Openswan has the most versatile and feature-rich IKE daemon called Pluto. It has been written from the ground up with security in mind. Even though people are easily confused when reading the log messages, they are nonetheless extremely precise. Pluto is very pedantic and will refuse to process or accept anything malformed. It has even been used as a reference implementation when testing commercial IKE daemons.
Every night, the Openswan project runs a nightly regression test suite on all of the code, including Pluto. If a code change breaks any functionality, it is automatically reported the next day on the nightly mailing list. There are also tests that check whether packets that should have been dropped have actually been dropped. Other tests check for bogus X.509 certificates, insecure CA chains, NAT traversal functionality, Dead Peer Detection, and many more tests. The test suite is shipped with the source code in the testing
subdirectory.
Anyone can run the...