Date: Wed, 29 Nov 2017 13:42:54 +0100 From: Matthias Meyser <matthias@harz.de> To: Kristof Provost <kristof@sigsegv.be> Cc: freebsd-jail@FreeBSD.org Subject: Re: IPSEC in VNET Jails Message-ID: <a249b135-35d8-97ed-d258-d61d3a3bc5d7@harz.de> In-Reply-To: <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be> References: <f144fcea-b5c2-683e-c7ca-5a86bc45ffbc@harz.de> <20A48018-1601-4AFC-95E5-AA9725E79E3D@sigsegv.be>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 29.11.2017 um 12:40 schrieb Kristof Provost: > On 29 Nov 2017, at 12:16, Matthias Meyser wrote: >> Hi >> >> i use a IPSEC Tunnel inside a VNET jail without problems. >> >> Annoyingly /etc/rc.d/ipsec dos not run in VNET jails. >> >> This is fixed in head see >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364 >> >> This is NOT MFCed to stable/11 because the author isn't convinced that >> VNET jails are "is sufficiently robust in stable/11 to encourage people to >> use it" >> >> As this fix only makes a difference if you >> >> 1) Have compiled a Kernel WITH VIMAGE support >> 2) Setup and configured a VNET jail. >> 3) Setup IPSEC inside the VNET jail. >> >> i think this should be MFCed. >> > I stand by my initial assessment that VNET is not sufficiently stable in > stable/11 to encourage its use there. > There are still issues with IPSec, even in head. See > https://reviews.freebsd.org/D13017 for some more information on that. > Those issues are being addressed in head, but I do not expect VNET to ever > become robust in 11. I could not find any bug report about those problems. As there are test (your link) that are failing I would expect some sort of bug report. If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is it in /etc/rc.d/[routing|netif|ipfw]. I just don't get it. Regards Matthias > > Regards, > Kristof > -- Matthias Meyser 38678 Clausthal-Zellerfeld, Marktstrasse 40 Telefon: +49 5323 9839910 Fax: +49 5323 9839917
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a249b135-35d8-97ed-d258-d61d3a3bc5d7>