On Tue, 9 Dec 2025 at 10:26, Sad Clouds <[email protected]> wrote: > > I'm experimenting with IPsec on NetBSD. The base system comes with > racoon(8) daemon but ChatGPT tells me it's probably buggy and > unmaintained and only supports IKEv1. > > There is pkgsrc security/racoon2 but the package github page states:
Libreswan 5.3 is in pkgsrc/wip/libreswan-5 If you drill down into https://testing.libreswan.org/ you'll find tests being run on NetBSD VMs, including configurations. > "Racoon2 is also based on very old code and it is still very buggy. > Although Racoon2 can be configured to establish working IPsec > connections using both IKEv1 and IKEv2, in its current form, most users > who do not have experience configuring IPsec connections will not be > able to get a connection working without significant effort." > > I cannot find OpenBSD iked(8) for NetBSD, so I assume it was never > ported? > > Since NetBSD NFS implementation does not support Kerberos, I want to > try running NFS over IPsec. However I would like to avoid spending a > lot of time debugging IKE software issues. > > Would it be better to disregard racoon and racoon2 and only use manual > keys? Can anyone recommend any other alternatives or share their > experience?
