Created attachment 230443 [details] Patch for pipesecd Abandonware, current release is from 1999 and uses insecure encryption algorithms Retire this port as we have better and secure options these days such as n2n, openvpn and wireguard in ports
None of the listed packages truly support IPsec. OpenVPN, n2n and wireguard do not support IPsec. n2n uses IKE (the authentication part of IPsec only), FreeBSD base does support IPsec however it is interface agnostic making it more challenging and difficult to configure firewalls with that in mind.
True, I was mainly looking for alternatives in terms of VPN/link connectivity. We do have https://www.freshports.org/security/libreswan/ and https://www.freshports.org/security/strongswan/ if you're looking for IPSec alternatives that are actively maintained and supports secure algorithms. From what I can tell des/des3 and blowfish are the only ones supported which all are vulnerable to sweet32 ( https://sweet32.info/ ).
Approved for EXPIRY date 2022-01-15.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2f3dbd76967475390c79408ddcdfd0d9a4f688f9 commit 2f3dbd76967475390c79408ddcdfd0d9a4f688f9 Author: Daniel Engberg <diizzy@FreeBSD.org> AuthorDate: 2022-01-02 22:25:41 +0000 Commit: Daniel Engberg <diizzy@FreeBSD.org> CommitDate: 2022-01-02 22:28:32 +0000 net/pipsecd: Deprecate and set expiration date to 2022-01-15 Abandonware, current release is from 1999 and uses insecure encryption algorithms. PR: 260713 Approved by: cy (maintainer) net/pipsecd/Makefile | 3 +++ 1 file changed, 3 insertions(+)