Your new questions deserve their own thread. One of the forum admins may split it into a new thread for you.
IPSec compatibility:
To my recollection, the only upgrade that affected IPSec compatibility
between OpenBSD releases was from 4.6 to 4.7, as noted in the Upgrade Guide for 4.6 -> 4.7 here:
http://www.openbsd.org/faq/upgrade47.html#hmac-sha2. Your release is beyond this issue.
I have reviewed the Upgrade Guides from 5.3 forwards, and do not see IPSec mentioned. But there was an announced change to IPSec at 5.8. From the release announcement at
http://www.openbsd.org/58.html::
Quote:
|
The default Diffie-Hellman group for VPNs configured by ipsec.conf(5) has been changed to modp3072.
|
Whether this change would have any impact on you will depend on your (and your company's) specific implementation.
In addition, at 5.9, an additional cipher was added as a security improvement, per the release announcement
http://www.openbsd.org/59.html:
Quote:
|
Chacha20-Poly1305 authenticated encryption mode has been implemented in the IPsec stack for the ESP protocol.
|
Because your IPSec connection is with a third party OS, the only way to confirm whether or not the changes in OpenBSD affect integration will be to test it.
I recommend you install a test OpenBSD 6.0 release system on a spare disk drive (such as a USB memory stick), and test your current IPSec configuration with the new release.
How to upgrade:
The OpenBSD project supports only one form of upgrade: between adjacent releases. You can follow each Upgrade Guide and upgrade from 5.3 to 5.4, then from 5.4 to 5.5, and so on. Each Upgrade Guide describes the exact steps to take, and any manual changes you will need to make. This includes syntax changes needed in any configuration files, such as pf.conf, though the changes to PF syntax since 5.3 affect queuing and debugging, and may not affect your configuration at all.
Because of the large number of releases you have missed, you may find reinstallation would be easier.