@Toasterson @gdamore @danmcd So it turns out getting #OpenIKED to build and run on #illumos wasn't too hard: https://github.com/openiked/openiked-portable/pull/95

With this patch the handshake works. The kernel interface is an empty placeholder at the moment, so the negotiated SAs and policies won't work yet. To make it work for real we will "only" have to replace that with the proper pfkey interface.

I have only tested it on #openindiana and this is my first time hacking on illumos, so feedback welcome :)

OpenIKED 7.2 released https://undeadly.org/cgi?action=article;sid=20221202230711 #openbsd #openiked

OpenIKED 7.2 released https://undeadly.org/cgi?action=article;sid=20221202230711 #openbsd #openiked

Thanks to @eborisch #OpenIKED 7.2 has been merged into #MacPorts:

https://github.com/macports/macports-ports/pull/16880

It will presumably may take a little bit before it's synchronized to all the rsync mirrors & such since that was all of uhh (six minutes ago?)?

https://ports.macports.org/port/openiked/details/

OK, #undeadly story on #OpenIKED 7.2's release announcement has been published here:

https://undeadly.org/cgi?action=article;sid=20221202230711

#ipsec #vpn #opensource #libre #freesoftware #openbsd #linux #bsd

@neverpanic Thanks for that.

Using it to check on projects I've submitted PRs to I noticed that #OpenIKED was recently updated to 7.2!

I've submitted a #MacPorts PR here: https://github.com/macports/macports-ports/pull/16880

(though I think it has a maintainer who was pretty quick to respond the last time I submitted a PR in addition to it being a joint openmaintainer so I don't think there is any need to rush?)

I also submitted a story to #undeadly (though I should probably re-read that and such before publishing it).

Oh nice https://repology.org/project/openiked/versions just made me notice that #OpenIKED got a version bump to 7.2 on December 1st, 2022!

I should see about updating the #MacPort for that.

@Toasterson @gdamore I don't think anyone has ever tried running it on illumos, but this sounds like a fun challenge! Looks like it does support pfkey so it might actually work with a bit of tinkering.

Keep in mind thought that #OpenIKED only implements the newer IKEv2 protocol, so it might not be a suitable replacement for older deployments.

Our newest version of #OpenBSD's IKEv2 implementation #OpenIKED 7.2 has been released with a bunch of new features and bug fixes :puffer:​ 🥳 ​https://marc.info/?l=openbsd-announce&m=166992877809710&w=2

Updated packages for your favorite operating system will follow shortly 😈 ​🐧

As a little bonus, here is my minimalistic reinterpretation of the openiked.org logo

OpenIKED 7.1 released https://www.undeadly.org/cgi?action=article;sid=20220527103136 #openbsd #openiked

I came across a discussion regarding a WAN interconnect needing an encrypted 10Gb link. Bodges include old gear using MACSec to sustain the > 5Gb/s throughput. If I could get hold of a second SFP+ card and a decently fast system I was going to try and see how fast I could push #OpenIKED but thought I would put it out there to see what other BSD users have used to achieve the above requirement, be it with #OpenBSD or something else.