From owner-freebsd-current  Wed Jul  5  3:51:27 2000
Delivered-To: freebsd-current@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 418E437B91A; Wed,  5 Jul 2000 03:51:25 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id DAA30489;
	Wed, 5 Jul 2000 03:51:24 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Wed, 5 Jul 2000 03:51:24 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Samuel Tardieu <sam@inf.enst.fr>
Cc: current@freebsd.org
Subject: Re: KAME integration and plans
In-Reply-To: <2000-07-05-12-47-26+trackit+sam@inf.enst.fr>
Message-ID: <Pine.BSF.4.21.0007050348570.84259-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 5 Jul 2000, Samuel Tardieu wrote:

> On  5/07, Kris Kennaway wrote:
> 
> | I intend to MFC this stuff in 4 or 5 days assuming it doesn't present any
> | problems, so this means we need everyone who is capable of doing so to
> | stress the new code as much as possible. IMO we *really* need to get this
> | into 4.1 despite the relatively short testing cycle, for the simple reason
> | that the newer code is much more functional, and in particular supports
> | the racoon IKE daemon for automatic management of IPSEFC security
> | associations (i.e. manually-keyed SAs are no longer required) - this is
> | already in ports. This is important for interoperability with other IPSEC
> | implementations.
> 
> How hard would it be to use IPSEC with *.freebsd.org machines (at least
> www.freebsd.org)? This would be a good test. Of course, IPSEC should not be
> required ;)

Well, IPSEC isn't configured at all on those machines right now, and it's
probably not the best place to test from. But by all means if you have the
capability to test the new racoon port, especially interoperating it with
other IPSEC implementations (subject to what KAME is known to support)
please do so.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message