Subject: Re: Big limitation of current ipsec+racoon implementation
To: Bruce Martin <>
From: Mipam <>
List: tech-net
Date: 03/23/2001 09:49:25
On Fri, Mar 23, 2001 at 12:09:09PM +0200, Bruce Martin wrote:
> Hi All
> Over the past week I have been setting up a VPN. I have done this in two
> ways:
>  - using NetBSD-1.5, with some patches, running ipsec (setkey
> spdadd.../tunnel/...) and racoon on the gateways.
>  - Using OpenBSD-current, running isakmpd on the gateways.
> I have got both VPNs up and running, but have had to choose OpenBSD (not my
> preference, as NetBSD is the operating system I live in!) for only one
> reason:
>  One of my gateways is a dialin. It is allocated a different IP every time
> it dials in (on demand). 'isakmpd' under OpenBSD makes allowance for this,
> whereas I cannot find a solution under NetBSD.

I am using netbsd + isakmpd (pkgsrc/security/isakpmd) to use ike.
Perhaps this version of isakmpd also does the job?
Only reason i use isakmpd is cause it was very clear how to set up
and how the sections were devided, and to be honest i didnt look at
racoon more then short peeks.