On 2019/03/30 23:14, Stuart Henderson wrote: > I've finally got strongswan working well enough on OpenBSD to consider > adding to ports. It's not perfect but is usable in some situations that > isakmpd/iked don't support, in particular with username+password auth. > > OK to import? > > ------ > strongSwan is reasonably portable open source VPN software supporting > both IKEv1 and IKEv2. It has wide support for authentication types > including IKEv1 XAUTH (username and password) and multiple IKEv2 EAP > mechanisms on both server and client side. > > The OpenBSD port currently provides only the "kernel-libipsec" plugin. > This operates in userland via tun(4) devices and strongSwan's own > IPsec implementation rather than using kernel IPsec - it is suggested > that this is only used for testing or in client situations where the > native IPsec software (isakmpd and iked) does not support the required > functionality. > > To allow userland IPsec processing needed for this plugin, kernel > ESP handling must be disabled: > > # sysctl net.inet.esp.enable=0 > # sysctl net.inet.esp.udpencap=0 > ------
Actually let's go for a better DESCR/README, removing some parts from DESCR that were in both.
strongswan.tgz
Description: application/tar-gz
