Hi,
We implement ipsec(4) pseudo interface for route-based VPNs. This pseudo
interface manages its security policy(SP) by itself, in particular, we do
# ifconfig ipsec0 tunnel 10.0.0.1 10.0.0.2
the SPs "10.0.0.1 -> 10.0.0.2"(out) and "10.0.0.2 -> 10.0.0.1"(in) are
generated automatically and atomically. And then, when we do
# ifconfig ipsec0 deletetunnel
the SPs are destroyed automatically and atomically, too.
Here is the patches and an unified patch.
http://netbsd.org/~knakahara/if_ipsec/if_ipsec.tgz
http://netbsd.org/~knakahara/if_ipsec/if_ipsec-unified.patch
By the way, I have one question. In the above patch(s), I temporarily add
manual for ipsecX pseudo interface as if_ipsec.4, because there is already
ipsec.4 for general ipsec protocol. How should I add the man of ipsec(4)
pseudo interface?
(a) Add if_ipsec.4
(b) move current ipsec.4(for ipsec protocol) to ipsec.9, and then
add ipsec.4(for ipsec pseudo interface)
(c) any other
Could you comment the patch or the question?
Thanks,
--
//////////////////////////////////////////////////////////////////////
Internet Initiative Japan Inc.
Device Engineering Section,
IoT Platform Development Department,
Network Division,
Technology Unit
Kengo NAKAHARA <k-nakah...@iij.ad.jp>
