Subject: Some testing of IPsec in NetBSD and others.
To: None <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 08/13/2001 19:24:43
From my experiments over the weekend, the shipped version of IPSec in both
NetBSD 1.5 and OpenBSD 2.9 barely works when it comes to IKE and isakmpd
is a monster. To give a brief of what I was able to achieve:
* manual keying between NetBSD/OpenBSD/Solaris8 works without a problem;
* using isakmpd, a Windows2000sp2 box can initiate an IPSec session with
either NetBSD or OpenBSD but neither can initiate a session with Win2k.
Only "problem" is the IKE session drops out and is not kept alive.
* restarting isakmpd requires that any current sessions in win2k be
flushed with a restart of the ipsec policy service and vice versa;
* NetBSD & OpenBSD can talk to each other;
* using racoon on NetBSD 1.5 (with a relatively current KAME snapshot),
NetBSD can successfully initiate or receive an IPSec session from win2k
(which doesn't time out);
* isakmpd on OpenBSD 2.9 and racoon on NetBSD 1.5 do not seem to work
very well at all. I'm not sure if it is a configuration problem on
my behalf or they just hate each other. Has anyone tried racoon on
NetBSD talking to isakmpd on NetBSD ?
If anyone else has any war stories about getting IPSec to work between
the above three systems, I'd like to hear from you.