Our newest version of #OpenBSD's IKEv2 implementation #OpenIKED 7.2 has been released with a bunch of new features and bug fixes 
🥳 https://marc.info/?l=openbsd-announce&m=166992877809710&w=2
Updated packages for your favorite operating system will follow shortly 😈 🐧
As a little bonus, here is my minimalistic reinterpretation of the openiked.org logo
@Toasterson @gdamore @danmcd So it turns out getting #OpenIKED to build and run on #illumos wasn't too hard: https://github.com/openiked/openiked-portable/pull/95
With this patch the handshake works. The kernel interface is an empty placeholder at the moment, so the negotiated SAs and policies won't work yet. To make it work for real we will "only" have to replace that with the proper pfkey interface.
I have only tested it on #openindiana and this is my first time hacking on illumos, so feedback welcome :)
@Toasterson @gdamore @danmcd it doesn't provide any kind of interface by default, how exactly the encapsulation works depends on your kernel.
On most systems IPsec behaves a lot like a packet filter/firewall where packets matching a certain rule are transparently encapsulated and sent through a tunnel. Some systems provide an optional interface abstraction on top, Linux for example calls them vti or xfrm interfaces.
For transport mode read parts of ipsecconf(8) and the IP_SEC_OPT parts of ip(4P).
For old school IP-in-IP tunnels read the rest of ipsecconf(8), dladm(8)'s iptun portions and iptun(4D). IP-in-IP are full NICs.
Other ones might require more work.
Tobias Heider
Toasterson (Till Wegmüller)
Dan McDonald