- NetBSD Manual Pages
FAST_IPSEC(4) NetBSD Kernel Interfaces Manual FAST_IPSEC(4)
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
fast_ipsec -- Fast IPsec hardware-accelerated IP Security Protocols
IPsec is a set of protocols, ESP (for Encapsulating Security Payload) AH
(for Authentication Header), and IPComp (for IP Payload Compression Pro-
tocol) that provide security services for IP datagrams. Fast IPsec is an
implementation of these protocols that uses the opencrypto(9) subsystem
to carry out cryptographic operations. This means, in particular, that
cryptographic hardware devices are employed whenever possible to optimize
the performance of these protocols.
In general, the Fast IPsec implementation is intended to be compatible
with the KAME IPsec implementation. The user should refer to ipsec(4)
for basic information on setting up and using these protocols.
System configuration requires the opencrypto(9) subsystem. When the Fast
IPsec protocols are configured for use, all protocols are included in the
system. To selectively enable/disable protocols, use sysctl(8).
To be added.
kame_ipsec(4), setkey(8), sysctl(8), opencrypto(9)
The protocols draw heavily on the OpenBSD implementation of the IPsec
protocols. The policy management code is derived from the KAME implemen-
tation found in their IPsec protocols. The Fast IPsec protocols are
based on code which appeared in FreeBSD 4.7. The NetBSD version is a
close copy of the FreeBSD original, and first appeared in NetBSD 2.0.
Support for IPv6 and IPcomp protocols has been added in NetBSD 4.0.
Support for IPSEC_NAT_T (Network Address Translator Traversal as
described in RFCs 3947 and 3948) has been added in NetBSD 5.0.
Certain legacy authentication algorithms are not supported because of
issues with the opencrypto(9) subsystem.
This documentation is incomplete.
NetBSD 6.0 January 23, 2012 NetBSD 6.0