--- /dev/null
+# $FreeBSD: head/security/openiked/Makefile 547543 2020-09-04 14:33:16Z swills $
+
+PORTNAME=openiked-portable
+CATEGORIES= security net
+
+MAINTAINER= portmgr@FreeBSD.org
+COMMENT= IKEv2 daemon
+
+LICENSE= ISCL
+
+LIB_DEPENDS= libevent.so:devel/libevent
+
+USES= cmake
+
+USE_GITHUB= yes
+GH_ACCOUNT= openiked
+GH_TAGNAME=45352722b7320ed97c6abe3bd961bea5acccf43d
+DISTVERSION= g20210119
+
+USE_RC_SUBR= iked
+USERS= _iked
+GROUPS= _iked
+
+.include <bsd.port.mk>
--- /dev/null
+#!/bin/sh
+
+# $FreeBSD: head/security/openiked/files/iked.in 425847 2016-11-10 16:14:03Z marcel $
+#
+# PROVIDE: iked
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# iked_enable (bool): Set to NO by default.
+# Set it to YES to enable iked.
+# iked_ramdisk (bool): Set to NO by default. See below.
+#
+# When iked_ramdisk is set to YES, the rc.d script will make sure
+# all directories exist, but will not generate a key pair if none
+# exists. The daemon is not started when the key pair no config
+# files are missing. It is assumed the ramdisk is not populated
+# completely. When iked_ramdisk is NO, key pairs are created as
+# needed and thr daemon is started unconditionally.
+
+. /etc/rc.subr
+
+name=iked
+desc="IKEv2 daemon"
+rcvar=iked_enable
+
+load_rc_config $name
+
+: ${iked_enable:=NO}
+: ${iked_ramdisk=NO}
+
+command=%%PREFIX%%/sbin/iked
+start_precmd=iked_precmd
+
+iked_config=%%PREFIX%%/etc/iked.conf
+iked_rootdir=%%PREFIX%%/etc/iked
+iked_privkey=${iked_rootdir}/private/local.key
+iked_pubkey=${iked_rootdir}/local.pub
+
+iked_precmd()
+{
+
+ if checkyesno iked_ramdisk; then
+ # Make sure we have our directory hierarchy.
+ for D in ca certs crls export private pubkeys \
+ pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
+ mkdir -p %%PREFIX%%/etc/iked/$D
+ done
+ chmod 700 %%PREFIX%%/etc/iked/private
+ else
+ # Create a key pair if not already present.
+ if test ! -f $iked_privkey; then
+ /usr/bin/openssl genrsa -out $iked_privkey 2048
+ /bin/chmod 600 $iked_privkey
+ /usr/bin/openssl rsa -out $iked_pubkey \
+ -in $iked_privkey -pubout
+ fi
+ fi
+
+ # We must have a private key and a configuration file.
+ # Don't start iked when those are missing.
+ if test ! \( -f $iked_privkey -a -f $iked_config \); then
+ # Be quiet about it; it must be intentional.
+ exit 1
+ fi
+}
+
+run_rc_command "$1"
--- /dev/null
+OpenIKED is a lean Internet Key Exchange (IKEv2) daemon which performs
+mutual authentication and which establishes and maintains IPsec VPN
+flows and security associations (SAs) between the two peers.
+
+This version of OpenIKED is derived from OpenIKED's iked, but changed
+to support transport mode IPSec and lazy creation of associations,
+among many other improvements.
+
+WWW: https://github.com/xcllnt/openiked