IKER limitations
- No proper errors processing: unprocessed unsuccessful notifications may
easily lead to panicking
- No retransmission of lost messages
- Neither rekeying, nor child SA creation support
- No certification authority is inserted in
CERTREQ
- Ports in traffic selectors can not be specified by
/etc/services name, but by number only