>I'm forwarding this request to tech-net, since I've not gotten any
>answers on the tech-security mailing list.

	Sorry I do not read tech-security.  (I'll subscribe)

>In order to get remote access to my network at work, I need to set
>up an IPSec tunnel between my NetBSD-current/sparc system and a
>Bay Networks VPN device. I've compiled a kernel with IPSec in it,
>I have the address of the Bay box, but at this point I have no idea
>what to do next. Can anyone provide some hints?

	This should be like this (I haven't done extensive test on
	NetBSD-current, but KAME/NetBSD14 works just fine).
	You need to have exactly same setup on both ends.  So, detailed
	info on Bay box will be necessary.

itojun


(((big internet cloud sits here)))
  | a.a.a.a		  | b.b.b.b
netbsd			bay box
  | 1			  |
==+== 10.1.1.0/24	==+== 10.1.2.0/24


1. configure key and algorithms.  here we assume RFC2406 ESP with 3des-cbc.
spi for netbsd -> bay = 1000, spi for opposite direction = 2000.

# setkey -c <<EOF
add 10.1.1.0/24 10.1.2.0/24 any 1000 b.b.b.b
	-p esp -E 3des-cbc "hogehogehogehogehogehoge";
add 10.1.2.0/24 10.1.210/24 any 2000 a.a.a.a
	-p esp -E 3des-cbc "hogehogehogehogehogehoge";
EOF

2. configurep policy.

# setkey -c <<EOF
spdadd 10.1.1.0/24 10.1.2.0/24 any -P ipsec esp/use/b.b.b.b. ;
EOF