Why OpenBSD? IPSEC

OpenBSD pioneered IPSEC in general, with IPSEC in the base system since OpenBSD 2.1 (1997)

Major usability upgrade in OpenBSD 3.8 – ipsecctl(8) and /etc/ipsec.conf - # Set up two flows:

# First between the machines 192.168.3.14 and 192.168.3.100

# Second between the networks 192.168.7.0/24 and 192.168.8.0/24

flow esp from 192.168.3.14 to 192.168.3.100

flow esp from 192.168.7.0/24 to 192.168.8.0/24 peer 192.168.3.12

(Compare with others, eg Microsoft’s 36 dialogs and counting - http://www.openbsd.org/papers/asiabsdcon07-ipsec/index.html )

IKE v2 support in iked(8) (OpenIKED)

«IPSEC shouldn’t be this hard. The defaults should make sense.»

Bonus: ikectl generates config for Windows and macOS clients too