FAST_IPSEC(4)           NetBSD Kernel Interfaces Manual          FAST_IPSEC(4)

     Fast IPsec -- hardware-accelerated IP Security Protocols

     options FAST_IPSEC
     options IPSEC_NAT_T
     pseudo-device crypto

     IPsec is a set of protocols, ESP (for Encapsulating Security Payload) AH
     (for Authentication Header), and IPComp (for IP Payload Compression Pro-
     tocol) that provide security services for IP datagrams.  Fast IPsec is an
     implementation of these protocols that uses the opencrypto(9) subsystem
     to carry out cryptographic operations.  This means, in particular, that
     cryptographic hardware devices are employed whenever possible to optimize
     the performance of these protocols.

     In general, the Fast IPsec implementation is intended to be compatible
     with the KAME IPsec implementation.  This documentation concentrates on
     differences from that software.  The user should refer to ipsec(4) for
     basic information on setting up and using these protocols.

     System configuration requires the opencrypto(9) subsystem.  When the Fast
     IPsec protocols are configured for use, all protocols are included in the
     system.  To selectively enable/disable protocols, use sysctl(8).

     To be added.

     ipsec(4), setkey(8), sysctl(8), opencrypto(9)

     The protocols draw heavily on the OpenBSD implementation of the IPsec
     protocols.  The policy management code is derived from the KAME implemen-
     tation found in their IPsec protocols.  The Fast IPsec protocols are
     based on code which appeared in FreeBSD 4.7.  The NetBSD version is a
     close copy of the FreeBSD original, and first appeared in NetBSD 2.0.

     Support for IPv6 and IPcomp protocols has been added in NetBSD 4.0.

     Support for IPSEC_NAT_T (Network Address Translator Traversal as
     described in RFCs 3947 and 3948) has been added in NetBSD 5.0.

     There still are some issues in the IPv6 support.  In particular
     FAST_IPSEC does not protect packets with IPv6 extension headers.

     Certain legacy authentication algorithms are not supported because of
     issues with the opencrypto(9) subsystem.

     This documentation is incomplete.

NetBSD 5.1                      April 24, 2007                      NetBSD 5.1

You can also request any man page by name and (optionally) by section:


Use the DEFAULT collection to view manual pages for third-party software.

©1994 Man-cgi 1.15, Panagiotis Christias
©1996-2018 Modified for NetBSD by Kimmo Suominen