Date: Wed, 29 Nov 2000 18:21:04 -0500 From: "Jim Flowers" <jflowers@ezo.net> To: <cpenner@streamflo.com> Cc: "Archie Cobbs" <archie@dellroad.org>, <freebsd-questions@freebsd.org> Subject: Re: SKIP port on 4.x Message-ID: <000501c05a5b$0bf1be90$81d396ce@ezo.net>
next in thread | raw e-mail | index | archive | help
Craig, Your observations match ours exactly. We also have a need to bring skip along in 4.x (it still works with 4.0-RELEASE) to maintain and expand existing VPN networks. I have tried ed0, rl0 and xl0 pci interface cards and ed0 isa interface cards, always with the same result. The problem is in the processing of the authentication algorithm. If you leave off the -m mac_algorithm key but include the -k key algorithm and -t crypto algorithm it will interoperate with other freebsd versions (at least it just did on my 4.2-RELEASE). Unfortunately MD5 is the only authentication algorithm that skip-1.0 has so I can't think of any way to explore this further. I did a diff on the gmake on 4.0-RELEASE and 4.2-RELEASE and found only a couple of possible areas in the warnings. The first is using /usr/src/sys instead of /usr/include and /usr/src/sys/i386/include instead of /usr/include/machine in the work/skip/freebsd/ directory. Probably not significant. The second is a redundant redeclaration of memcmp in skip_os.h previously defined in sys/libkern.h, also not significant. The third is the use of gensetdefs skip.kld in the later version but this looks pretty equivalent to the methodology in the earlier version. So it appears that the trouble is probably not with skip, itself, but with the way it is linked into the OS or the crypto implementation. Hopefully Archie is right and it is something simple. I wonder if it would help if we would sponser the necessary effort? Jim Flowers mailto:jflowers@ezo.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000501c05a5b$0bf1be90$81d396ce>