NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IKEv2/IPsec VPN



I have used netbsd-6 and netbsd-7 with racoon to set up IKEv1/L2TP/IPsec
VPN with Windows clients. I have not tried IKEv2 and based on the little
research I have done I don't think it is possible using an out of the box
NetBSD/pkgsrc configuration. Even for IKEv1 I needed to hack the NetBSD
kernel to get IKEv1 and IPsec NAT-traversal to work with IPsec, and I used
a locally modified version of the ancient and apparently no longer
maintained rp-l2tp package to set up l2tp tunnels. If you don't need NAT
traversal, that is, if neither clients nor the server are behind a NAT box,
it might be easier to do...

Good luck finding a solution for IKEv2. If you solve it, I would be interested
to know how you got it working...

Chuck Zmudzinski

On 9/19/2017 5:49 PM, Gerard Lally wrote:
Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with
20-30 remote Windows clients connecting.

I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The
documentation doesn't make it clear -- to me -- if such a setup is
possible. Ideally it would be nice if strongSwan was supported on NetBSD
but it seems this is not the case. So where to begin? Does racoon
support IKEv2? At one stage there was a racoon2 fork but development
seems to have stalled on that.

If you run such a setup some ideas to kickstart my reading would be
welcome. Thank you.





Home | Main Index | Thread Index | Old Index