When a new interface is added or an existing interface deleted, racoon takes some time to detect the change and then open/close the isakmp socket on the interface. This becomes an issue in our environment, because we want the change takes place as soon as possible. We have found this time can be reduced (to 0) by the following change:

diff -uNr ipsec-tools-0.6.5.orig/src/racoon/session.c ipsec-tools-0.6.5/src/racoon/session.c
--- ipsec-tools-0.6.5.orig/src/racoon/session.c 2007-05-24 16:31:02.000000000 -0500
+++ ipsec-tools-0.6.5/src/racoon/session.c      2007-05-25 15:30:41.000000000 -0500
@@ -216,7 +216,10 @@
                if (lcconf->rtsock >= 0 && FD_ISSET(lcconf->rtsock, &rfds)) {
                        if (update_myaddrs() && lcconf->autograbaddr)
-                               sched_new(5, check_rtsock, NULL);
+/* Start of change: Speed up the grab on new interface */
+                               /* Add the direct call to check_rtsock() */
+                               check_rtsock(NULL);
+/* End of change */

We have been using this change for a while. So far we have not seen any negative impact on other functionalities of racoon.