SEC(4) - Device Drivers Manual #
SEC(4) - Device Drivers Manual
NAME #
sec - route based IPsec VPN tunnel interface pseudo-device
SYNOPSIS #
pseudo-device sec
DESCRIPTION #
The sec driver provides point-to-point tunnel interfaces for IPv4 and IPv6 protected by the ipsec(4) Encapsulating Security Payload (ESP) protocol.
Traffic is encapsulated in the ESP protocol and forwarded to the remote endpoint by routing over a sec interface rather than matching policy in the IPsec Security Policy Database (SPD). sec interfaces require the configuration of IPsec Security Associations (SAs) between the local and remote endpoints. Negotiation of interface SAs is supported by iked(8) and isakmpd(8) (the latter via ipsecctl(8)).
sec interfaces can be created at runtime using the ifconfig secN create command or by setting up a hostname.if(5) configuration file for netstart(8). The interface itself can be configured with ifconfig(8); see its manual page for more information.
SEE ALSO #
ipsec(4), netintro(4), hostname.if(5), pf.conf(5), ifconfig(8), iked(8), ipsecctl(8), isakmpd(8), netstart(8)
HISTORY #
The sec driver first appeared in OpenBSD 7.4.
AUTHORS #
David Gwynne <dlg@openbsd.org>.
OpenBSD 7.5 - August 7, 2023