Subject: Big limitation of current ipsec+racoon implementation
To: None <email@example.com>
From: Bruce Martin <firstname.lastname@example.org>
Date: 03/23/2001 12:09:09
Over the past week I have been setting up a VPN. I have done this in two
- using NetBSD-1.5, with some patches, running ipsec (setkey
spdadd.../tunnel/...) and racoon on the gateways.
- Using OpenBSD-current, running isakmpd on the gateways.
I have got both VPNs up and running, but have had to choose OpenBSD (not my
preference, as NetBSD is the operating system I live in!) for only one
One of my gateways is a dialin. It is allocated a different IP every time
it dials in (on demand). 'isakmpd' under OpenBSD makes allowance for this,
whereas I cannot find a solution under NetBSD.
I just thought this would be useful feedback, as NetBSd may want to
incorporate this feature in the future: I feel that the nature of VPNs will
require variable IP connections. Or have I messed something, and this is
Is NetBSD planning to stick with setkey+racoon, or is there a plan to