I've been running two racoon-based VPN concentrators at work (one for employees, one for customers).  We're doing our testing with the employee VPNs, but eventually we plan to roll this solution out to our 200+ client sites.

On the employee VPN server, which gets a lot of traffic, about once a week -- sometimes more, somtimes less -- I'm having to kill the racoon daemon, flush setkey databases, and restart racoon.  (The employee VPN concentrator is being tested with 10 endpoint tunnels.)

I haven't had to restart racoon on the customer VPN server at all, but it gets very little traffic at the moment (I'm the only one using my VPN device against the customer VPN box).

I'm running ipsec-tools 0.6.4 on a x86_64 (Pentium D 3 GHz) installs of SUSE Linux 10.0.

Is this behavior par for the course with racoon's current state of development?  Are others having to restart racoon this often?

Most of the VPN endpoints in the test are Netgear FVS114 routers.  I've been reading both favorable and unfavorable reviews of Netgear's FVS line of VPN devices.  My endpoint devices shouldn't cause flakiness on the server, should they?

Any tips on how I can make the racoon VPN concentrators I'm having/wanting to build more stable?

Thanks much,