Probably because it's not very likely that the average NetBSD user
will need IPsec.  It also adds unnecessary bloat to the GENERIC kernel
and it's probably more important to include a lot device support in
GENERIC, rather than advanced networking features.  Uncommenting a few
lines in GENERIC will give you IPsec support, so I don't know if a
GENERIC.IPSEC file is really necessary.  Then again, it's called
"GENERIC" for a reason :)


On Thu, 17 Jun 2004 09:47:07 -0700, Jeff Rizzo <riz@redcrowgroup.com> wrote:
> 
> I was just curious what the reason is that IPSEC is disabled in pretty
> much _all_ the kernel configs that ship with NetBSD, and if it might not
> make sense to if not enable it by default, at least provide a GENERIC.IPSEC
> (I do see GENERIC.FAST_IPSEC in sys/arch/i386/conf) which folks
> can decide to install via sysinst.
> 
> I know that pretty much anyone who can figure out IPSEC at this point
> can probably build their own kernels :), but I've found myself in
> a few situations recently where it would have been convenient to
> have the option to install an ipsec-supporting system from sysinst.
> If this isn't seen as a desirable thing, I can certainly put it
> together on my own, but I was curious as to what the reasoning might
> be, since it's clearly pretty consistent across all the ports.
> 
> Thanks,
> +j
> 
> --
> Jeff Rizzo                                         http://www.redcrowgroup.com/
>