Subject: Some testing of IPsec in NetBSD and others.
To: None <>
From: Darren Reed <>
List: tech-net
Date: 08/13/2001 19:24:43
From my experiments over the weekend, the shipped version of IPSec in both
NetBSD 1.5 and OpenBSD 2.9 barely works when it comes to IKE and isakmpd
is a monster.  To give a brief of what I was able to achieve:

* manual keying between NetBSD/OpenBSD/Solaris8 works without a problem;

* using isakmpd, a Windows2000sp2 box can initiate an IPSec session with
  either NetBSD or OpenBSD but neither can initiate a session with Win2k.
  Only "problem" is the IKE session drops out and is not kept alive.

* restarting isakmpd requires that any current sessions in win2k be
  flushed with a restart of the ipsec policy service and vice versa;

* NetBSD & OpenBSD can talk to each other;

* using racoon on NetBSD 1.5 (with a relatively current KAME snapshot),
  NetBSD can successfully initiate or receive an IPSec session from win2k
  (which doesn't time out);

* isakmpd on OpenBSD 2.9 and racoon on NetBSD 1.5 do not seem to work
  very well at all.  I'm not sure if it is a configuration problem on
  my behalf or they just hate each other.  Has anyone tried racoon on
  NetBSD talking to isakmpd on NetBSD ?

If anyone else has any war stories about getting IPSec to work between
the above three systems, I'd like to hear from you.