On Sun, Jun 6, 2021 at 2:49 AM Matthias Petermann <m...@petermann-it.de> wrote: > > ...looks like the IPSEC_NAT_T option no longer exists, but is included > in IPSEC instead. > > > OPTIONS(4): > > " > options IPSEC > Includes support for the IPsec protocol, using the implementation > derived > from OpenBSD, relying on opencrypto(9) to carry out cryptographic > operations. See ipsec(4) for details. > > options IPSEC_DEBUG > Enables debugging code in IPsec stack. See ipsec(4) for details. The > IPSEC option includes support for IPsec Network Address Translator > traversal (NAT-T), as described in RFCs 3947 and 3948. This feature > might be patent-encumbered in some countries. > " > > > > Am 06.06.21 um 11:28 schrieb Matthias Petermann: > > Hello, > > > > the subject probably already summarises the question - here is just a > > brief background: I would like to establish an IPSEC connection from a > > NetBSD box behind a NAT router to a IPSEC-VPN. My understanding is that > > > the kernel must have the appropriate IPSEC_NET_T-option for this. Can I > > > somehow find this out reliably at runtime? > > > > I have a NetBSD 9.2_STABLE with GENERIC kernel on evbarm. > > > > Small additional question: Does anyone here happen to have general > > experience with whether and how a VPN connection to a FritzBox can be > > established with NetBSD on-board means (racoon)? I have already done a > > lot of research on this - most of the tutorials and blogs on this are > > already over 5 years old, and there have already been several firmware > > updates of the FritzBoxes in the meantime, so it is not easy to narrow > > down where the error lies. > > > > Kind regards > > Matthias > > >
Hopefully this helps someone searching: The options(4) man page shows this line: strings netbsd | sed -n 's/^_CFG_//p' | unvis (note that "netbsd" is the kernel file, usually at /netbsd) This will work if the kernel has the INCLUDE_CONFIG_FILE option which I believe is on by default. It shows all options compiled into the kernel. I've used it many times to figure out what I did on some kernel. Andy