NAME
fast_ipsec — 
Fast IPsec
  hardware-accelerated IP Security Protocols
SYNOPSIS
options IPSEC
options IPSEC_DEBUG
DESCRIPTION
IPsec is a set of protocols, ESP (for Encapsulating Security Payload) AH (for
  Authentication Header), and IPComp (for IP Payload Compression Protocol) that
  provide security services for IP datagrams. Fast IPsec is an implementation of
  these protocols that uses the
  
opencrypto(9) subsystem to
  carry out cryptographic operations. This means, in particular, that
  cryptographic hardware devices are employed whenever possible to optimize the
  performance of these protocols.
In general, the Fast IPsec implementation is intended to be compatible with the
  KAME IPsec implementation. The user should refer to
  
ipsec(4) for basic information on
  setting up and using these protocols.
System configuration requires the
  
opencrypto(9) subsystem.
  When the Fast IPsec protocols are configured for use, all protocols are
  included in the system. To selectively enable/disable protocols, use
  
sysctl(8).
DIAGNOSTICS
To be added.
SEE ALSO
setkey(8),
  
sysctl(8),
  
opencrypto(9)
HISTORY
The protocols draw heavily on the 
OpenBSD implementation
  of the IPsec protocols. The policy management code is derived from the KAME
  implementation found in their IPsec protocols. The Fast IPsec protocols are
  based on code which appeared in 
FreeBSD 4.7. The
  
NetBSD version is a close copy of the
  
FreeBSD original, and first appeared in
  
NetBSD 2.0.
Support for IPv6 and IPcomp protocols has been added in 
NetBSD
  4.0.
Support Network Address Translator Traversal as described in RFCs 3947 and 3948
  has been added in 
NetBSD 5.0.
BUGS
Certain legacy authentication algorithms are not supported because of issues
  with the 
opencrypto(9)
  subsystem.
This documentation is incomplete.