OPTIONS(4):
"
options IPSEC
Includes support for the IPsec protocol, using the implementation
derived
from OpenBSD, relying on opencrypto(9) to carry out cryptographic
operations. See ipsec(4) for details.
options IPSEC_DEBUG
Enables debugging code in IPsec stack. See ipsec(4) for details. The
IPSEC option includes support for IPsec Network Address Translator
traversal (NAT-T), as described in RFCs 3947 and 3948. This feature
might be patent-encumbered in some countries.
"
Am 06.06.21 um 11:28 schrieb Matthias Petermann:
Hello,the subject probably already summarises the question - here is just a brief background: I would like to establish an IPSEC connection from a NetBSD box behind a NAT router to a IPSEC-VPN. My understanding is that
the kernel must have the appropriate IPSEC_NET_T-option for this. Can I
somehow find this out reliably at runtime? I have a NetBSD 9.2_STABLE with GENERIC kernel on evbarm.Small additional question: Does anyone here happen to have general experience with whether and how a VPN connection to a FritzBox can be established with NetBSD on-board means (racoon)? I have already done a lot of research on this - most of the tutorials and blogs on this are already over 5 years old, and there have already been several firmware updates of the FritzBoxes in the meantime, so it is not easy to narrow down where the error lies.Kind regards Matthias
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature