On Wed, 10 Dec 2025, Sad Clouds wrote:
On Wed, 10 Dec 2025 10:34:22 +0000 (GMT) Stephen Borrill <netbsd%precedence.co.uk@localhost> wrote:I successfully used what was only in base to create an IPsec tunnel to Azure not that long ago. -- StephenThanks. I assume you used racoon(8) and IKEv1 and as long as it works reliably over long periods of time.
That's right. It was very reliable as I used it to run an Active Directory Domain Controller in Azure linked to a couple running locally.
Looking at IKEv2 features like: EAP authentication, builtin NAT traversal, MOBIKE support, better security, etc, I don't think I currently need any of those for my use cases.
I was pleasantly surprised that Azure supported IKEv1. I didn't require NAT traversal given I have a plentiful supply of IPv4, but if I had it would have been more work.
Someone suggested trying WireGuard and the new wg(4) driver in NetBSD-10. I will probably setup both and compare their performance when used with NFSv3 traffic on a LAN.
It would be interesting to know. Might also be interesting to compare to OpenVPN.
-- Stephen