help with setting up IPSEC in FreeBSD 12

Doug McIntyre merlyn at
Wed Oct 9 22:43:54 UTC 2019

On Wed, Oct 09, 2019 at 12:29:38AM -0700, Rudy wrote:
> Now I need keys manages.  Do I still need to set up racoon?  It looks 
> like a lot of configuration when I just want to simply setup encryption 
> on a gif link from a FreeBSD box to a Mikrotik.  Is there an easier way 
> to do this in FreeBSD 12?

Right, "the wonderful thing about standards, is there is so many to choose from."

You just setup a staticly keyed IPSec tunnel. 

Most of the rest of the world moved to dynamicly ISAKMP keyed tunnels ages ago.

That is what racoon does, run the ISAKMP protocol for dynamicly keyed tunnels.

Typically the only place staticly keyed IPsec tunnels are done is on
Unix boxes without bothering to setup racoon, but nowhere else.

If you need to go to another type of device, typically one that bills
itself as a firewall or router, you are going to be doing ISAKMP
dynamicly keyed tunnels with security associations setup.

More information about the freebsd-questions mailing list