NAME
fast_ipsec —
Fast IPsec
hardware-accelerated IP Security Protocols
SYNOPSIS
options IPSEC
options IPSEC_DEBUG
DESCRIPTION
IPsec is a set of protocols, ESP (for Encapsulating Security Payload) AH (for
Authentication Header), and IPComp (for IP Payload Compression Protocol) that
provide security services for IP datagrams. Fast IPsec is an implementation of
these protocols that uses the
opencrypto(9) subsystem to
carry out cryptographic operations. This means, in particular, that
cryptographic hardware devices are employed whenever possible to optimize the
performance of these protocols.
In general, the Fast IPsec implementation is intended to be compatible with the
KAME IPsec implementation. The user should refer to
ipsec(4) for basic information on
setting up and using these protocols.
System configuration requires the
opencrypto(9) subsystem.
When the Fast IPsec protocols are configured for use, all protocols are
included in the system. To selectively enable/disable protocols, use
sysctl(8).
DIAGNOSTICS
To be added.
SEE ALSO
setkey(8),
sysctl(8),
opencrypto(9)
HISTORY
The protocols draw heavily on the
OpenBSD implementation
of the IPsec protocols. The policy management code is derived from the KAME
implementation found in their IPsec protocols. The Fast IPsec protocols are
based on code which appeared in
FreeBSD 4.7. The
NetBSD version is a close copy of the
FreeBSD original, and first appeared in
NetBSD 2.0.
Support for IPv6 and IPcomp protocols has been added in
NetBSD
4.0.
Support Network Address Translator Traversal as described in RFCs 3947 and 3948
has been added in
NetBSD 5.0.
BUGS
Certain legacy authentication algorithms are not supported because of issues
with the
opencrypto(9)
subsystem.
This documentation is incomplete.