Subject: Big limitation of current ipsec+racoon implementation
To: None <tech-net@netbsd.org>
From: Bruce Martin <brucem@cat.co.za>
List: tech-net
Date: 03/23/2001 12:09:09
Hi All

Over the past week I have been setting up a VPN. I have done this in two
ways:
 - using NetBSD-1.5, with some patches, running ipsec (setkey
spdadd.../tunnel/...) and racoon on the gateways.
 - Using OpenBSD-current, running isakmpd on the gateways.

I have got both VPNs up and running, but have had to choose OpenBSD (not my
preference, as NetBSD is the operating system I live in!) for only one
reason:
 One of my gateways is a dialin. It is allocated a different IP every time
it dials in (on demand). 'isakmpd' under OpenBSD makes allowance for this,
whereas I cannot find a solution under NetBSD.

I just thought this would be useful feedback, as NetBSd may want to
incorporate this feature in the future: I feel that the nature of VPNs will
require variable IP connections. Or have I messed something, and this is
possible?

Is NetBSD planning to stick with setkey+racoon, or is there a plan to
incorporate isakmpd?

Thanks
 Bruce