I have used netbsd-6 and netbsd-7 with racoon to set up IKEv1/L2TP/IPsec VPN with Windows clients. I have not tried IKEv2 and based on the little research I have done I don't think it is possible using an out of the box NetBSD/pkgsrc configuration. Even for IKEv1 I needed to hack the NetBSD kernel to get IKEv1 and IPsec NAT-traversal to work with IPsec, and I used a locally modified version of the ancient and apparently no longer maintained rp-l2tp package to set up l2tp tunnels. If you don't need NAT traversal, that is, if neither clients nor the server are behind a NAT box, it might be easier to do...
Good luck finding a solution for IKEv2. If you solve it, I would be interested
to know how you got it working... Chuck Zmudzinski On 9/19/2017 5:49 PM, Gerard Lally wrote:
Some years ago I successfully set up netbsd-6 OpenVPN endpoints, with 20-30 remote Windows clients connecting. I'd now like to set up a netbsd-8 VPN, based on IKEv2/IPsec. The documentation doesn't make it clear -- to me -- if such a setup is possible. Ideally it would be nice if strongSwan was supported on NetBSD but it seems this is not the case. So where to begin? Does racoon support IKEv2? At one stage there was a racoon2 fork but development seems to have stalled on that. If you run such a setup some ideas to kickstart my reading would be welcome. Thank you.