Date: Wed, 31 Dec 2014 05:22:27 -0800 From: Nathan Whitehorn <nwhitehorn@freebsd.org> To: freebsd-hackers@freebsd.org Subject: Re: [FreeBSD 11 Wishlist] Replacing an OpenBSD Firewall Message-ID: <54A3F893.5010700@freebsd.org> In-Reply-To: <1419995051.3716640.208176841.1676669A@webmail.messagingengine.com> References: <1419995051.3716640.208176841.1676669A@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/30/14 19:04, Mark Felder wrote: > After finding today that some of my intermittent home network problems > are likely due to OpenBSD being unable to keep time* on my PC Engines > APU4 firewall I am attempting yet again to run FreeBSD in this role. > > Here are my pain points that made me go with OpenBSD for so long: > > 1) No IPSEC in GENERIC > 2) if_stf not having 6rd support (paging hrs@) I'll second this. I'd note, however, that you can get 6RD working with gif(4) perfectly well so long as you don't care about reaching other customers on your local network segment. I've been using this for the last 6 months. -Nathan > 3) pf issues: ipv6 checksums, fragments > 4) pf syntax (ok, this is really an "I wish...") > > I noticed net/stf-6rd-kmod now has a patch for FreeBSD 10 so I grabbed > the diff and built an IPSEC kernel with this patch applied. I'm now > mostly up and running except for the fact that I have no idea how to > configure stf for 6rd. There don't seem to be any docs/examples > anywhere. Unfortunately the man page edits in the diff don't give me any > details. I'd love to see a simple example because I'm completely lost > right now. > > In conclusion: > - Let's get IPSEC into GENERIC or make it accessible for users via pkg. > It will need to receive the same treatment as GENERIC's freebsd-update > patches. > - Can we please get 6rd support in head? I understand these shims have > lost a lot of interest/momentum but native IPv6 isn't coming soon for > most people. > - Glad to see pf patches flowing in: ipv6, checksum, vnet, etc. Thanks > everyone! > > > I will say I'm completely baffled by one thing though: the concept of > having rtadvd in base, but no dhcpd in base. That doesn't make any sense > to me. Shouldn't rtadvd be moved to ports? > > > > *For those curious, OpenBSD falls behind several seconds per minute and > sometimes jumps hundreds behind. It's not a hardware issue as FreeBSD > runs fine. Changing time counters in OpenBSD didn't work. This probably > started around the time I upgraded to OpenBSD 5.6, but I'm not sure. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54A3F893.5010700>