Food Groups are a new way of configuring Linux FreeS/WAN.
By defining security policy for groups of IPs (or named domains) we can easily conceptualize what we want to do with IPsec. Linux FreeS/WAN then does all the hard work of translating that into connection descriptions, and establishing your connections.
You can also think of Food Groups as a way to manage your opportunistic connections.
Food groups can be used right alongside your existing ipsec.conf. On 2.x revisions to ipsec.conf, see our Upgrading Guide.
Linux FreeS/WAN offers these built in security policies (Food Groups):
You can also define your own groups.
Configuring food groups is as easy as putting names, IPs or IP ranges in a file with the same name as the group.
    cd /etc/
    echo "193.110.157.0/24  #includes oetest.freeswan.nl" > oe-or-clear
FreeS/WAN will automatically create a connection to cover this case, and will bring it up when need be. To test this,
    ping oetest.freeswan.nl
    ipsec look | grep " -> "
You should see something like:
    40.40.40.40/32   -> 193.110.157.10/32  => tun0x149f@193.110.157.77 esp0xf8754dc8@193.110.157.77
    40.40.40.40/32   -> 193.110.157.14/32  => tun0x14a3@193.110.157.75 esp0xa9520f54@193.110.157.75
indicating tunnels between your node or network [here, 40.40.40.40/32] and the two targets passiveOE.freeswan.nl (193.110.157.10) and activeOE.freeswan.nl (193.110.157.14).
If this doesn't work, check permissions on your file. Or troubleshoot your OE.
Here is an example of how you might define security policy using a number of food group files.
    cd /etc/
    cat oe-or-bust
        40.40.38.0/27    # The finance department
        40.40.38.0/27    # HR
        40.40.40.26/32    # Barb's machine
        40.40.40.33/32    # Our IRC server
  
    cat oe-or-clear
        0.0.0.0/0    # My default policy: try to encrypt.
    cat clear
        66.66.66.45   # My POP3 server
        66.66.66.53   # A Web proxy
    block
        mail.spamworks.com
Behind the scenes, these connections are implemented by "cloning" a plain OE, OE-group, clear or block connection. FreeS/WAN then manages these connections dynamically.
For example blah
   conn custom_group
            blah bleh
in file x
    cd /etc/
    echo "193.110.157.0/24  #includes oetest.freeswan.nl" > custom_group