Setting up VPN+IPSec+Racoon

Mike Tancsa mike at
Thu Feb 16 17:10:40 PST 2006

On Thu, 16 Feb 2006 18:26:42 +0100, in sentex.lists.freebsd.questions
you wrote:

>it is the first time I have to set up such configuration. Could you tell 
>me some guidelines? What should I care about? I see there's a chapter in 
>the Handbook about VPN. It mentions the FAST_IPSEC kernel option in 
> >5.X. Should I use this implemetation or the KAME implementation? What 
>are the differencies, and what are the advantages, disadvantages of each?
>If you know some other good tutorial or howto, please let me know.

FAST_IPSEC allows for hardware crypto offloading (see man 4 crypto).
Even without it, the author claims its faster than KAME.  However, its
important to note FAST_IPSEC cannot work with INET6 in the kernel.
Also, you want to use it mostly with RELENG_6 if possible.  Also, dont
use racoon, better to use ipsec-tools.  Its also in the ports.

As for tutorials, google around and read through various posts.  There
is lots of good info out there.  Perhaps if you describe what you want
to do, people can make specific suggestions.


Mike Tancsa, Sentex communications
Providing Internet Access since 1994
mike at, (

More information about the freebsd-questions mailing list