I've finally got strongswan working well enough on OpenBSD to consider adding to ports. It's not perfect but is usable in some situations that isakmpd/iked don't support, in particular with username+password auth.
OK to import? ------ strongSwan is reasonably portable open source VPN software supporting both IKEv1 and IKEv2. It has wide support for authentication types including IKEv1 XAUTH (username and password) and multiple IKEv2 EAP mechanisms on both server and client side. The OpenBSD port currently provides only the "kernel-libipsec" plugin. This operates in userland via tun(4) devices and strongSwan's own IPsec implementation rather than using kernel IPsec - it is suggested that this is only used for testing or in client situations where the native IPsec software (isakmpd and iked) does not support the required functionality. To allow userland IPsec processing needed for this plugin, kernel ESP handling must be disabled: # sysctl net.inet.esp.enable=0 # sysctl net.inet.esp.udpencap=0 ------
strongswan.tgz
Description: application/tar-gz
