I'm experimenting with IPsec on NetBSD. The base system comes with
racoon(8) daemon but ChatGPT tells me it's probably buggy and
unmaintained and only supports IKEv1.
There is pkgsrc security/racoon2 but the package github page states:
"Racoon2 is also based on very old code and it is still very buggy.
Although Racoon2 can be configured to establish working IPsec
connections using both IKEv1 and IKEv2, in its current form, most users
who do not have experience configuring IPsec connections will not be
able to get a connection working without significant effort."
I cannot find OpenBSD iked(8) for NetBSD, so I assume it was never
ported?
Since NetBSD NFS implementation does not support Kerberos, I want to
try running NFS over IPsec. However I would like to avoid spending a
lot of time debugging IKE software issues.
Would it be better to disregard racoon and racoon2 and only use manual
keys? Can anyone recommend any other alternatives or share their
experience?