IPsec is a set of protocols, ESP (for Encapsulating Security Payload) AH (for Authentication Header), and IPComp (for IP Payload Compression Protocol) that provide security services for IP datagrams. Fast IPsec is an implementation of these protocols that uses the
opencrypto(9) subsystem to carry out cryptographic operations. This means, in particular, that cryptographic hardware devices are employed whenever possible to optimize the performance of these protocols.
In general, the Fast IPsec implementation is intended to be compatible with the KAME IPsec implementation. This documentation concentrates on differences from that software. The user should refer to
ipsec(4) for basic information on setting up and using these protocols.
System configuration requires the
opencrypto(9) subsystem. When the Fast IPsec protocols are configured for use, all protocols are included in the system. To selectively enable/disable protocols, use
sysctl(8).