING ACCEPT
+				/sbin/iptables -t mangle -P INPUT ACCEPT
+				/sbin/iptables -t mangle -P FORWARD ACCEPT
+				/sbin/iptables -t mangle -P OUTPUT ACCEPT
+				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				/sbin/iptables -t filter -P INPUT ACCEPT
+				/sbin/iptables -t filter -P FORWARD ACCEPT
+				/sbin/iptables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+reload() {
+	ebegin "Flushing firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+		done;
+        eend $?
+	start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..e844ba989
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=%any
+
+conn int 
+	left=PH_IP_MOON1
+	rightsourceip=%intpool
+	auto=add
+
+conn ext 
+	left=PH_IP_MOON
+	rightsourceip=10.3.0.0/28
+	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..90eb30a9b
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,17 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql
+}
+
+libhydra {
+  plugins {
+    attr-sql {
+      database = sqlite:///etc/ipsec.d/ipsec.db
+    }
+  }
+}
+
+pool {
+  load = sqlite
+}
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
new file mode 100644
index 000000000..74e3cf2c0
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat
@@ -0,0 +1,13 @@
+carol::ipsec stop
+alice::ipsec stop
+moon::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+alice::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+alice::ip addr del 10.4.0.1/32 dev eth0
+moon::ip route del 10.3.0.0/16 via PH_IP_MOON
+moon::ip route del 10.4.0.0/16 via PH_IP_MOON1
+moon::conntrack -F
+moon::ipsec pool --del intpool 2> /dev/null
+moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
new file mode 100644
index 000000000..21e28ce0c
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat
@@ -0,0 +1,15 @@
+moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql
+moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db
+moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout  0 2> /dev/null
+moon::ip route add 10.3.0.0/16 via PH_IP_MOON
+moon::ip route add 10.4.0.0/16 via PH_IP_MOON1
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+moon::ipsec start
+alice::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+alice::ipsec up home
+alice::sleep 1
diff --git a/testing/tests/ikev1/ip-two-pools-mixed/test.conf b/testing/tests/ikev1/ip-two-pools-mixed/test.conf
new file mode 100644
index 000000000..329774c0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools-mixed/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice carol"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/ip-two-pools/description.txt b/testing/tests/ikev1/ip-two-pools/description.txt
new file mode 100644
index 000000000..33a5187c5
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/description.txt
@@ -0,0 +1,9 @@
+The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>.
+Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the
+<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP
+addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting
+to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from a simple pool defined 
+by <b>rightsourceip=10.4.0.0/28</b> to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface.
+<p>
+Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and 
+both ping the gateway <b>moon</b>.
diff --git a/testing/tests/ikev1/ip-two-pools/evaltest.dat b/testing/tests/ikev1/ip-two-pools/evaltest.dat
new file mode 100644
index 000000000..2f19a77ba
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/evaltest.dat
@@ -0,0 +1,18 @@
+carol::ipsec status::home.*IPsec SA established::YES
+alice::ipsec status::home.*IPsec SA established::YES
+moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES
+moon::ipsec status::int.*alice@strongswan.org.*erouted::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES
+moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES
+moon::ipsec leases ext::1/15, 1 online::YES
+moon::ipsec leases int::1/15, 1 online::YES
+moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES
+moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES
+carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES
+alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES
+carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES
+alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES
+carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES
+alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
new file mode 100755
index 000000000..97b773645
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables
@@ -0,0 +1,78 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+	before net
+	need logger
+}
+
+start() {
+	ebegin "Starting firewall"
+
+	# default policy is DROP
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P OUTPUT DROP
+	/sbin/iptables -P FORWARD DROP
+
+        # allow ESP 
+        iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+        iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+	# allow IKE
+        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+			
+	# allow MOBIKE 
+	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+
+	# allow crl fetch from winnetou
+	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+	# allow ssh
+	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+	
+			if [ $a == nat ]; then
+				/sbin/iptables -t nat -P PREROUTING ACCEPT
+				/sbin/iptables -t nat -P POSTROUTING ACCEPT
+				/sbin/iptables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				/sbin/iptables -t mangle -P PREROUTING ACCEPT
+				/sbin/iptables -t mangle -P INPUT ACCEPT
+				/sbin/iptables -t mangle -P FORWARD ACCEPT
+				/sbin/iptables -t mangle -P OUTPUT ACCEPT
+				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				/sbin/iptables -t filter -P INPUT ACCEPT
+				/sbin/iptables -t filter -P FORWARD ACCEPT
+				/sbin/iptables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+reload() {
+	ebegin "Flushing firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+		done;
+        eend $?
+	start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
new file mode 100755
index 000000000..e8077b22a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+		
+conn home 
+	left=%defaultroute
+	leftsourceip=%config
+	leftcert=aliceCert.pem
+	leftid=alice@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON1
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..99a8c60ff
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..bb9d03acd
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+	before net
+	need logger
+}
+
+start() {
+	ebegin "Starting firewall"
+
+	# enable IP forwarding
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	
+	# default policy is DROP
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P OUTPUT DROP
+	/sbin/iptables -P FORWARD DROP
+
+	# allow esp
+	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+        iptables -A INPUT  -i eth1 -p 50 -j ACCEPT
+        iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT
+
+	# allow IKE
+	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+        iptables -A INPUT  -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT
+        iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT
+
+	# allow MobIKE
+	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+        iptables -A INPUT  -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT
+        iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+	# allow crl fetch from winnetou
+	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+	iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+	# masquerade crl fetches to winnetou
+	iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE
+
+	# allow ssh
+	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+	
+			if [ $a == nat ]; then
+				/sbin/iptables -t nat -P PREROUTING ACCEPT
+				/sbin/iptables -t nat -P POSTROUTING ACCEPT
+				/sbin/iptables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				/sbin/iptables -t mangle -P PREROUTING ACCEPT
+				/sbin/iptables -t mangle -P INPUT ACCEPT
+				/sbin/iptables -t mangle -P FORWARD ACCEPT
+				/sbin/iptables -t mangle -P OUTPUT ACCEPT
+				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				/sbin/iptables -t filter -P INPUT ACCEPT
+				/sbin/iptables -t filter -P FORWARD ACCEPT
+				/sbin/iptables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+reload() {
+	ebegin "Flushing firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+		done;
+        eend $?
+	start
+}
+
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..4771e26d6
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,28 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	charonstart=no
+	plutodebug=control
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev1
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+	right=%any
+
+conn int 
+	left=PH_IP_MOON1
+	rightsourceip=10.4.0.0/28
+	auto=add
+
+conn ext 
+	left=PH_IP_MOON
+	rightsourceip=10.3.0.0/28
+	auto=add
diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..ba5dbdd1d
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+pluto {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+}
+
+# pluto uses optimized DH exponent sizes (RFC 3526)
+
+libstrongswan {
+  dh_exponent_ansi_x9_42 = no
+}
diff --git a/testing/tests/ikev1/ip-two-pools/posttest.dat b/testing/tests/ikev1/ip-two-pools/posttest.dat
new file mode 100644
index 000000000..4474e5ade
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/posttest.dat
@@ -0,0 +1,12 @@
+alice::ipsec stop
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+alice::/etc/init.d/iptables stop 2> /dev/null
+carol::ip addr del 10.3.0.1/32 dev eth0
+alice::ip addr del 10.4.0.1/32 dev eth0
+moon::ip route del 10.3.0.0/16 via 192.168.0.1
+moon::ip route del 10.4.0.0/16 via 10.1.0.1
+moon::conntrack -F
+moon::rm /etc/ipsec.d/ipsec.*
diff --git a/testing/tests/ikev1/ip-two-pools/pretest.dat b/testing/tests/ikev1/ip-two-pools/pretest.dat
new file mode 100644
index 000000000..8091a6ed2
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/pretest.dat
@@ -0,0 +1,12 @@
+moon::ip route add 10.3.0.0/16 via 192.168.0.1
+moon::ip route add 10.4.0.0/16 via 10.1.0.1
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+alice::/etc/init.d/iptables start 2> /dev/null
+carol::ipsec start
+moon::ipsec start
+alice::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+alice::ipsec up home
+alice::sleep 1 
diff --git a/testing/tests/ikev1/ip-two-pools/test.conf b/testing/tests/ikev1/ip-two-pools/test.conf
new file mode 100644
index 000000000..329774c0a
--- /dev/null
+++ b/testing/tests/ikev1/ip-two-pools/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="alice carol"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="alice moon carol"
diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
index 83cdb0d28..21493adc3 100644
--- a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr
   dns1 = PH_IP_WINNETOU
   dns2 = PH_IP6_VENUS
 }
diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
index 83cdb0d28..21493adc3 100644
--- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr
   dns1 = PH_IP_WINNETOU
   dns2 = PH_IP6_VENUS
 }
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev1/protoport-route/pretest.dat b/testing/tests/ikev1/protoport-route/pretest.dat
index b1fc81827..d52aeaeb8 100644
--- a/testing/tests/ikev1/protoport-route/pretest.dat
+++ b/testing/tests/ikev1/protoport-route/pretest.dat
@@ -2,7 +2,7 @@ moon::/etc/init.d/iptables start 2> /dev/null
 carol::/etc/init.d/iptables start 2> /dev/null
 moon::ipsec start
 carol::ipsec start
-carol::sleep 1
+carol::sleep 3 
 carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname
-carol::ping -c 1 PH_IP_ALICE > /dev/null
-carol::sleep 2
+carol::ping -c 1 PH_IP_MOON1 > /dev/null
+carol::sleep 2 
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index 95ec73753..336227af7 100644
--- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   dh_exponent_ansi_x9_42 = no
-  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown
+  load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-modp-subgroup/description.txt b/testing/tests/ikev2/alg-modp-subgroup/description.txt
new file mode 100644
index 000000000..cb7d11720
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/description.txt
@@ -0,0 +1,14 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each 
+to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b>
+with <b>Prime Order Subgroups</b>.
+<p/>
+<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas
+<b>dave</b> proposes MODP_2048_224 and MODP_2048_256.
+Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to
+MODP_1024_160 and MODP_2048_256, respectively.
+<p/>
+Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b>
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
+
diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
new file mode 100644
index 000000000..80df206bf
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat
@@ -0,0 +1,15 @@
+carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES
+dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES
+moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES
+carol::ipsec statusall::home.*ESTABLISHED::YES
+carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES
+dave::ipsec statusall::home.*ESTABLISHED::YES
+dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..257923d02
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160!
+
+conn home
+	left=PH_IP_CAROL
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..9b5247973
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256!
+
+conn home
+	left=PH_IP_DAVE
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightid=@moon.strongswan.org
+	rightsubnet=10.1.0.0/16
+	auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..2b66e3400
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160!
+
+conn rw
+	left=PH_IP_MOON
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	leftfirewall=yes
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/alg-modp-subgroup/posttest.dat b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
new file mode 100644
index 000000000..42e9d7c24
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat
@@ -0,0 +1,9 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+dave::ipsec start
+carol::sleep 1
+carol::ipsec up home
+dave::ipsec up home
diff --git a/testing/tests/ikev2/alg-modp-subgroup/test.conf b/testing/tests/ikev2/alg-modp-subgroup/test.conf
new file mode 100644
index 000000000..70416826e
--- /dev/null
+++ b/testing/tests/ikev2/alg-modp-subgroup/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
index 4ae78cec5..06304115b 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   send_vendor_id = yes
 }
diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
index 4ae78cec5..06304115b 100644
--- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   send_vendor_id = yes
 }
diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
index 86a0257ad..3fbdad4f9 100644
--- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
 }
diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
 }
diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
index 51810734d..223ed67a3 100644
--- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown attr
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr
   dns1 = PH_IP_WINNETOU
   dns2 = PH_IP_VENUS
 }
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
index c466dc8cf..4890be7cc 100644
--- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
 
 scepclient {
diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
index c466dc8cf..4890be7cc 100644
--- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
 
 scepclient {
diff --git a/testing/tests/ikev2/dhcp-dynamic/description.txt b/testing/tests/ikev2/dhcp-dynamic/description.txt
new file mode 100644
index 000000000..b29a1de78
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/description.txt
@@ -0,0 +1,8 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned dynamically
+by <b>venus</b> from the pool 10.1.0.50..10.1.0.60 so that <b>carol</b> and <b>dave</b> become full members
+of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to the <b>farp</b> plugin
+through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b> who wants to ping
+<b>carol</b> and <b>dave</b>. 
diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
new file mode 100644
index 000000000..b3814084f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option routers 10.1.0.1;
+  option broadcast-address 10.1.255.255;
+  option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+  option netbios-name-servers PH_IP_VENUS;
+
+  # dynamic address pool for visitors
+  range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+	before net
+	need logger
+}
+
+start() {
+	ebegin "Starting firewall"
+
+	# enable IP forwarding
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	
+	# default policy is DROP
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P OUTPUT DROP
+	/sbin/iptables -P FORWARD DROP
+
+	# allow bootpc and bootps
+	iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+	iptables -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
+
+	# allow broadcasts from eth1
+	iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+	# allow esp
+	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+	# allow IKE
+	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+	# allow MobIKE
+	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+	# allow crl fetch from winnetou
+	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+	# allow ssh
+	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+        # log dropped packets
+        iptables -A INPUT  -j LOG --log-prefix " IN: "
+        iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+	
+			if [ $a == nat ]; then
+				/sbin/iptables -t nat -P PREROUTING ACCEPT
+				/sbin/iptables -t nat -P POSTROUTING ACCEPT
+				/sbin/iptables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				/sbin/iptables -t mangle -P PREROUTING ACCEPT
+				/sbin/iptables -t mangle -P INPUT ACCEPT
+				/sbin/iptables -t mangle -P FORWARD ACCEPT
+				/sbin/iptables -t mangle -P OUTPUT ACCEPT
+				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				/sbin/iptables -t filter -P INPUT ACCEPT
+				/sbin/iptables -t filter -P FORWARD ACCEPT
+				/sbin/iptables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+reload() {
+	ebegin "Flushing firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+		done;
+        eend $?
+	start
+}
+
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+
+conn rw
+	right=%any
+	rightsourceip=%dhcp
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..146c81f48
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+  plugins {
+    dhcp {
+      server = 10.1.255.255
+    }
+  }
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..2176af702
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,14 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option domain-name          "strongswan.org";
+  option domain-name-servers   10.1.0.20;
+  option netbios-name-servers  10.1.0.10;
+  option routers               10.1.0.1;
+  option broadcast-address     10.1.255.255;
+  next-server                  10.1.0.20;
+
+  range 10.1.0.50 10.1.0.60;
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..2d35dfd64
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,7 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+	need net
+	need logger
+}
+
+start() {
+	ebegin "Starting DHCP server"
+	start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping DHCP server"
+	start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+	rm -f /var/state/dhcp/dhcpd.leases
+	touch /var/state/dhcp/dhcpd.leases
+	eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
new file mode 100644
index 000000000..1f5487596
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat
@@ -0,0 +1,10 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::cat /var/state/dhcp/dhcpd.leases
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.50
+alice::arp -d 10.1.0.51
diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-dynamic/test.conf b/testing/tests/ikev2/dhcp-dynamic/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-dynamic/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/dhcp-static-client-id/description.txt b/testing/tests/ikev2/dhcp-static-client-id/description.txt
new file mode 100644
index 000000000..d253a8865
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically 
+by <b>venus</b> based on the IKEv2 peer identities <b>carol@strongswan.org</b> and <b>dave@strongswan.org</b>,
+respectively, included by the dhcp plugin as a <b>dhcp-client-identity</b> option in the DHCP request.
+<p/> 
+With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b>
+become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to
+the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b>
+who wants to ping <b>carol</b> and <b>dave</b>. 
diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
new file mode 100644
index 000000000..8abd2416a
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option routers 10.1.0.1;
+  option broadcast-address 10.1.255.255;
+  option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+  option netbios-name-servers PH_IP_VENUS;
+
+  # dynamic address pool for visitors
+  range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+	before net
+	need logger
+}
+
+start() {
+	ebegin "Starting firewall"
+
+	# enable IP forwarding
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	
+	# default policy is DROP
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P OUTPUT DROP
+	/sbin/iptables -P FORWARD DROP
+
+	# allow bootpc and bootps
+	iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+	iptables -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
+
+	# allow broadcasts from eth1
+	iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+	# allow esp
+	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+	# allow IKE
+	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+	# allow MobIKE
+	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+	# allow crl fetch from winnetou
+	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+	# allow ssh
+	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+        # log dropped packets
+        iptables -A INPUT  -j LOG --log-prefix " IN: "
+        iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+	
+			if [ $a == nat ]; then
+				/sbin/iptables -t nat -P PREROUTING ACCEPT
+				/sbin/iptables -t nat -P POSTROUTING ACCEPT
+				/sbin/iptables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				/sbin/iptables -t mangle -P PREROUTING ACCEPT
+				/sbin/iptables -t mangle -P INPUT ACCEPT
+				/sbin/iptables -t mangle -P FORWARD ACCEPT
+				/sbin/iptables -t mangle -P OUTPUT ACCEPT
+				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				/sbin/iptables -t filter -P INPUT ACCEPT
+				/sbin/iptables -t filter -P FORWARD ACCEPT
+				/sbin/iptables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+reload() {
+	ebegin "Flushing firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+		done;
+        eend $?
+	start
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+
+conn rw
+	right=%any
+	rightsourceip=%dhcp
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..146c81f48
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,10 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+  plugins {
+    dhcp {
+      server = 10.1.255.255
+    }
+  }
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..44ee681b6
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,25 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option domain-name            "strongswan.org";
+  option domain-name-servers     10.1.0.20;
+  option netbios-name-servers    10.1.0.10;
+  option routers                 10.1.0.1;
+  option broadcast-address       10.1.255.255;
+  next-server                    10.1.0.20;
+
+  range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+  option dhcp-client-identifier "carol@strongswan.org";
+  fixed-address                  10.1.0.30;
+}
+
+host dave {
+  option dhcp-client-identifier "dave@strongswan.org";
+  fixed-address                  10.1.0.40;
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..5672236a0
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,9 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-host=id:carol@strongswan.org,10.1.0.30
+dhcp-host=id:dave@strongswan.org,10.1.0.40
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+	need net
+	need logger
+}
+
+start() {
+	ebegin "Starting DHCP server"
+	start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping DHCP server"
+	start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+	rm -f /var/state/dhcp/dhcpd.leases
+	touch /var/state/dhcp/dhcpd.leases
+	eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
new file mode 100644
index 000000000..e1aadc618
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat
@@ -0,0 +1,9 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-static-client-id/test.conf b/testing/tests/ikev2/dhcp-static-client-id/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-client-id/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/dhcp-static-mac/description.txt b/testing/tests/ikev2/dhcp-static-mac/description.txt
new file mode 100644
index 000000000..ed7525c87
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/description.txt
@@ -0,0 +1,12 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server
+information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically 
+by <b>venus</b> based on the user-defined MAC address derived by the <b>dhcp</b> plugin from a hash over
+the client identity. This deterministic MAC generation is activated with the strongswan.conf setting
+<b>charon.plugins.dhcp.identity_lease = yes</b>.
+<p/> 
+With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b>
+become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to
+the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b>
+who wants to ping <b>carol</b> and <b>dave</b>. 
diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
new file mode 100644
index 000000000..8abd2416a
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES
+moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf
new file mode 100644
index 000000000..0340d5669
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf
@@ -0,0 +1,9 @@
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option routers 10.1.0.1;
+  option broadcast-address 10.1.255.255;
+  option domain-name servers PH_IP_WINNETOU PH_IP_VENUS
+  option netbios-name-servers PH_IP_VENUS;
+
+  # dynamic address pool for visitors
+  range 10.1.0.30 10.1.0.50;
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..058bebb2d
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,91 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+	before net
+	need logger
+}
+
+start() {
+	ebegin "Starting firewall"
+
+	# enable IP forwarding
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	
+	# default policy is DROP
+	/sbin/iptables -P INPUT DROP
+	/sbin/iptables -P OUTPUT DROP
+	/sbin/iptables -P FORWARD DROP
+
+	# allow bootpc and bootps
+	iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
+	iptables -A INPUT  -p udp --sport bootps --dport bootps -j ACCEPT
+
+	# allow broadcasts from eth1
+	iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT
+
+	# allow esp
+	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+	# allow IKE
+	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+	# allow MobIKE
+	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+	# allow crl fetch from winnetou
+	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+	# allow ssh
+	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
+	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+        # log dropped packets
+        iptables -A INPUT  -j LOG --log-prefix " IN: "
+        iptables -A OUTPUT -j LOG --log-prefix " OUT: "
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+	
+			if [ $a == nat ]; then
+				/sbin/iptables -t nat -P PREROUTING ACCEPT
+				/sbin/iptables -t nat -P POSTROUTING ACCEPT
+				/sbin/iptables -t nat -P OUTPUT ACCEPT
+			elif [ $a == mangle ]; then
+				/sbin/iptables -t mangle -P PREROUTING ACCEPT
+				/sbin/iptables -t mangle -P INPUT ACCEPT
+				/sbin/iptables -t mangle -P FORWARD ACCEPT
+				/sbin/iptables -t mangle -P OUTPUT ACCEPT
+				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
+			elif [ $a == filter ]; then
+				/sbin/iptables -t filter -P INPUT ACCEPT
+				/sbin/iptables -t filter -P FORWARD ACCEPT
+				/sbin/iptables -t filter -P OUTPUT ACCEPT
+			fi
+		done
+	eend $?
+}
+
+reload() {
+	ebegin "Flushing firewall"
+		for a in `cat /proc/net/ip_tables_names`; do
+			/sbin/iptables -F -t $a
+			/sbin/iptables -X -t $a
+		done;
+        eend $?
+	start
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..3868a7a38
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,23 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+
+conn rw
+	right=%any
+	rightsourceip=%dhcp
+	auto=add
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..40c3c2418
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp
+  plugins {
+    dhcp {
+      server = 10.1.255.255
+      identity_lease = yes
+    }
+  }
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
new file mode 100644
index 000000000..20666f701
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf
@@ -0,0 +1,25 @@
+# dhcpd configuration file
+
+ddns-update-style none;
+
+subnet 10.1.0.0 netmask 255.255.0.0 {
+  option domain-name          "strongswan.org";
+  option domain-name-servers   10.1.0.20;
+  option netbios-name-servers  10.1.0.10;
+  option routers               10.1.0.1;
+  option broadcast-address     10.1.255.255;
+  next-server                  10.1.0.20;
+
+  range 10.1.0.50 10.1.0.60;
+}
+
+host carol {
+  hardware ethernet            7a:a7:8f:fc:db:3b;
+  fixed-address                10.1.0.30;
+}
+
+host dave {
+  hardware ethernet            7a:a7:35:78:bc:85;
+  fixed-address                10.1.0.40;
+}
+
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
new file mode 100644
index 000000000..e3729081f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf
@@ -0,0 +1,9 @@
+interface=eth0
+dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255
+dhcp-host=7a:a7:8f:fc:db:3b,10.1.0.30
+dhcp-host=7a:a7:35:78:bc:85,10.1.0.40
+dhcp-option=option:router,10.1.0.1
+dhcp-option=option:dns-server,10.1.0.20
+dhcp-option=option:netbios-ns,10.1.0.10
+dhcp-option=option:domain-name,strongswan.org
+log-dhcp
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd
new file mode 100755
index 000000000..4044dcc35
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop"
+
+depend() {
+	need net
+	need logger
+}
+
+start() {
+	ebegin "Starting DHCP server"
+	start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping DHCP server"
+	start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid
+	rm -f /var/state/dhcp/dhcpd.leases
+	touch /var/state/dhcp/dhcpd.leases
+	eend $?
+}
diff --git a/testing/tests/ikev2/dhcp-static-mac/posttest.dat b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
new file mode 100644
index 000000000..e1aadc618
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/posttest.dat
@@ -0,0 +1,9 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+venus::/etc/init.d/dhcpd stop 2> /dev/null
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
new file mode 100644
index 000000000..bd36b4fe3
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+venus::cat /etc/dhcpd.conf
+venus::/etc/init.d/dhcpd start 2> /dev/null
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/dhcp-static-mac/test.conf b/testing/tests/ikev2/dhcp-static-mac/test.conf
new file mode 100644
index 000000000..a2ad7b25f
--- /dev/null
+++ b/testing/tests/ikev2/dhcp-static-mac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice venus moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-v-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
new file mode 100644
index 000000000..823ec253d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt
@@ -0,0 +1,4 @@
+Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only
+ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b>
+in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks
+the established tunnel.
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
new file mode 100644
index 000000000..534f6d452
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat
@@ -0,0 +1,7 @@
+moon::ipsec statusall::rw.*INSTALLED::YES
+carol::ipsec statusall::home.*INSTALLED::YES
+carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec statusall::NULL_AES_GMAC_256::YES
+carol::ipsec statusall::NULL_AES_GMAC_256::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..f3a266c7d
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,25 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-aesxcbc-modp2048!
+	esp=aes256gmac-modp2048!
+
+conn home
+	left=PH_IP_CAROL
+	leftfirewall=yes
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add 
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..bbdb38301
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+        crlcheckinterval=180
+	strictcrlpolicy=yes
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	ike=aes256-aesxcbc-modp2048!
+	esp=aes256gmac-modp2048!
+
+conn rw
+	left=PH_IP_MOON
+	leftfirewall=yes
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftsubnet=10.1.0.0/16
+	right=%any
+	auto=add
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..de9ae45cc
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
+}
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat
new file mode 100644
index 000000000..94a400606
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat
@@ -0,0 +1,4 @@
+moon::ipsec stop
+carol::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
new file mode 100644
index 000000000..f360351e1
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat
@@ -0,0 +1,6 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+moon::ipsec start
+carol::ipsec start
+carol::sleep 1 
+carol::ipsec up home
diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/test.conf b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf
new file mode 100644
index 000000000..acb73b06f
--- /dev/null
+++ b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="moon carol winnetou"
+
+# Corresponding block diagram
+#
+DIAGRAM="m-c-w.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol"
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/farp/description.txt b/testing/tests/ikev2/farp/description.txt
new file mode 100644
index 000000000..04e1c10e5
--- /dev/null
+++ b/testing/tests/ikev2/farp/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>
+and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b>
+parameter. The virtual addresses assigned to the clients by gateway <b>moon</b> belong to the
+subnet 10.1.0.0/16 hidden behind the gateway so that <b>carol</b> and <b>dave</b> become full members of
+this network. And this thanks to the <b>farp</b> plugin through which <b>moon</b> acts as a proxy
+for ARP requests e.g. from <b>alice</b> who wants to ping <b>carol</b> and <b>dave</b>. 
diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat
new file mode 100644
index 000000000..d48812f47
--- /dev/null
+++ b/testing/tests/ikev2/farp/evaltest.dat
@@ -0,0 +1,22 @@
+carol::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+dave::ipsec status::home.*INSTALLED::YES
+alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES
+dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
+moon::ipsec status::rw-carol.*INSTALLED::YES
+moon::ipsec status::rw-dave.*INSTALLED::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES
+alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES
+alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
new file mode 100755
index 000000000..a19f6cfae
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_CAROL
+	leftsourceip=%config
+	leftcert=carolCert.pem
+	leftid=carol@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
new file mode 100755
index 000000000..1a89f4e5d
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf
@@ -0,0 +1,24 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+
+conn home
+	left=PH_IP_DAVE
+	leftsourceip=%config
+	leftcert=daveCert.pem
+	leftid=dave@strongswan.org
+	leftfirewall=yes
+	right=PH_IP_MOON
+	rightsubnet=10.1.0.0/16
+	rightid=@moon.strongswan.org
+	auto=add
diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..5af37dc90
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,5 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
+}
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..19dd5d3e6
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,30 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+config setup
+	crlcheckinterval=180
+	strictcrlpolicy=no
+	plutostart=no
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	keyexchange=ikev2
+	left=PH_IP_MOON
+	leftsubnet=10.1.0.0/16
+	leftcert=moonCert.pem
+	leftid=@moon.strongswan.org
+	leftfirewall=yes
+
+conn rw-carol
+	right=%any
+	rightid=carol@strongswan.org
+	rightsourceip=10.1.0.30
+	auto=add
+
+conn rw-dave
+	right=%any
+	rightid=dave@strongswan.org
+	rightsourceip=10.1.0.40
+	auto=add
diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..4585d928a
--- /dev/null
+++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,7 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+charon {
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp
+  dns1 = PH_IP_WINNETOU
+  dns2 = PH_IP_VENUS
+}
diff --git a/testing/tests/ikev2/farp/posttest.dat b/testing/tests/ikev2/farp/posttest.dat
new file mode 100644
index 000000000..7cebd7f25
--- /dev/null
+++ b/testing/tests/ikev2/farp/posttest.dat
@@ -0,0 +1,6 @@
+moon::ipsec stop
+carol::ipsec stop
+dave::ipsec stop
+moon::/etc/init.d/iptables stop 2> /dev/null
+carol::/etc/init.d/iptables stop 2> /dev/null
+dave::/etc/init.d/iptables stop 2> /dev/null
diff --git a/testing/tests/ikev2/farp/pretest.dat b/testing/tests/ikev2/farp/pretest.dat
new file mode 100644
index 000000000..709931e1b
--- /dev/null
+++ b/testing/tests/ikev2/farp/pretest.dat
@@ -0,0 +1,12 @@
+moon::/etc/init.d/iptables start 2> /dev/null
+carol::/etc/init.d/iptables start 2> /dev/null
+dave::/etc/init.d/iptables start 2> /dev/null
+alice::arp -d 10.1.0.30
+alice::arp -d 10.1.0.40
+carol::ipsec start
+dave::ipsec start
+moon::ipsec start
+carol::sleep 2 
+carol::ipsec up home
+dave::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/ikev2/farp/test.conf b/testing/tests/ikev2/farp/test.conf
new file mode 100644
index 000000000..1a8f2a4e0
--- /dev/null
+++ b/testing/tests/ikev2/farp/test.conf
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# UML instances used for this test
+
+# All UML instances that are required for this test
+#
+UMLHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# UML instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon alice"
+
+# UML instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
 }
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
index ff38e227b..5af37dc90 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve
 }
diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
index b7c598fca..626bec3ed 100644
--- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index b7c598fca..626bec3ed 100644
--- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
index 1ce52a848..70d66b20b 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
index 1ce52a848..70d66b20b 100644
--- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -1,10 +1,10 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
 }
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
 }
diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
   plugins {
     eap-radius {
       secret = gv6URkSs
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
index 3db5e8aef..908f85ac5 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
index 3db5e8aef..908f85ac5 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
index c9e6722ae..bb4af2c75 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
index 77f09f216..79348686d 100644
--- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   keep_alive = 1d 
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
 }
 
diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
 }
 
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
 }
 
diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
index 39d7154e2..949b9af16 100644
--- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown
 }
 
diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
index 87fa5b2e9..4e2fcf17b 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
index 87fa5b2e9..4e2fcf17b 100644
--- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
index 9af403198..291f08db1 100644
--- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   multiple_authentication = no
 }
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index 2990d6a12..69e5c05e3 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,25 +1,25 @@
 -----BEGIN CERTIFICATE-----
-MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ
+MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS
-BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy
-M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
+BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1
+N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP
 BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR
-dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO
-dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u
-57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw
-5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI
-hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC
-AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL
-qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy
+dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD
+hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9
+HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n
+3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz
+Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C
+AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE
+AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p
 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
-YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj
+YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj
 YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js
-LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA
-FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N
-Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp
-7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G
-+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm
-wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/
-MWjwPJs52qVJ3Ph++EF6bw==
+LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA
+ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG
+il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC
+CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU
+n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq
+8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/
+pwU12A3BovJKUaR0B7Uy2A==
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
index b91f9bf81..53e18680b 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi
-65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq
-8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6
-VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY
-hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu
-y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz
-0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX
-FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH
-gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z
-PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D
-nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El
-U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF
-mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm
-MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB
-UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy
-G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz
-Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY
-hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu
-PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah
-tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr
-s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy
-uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J
-ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu
-LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx
-Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU=
+MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq
+azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP
+nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk
+b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4
+H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm
+GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9
+N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r
+er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC
+kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV
+BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+
+Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN
+DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp
+waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt
+1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw
+RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm
+CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM
+eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl
+FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO
+auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx
+rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8
+iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx
+qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv
+/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA
+hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2
+5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index b76032480..91df37a81 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ
+MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV
-BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL
+BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT
 BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG
-9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS
-zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+
-1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN
-P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+
-+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP
-aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8
-MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY
-GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi
+0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6
+J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz
+VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH
+K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/
+5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8
+MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV
+MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL
 MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT
-EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
+EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3
 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v
-cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P
-p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw
-ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6
-Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA
-DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/
-Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+
+cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq
+OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5
+xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb
+E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e
+q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+
+JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 022436de4..86740e86a 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6
-OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW
-1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI
-mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe
-ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM
-pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0
-mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c
-JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz
-0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq
-8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0
-3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u
-U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ
-Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs
-MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS
-sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B
-oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7
-1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i
-bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7
-AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO
-9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX
-3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw
-px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP
-qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt
-/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/
-UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g==
+MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv
+MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII
+s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn
+J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF
+VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf
+anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk
+lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn
+PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph
+6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah
+sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m
+RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX
+lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw
+CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/
+l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ
+if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v
+yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH
+dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx
+h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct
+Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh
+w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK
+LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl
+7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u
+5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6
+4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA
+fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0=
 -----END RSA PRIVATE KEY-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
index 154cff654..d53365f78 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh
 cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
 ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD
@@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494
 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd
 VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV
 BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv
-bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg
-Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX
-fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq
-3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa
-0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1
-IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW
-Tfcyi+M=
+bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy
+FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp
+cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM
+POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t
+xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U
+dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW
+8sFmiZI=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
index e50477872..a10a18cba 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem
@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ
+MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
 MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE
+b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE
 BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz
 MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
 ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP
@@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/
 MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD
 VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI
 MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu
-IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV
-8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ
-9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr
-iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU
-uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv
-xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0=
+IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn
+Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S
+CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW
+AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284
+RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh
+M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg=
 -----END CERTIFICATE-----
diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index 3361ca6a4..ee0e454da 100644
--- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
index 5e93e0fe7..df11f5ea3 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
 }
diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
index 5e93e0fe7..df11f5ea3 100644
--- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
 }
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index cc2bb91d2..eef03e3b4 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
 }
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index cc2bb91d2..eef03e3b4 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
 }
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
index 6922ecc15..6609a2115 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown
 }
diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
   plugins {
     eap-radius {
       secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
 }
diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
index af2bc1675..a7f7b99ec 100644
--- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
   plugins {
     eap-radius {
       secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
 }
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
index 6495d6f6a..6fcf5999e 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown
 }
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
index 921db4c51..8d2f57828 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
+  load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
 }
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
index 921db4c51..8d2f57828 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown
+  load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
index 49f69ff0c..2435403a4 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
index 9f3c6bfa3..f0e7da85e 100644
--- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown
   plugins {
     eap-radius {
       secret = gv6URkSs
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
index fa662875d..e4ef757fb 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
   send_vendor_id = yes
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
index fa662875d..e4ef757fb 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
   send_vendor_id = yes
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
index ac8f98b70..d77218b77 100644
--- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
   send_vendor_id = yes
   plugins {
     eap-radius {
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
index af2bc1675..a7f7b99ec 100644
--- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown
   plugins {
     eap-radius {
       secret = gv6URkSs 
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
 }
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
index fcb1cf201..6e1818c9e 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
 }
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
index 572cf39cb..dd2df0670 100644
--- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default
 }
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
index c77902caa..29132e757 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   install_routes = no
 }
diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
index 6e9280e41..73d687a0c 100644
--- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
   install_routes=no
 }
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
index f82f32d1d..882ea04a5 100644
--- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
index 4732113fa..b71db18dd 100644
--- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -2,5 +2,5 @@
 
 charon {
   hash_and_url = yes
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
index dd817a963..6420b3414 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
index dd817a963..6420b3414 100644
--- a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
index 20d891cdc..f988d90b4 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
index 20d891cdc..f988d90b4 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
index 52a4e0d52..b8038df01 100644
--- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
index 97526cf99..807ca9411 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
index 06480bae6..a442b244d 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
index ab6f08e2d..6fcefc56a 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
index dbb64dbb4..aa50403d8 100644
--- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown
+  load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
index 06b1e9f48..de9ae45cc 100644
--- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
+++ b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
index 0768c2bb5..1d17b3614 100644
--- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
index 867d256bb..7d8cda47e 100644
--- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
 }
 
 libstrongswan {
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-pool-db-restart/pretest.dat b/testing/tests/sql/ip-pool-db-restart/pretest.dat
index 1d64321b5..b5108051c 100644
--- a/testing/tests/sql/ip-pool-db-restart/pretest.dat
+++ b/testing/tests/sql/ip-pool-db-restart/pretest.dat
@@ -17,3 +17,4 @@ dave::ipsec start
 carol::sleep 1
 dave::ipsec up home
 carol::ipsec up home
+carol::sleep 1
diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
index 9df154ee2..aed370ffa 100644
--- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve
 }
diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
index 9df154ee2..aed370ffa 100644
--- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve
 }
diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
index e377047a4..e99a7c505 100644
--- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -6,10 +6,10 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql
 }
 
-libstrongswan {
+libhydra {
   plugins {
     attr-sql {
       database = sqlite:///etc/ipsec.d/ipsec.db
diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
 
 libstrongswan {
diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
 
 libstrongswan {
diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
index 66be5fab4..49de2788e 100644
--- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
 
 libstrongswan {
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
index c45b3ebd8..a5a7d2017 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db
     }
   }
-  load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2
+  load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
 }
diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
index d892e54ad..52de80b19 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db
     }
   }
-  load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2
+  load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
 }
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
index 4d7891f5c..0dd41b380 100644
--- a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
index f66e8ba8a..a0d88cff1 100644
--- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }
diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
index ab0431b00..6e6641fa5 100644
--- a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
       database = sqlite:///etc/ipsec.d/ipsec.db 
     }
   }
-  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql
+  load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql
 }