OpenBSD manual page server

Manual Page Search Parameters

SEC(4) Device Drivers Manual SEC(4)

secroute based IPsec VPN tunnel interface pseudo-device

pseudo-device sec

The sec driver provides point-to-point tunnel interfaces for IPv4 and IPv6 protected by the ipsec(4) Encapsulating Security Payload (ESP) protocol.

Traffic is encapsulated in the ESP protocol and forwarded to the remote endpoint by routing over a sec interface rather than matching policy in the IPsec Security Policy Database (SPD). sec interfaces require the configuration of IPsec Security Associations (SAs) between the local and remote endpoints. Negotiation of interface SAs is supported by iked(8) and isakmpd(8) (the latter via ipsecctl(8)).

sec interfaces can be created at runtime using the ifconfig secN create command or by setting up a hostname.if(5) configuration file for netstart(8). The interface itself can be configured with ifconfig(8); see its manual page for more information.

ipsec(4), netintro(4), hostname.if(5), pf.conf(5), ifconfig(8), iked(8), ipsecctl(8), isakmpd(8), netstart(8)

The sec driver first appeared in OpenBSD 7.4.

David Gwynne <>.

August 7, 2023 OpenBSD-current