Hi! Today I imported iked(8) that is another automatic keying daemon for IPsec. In difference to isakmpd(8), which supports the ISAKMP/Oakley a.k.a. IKEv1 protocol, iked(8) only supports the IKEv2 protocol at present. The IKEv2 protocol in RFC 4306 has been simplified and provides many benefits over ISAKMP/IKEv1.
iked(8) itself has been designed to fit the style of all the recent OpenBSD daemons and comes with a tool ikectl(8) for runtime configuration, status, working reloads, and integrated commands to maintain a simple X.509 CA for IKEv2. I also have some important design goals that I will describe later. The current state is that iked(8) still lacks a few important features but works as a responder against different peer implementations. That means, you can set up a running VPN with Windows 7 or libstrongswan libcharon clients connecting to iked(8) running as the server or security gateway. I will add initiator (client) mode next. This is a very brief summary, more information will follow. reyk
