Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 29 Nov 2017 13:42:54 +0100
From:      Matthias Meyser <matthias@harz.de>
To:        Kristof Provost <kristof@sigsegv.be>
Cc:        freebsd-jail@FreeBSD.org
Subject:   Re: IPSEC in VNET Jails
Message-ID:  <a249b135-35d8-97ed-d258-d61d3a3bc5d7@harz.de>
In-Reply-To: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be>
References:  <f144fcea-b5c2-683e-c7ca-5a86bc45ffbc@harz.de> <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help 
Am 29.11.2017 um 12:40 schrieb Kristof Provost:
> On 29 Nov 2017, at 12:16, Matthias Meyser wrote:
>> Hi
>>
>> i use a IPSEC Tunnel inside a VNET jail without problems.
>>
>> Annoyingly /etc/rc.d/ipsec dos not run in VNET jails.
>>
>> This is fixed in head see
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364
>>
>> This is NOT MFCed to stable/11 because the author isn't convinced that 
>> VNET jails are "is sufficiently robust in stable/11 to encourage people to 
>> use it"
>>
>> As this fix only makes a difference if you
>>
>> 1) Have compiled a Kernel WITH VIMAGE support
>> 2) Setup and configured a VNET jail.
>> 3) Setup IPSEC inside the VNET jail.
>>
>> i think this should be MFCed.
>>
> I stand by my initial assessment that VNET is not sufficiently stable in 
> stable/11 to encourage its use there.
> There are still issues with IPSec, even in head. See 
> https://reviews.freebsd.org/D13017 for some more information on that.
> Those issues are being addressed in head, but I do not expect VNET to ever 
> become robust in 11.

I could not find any bug report about those problems.
As there are test (your link) that are failing I would expect some sort of 
bug report.

If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is it in 
/etc/rc.d/[routing|netif|ipfw]. I just don't get it.

Regards
    Matthias








> 
> Regards,
> Kristof
> 


-- 
Matthias Meyser
38678 Clausthal-Zellerfeld, Marktstrasse 40
Telefon: +49 5323 9839910
Fax:     +49 5323 9839917

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a249b135-35d8-97ed-d258-d61d3a3bc5d7>