I'm experimenting with IPsec on NetBSD. The base system comes with racoon(8) daemon but ChatGPT tells me it's probably buggy and unmaintained and only supports IKEv1.
There is pkgsrc security/racoon2 but the package github page states: "Racoon2 is also based on very old code and it is still very buggy. Although Racoon2 can be configured to establish working IPsec connections using both IKEv1 and IKEv2, in its current form, most users who do not have experience configuring IPsec connections will not be able to get a connection working without significant effort." I cannot find OpenBSD iked(8) for NetBSD, so I assume it was never ported? Since NetBSD NFS implementation does not support Kerberos, I want to try running NFS over IPsec. However I would like to avoid spending a lot of time debugging IKE software issues. Would it be better to disregard racoon and racoon2 and only use manual keys? Can anyone recommend any other alternatives or share their experience?
