From owner-freebsd-current@FreeBSD.ORG Tue Aug 10 08:30:56 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E813916A4CE for ; Tue, 10 Aug 2004 08:30:56 +0000 (GMT) Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com [194.25.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 445FA43D2F for ; Tue, 10 Aug 2004 08:30:56 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from fwd08.aul.t-online.de by mailout06.sul.t-online.com with smtp id 1BuS1u-0005W3-02; Tue, 10 Aug 2004 10:30:46 +0200 Received: from Andro-Beta.Leidinger.net (Ek9ntZZLre2feWU2mF6AT2zizYOrmerwXw7Qu1HJQzLdBUHkoVSREx@[84.128.203.72]) by fmrl08.sul.t-online.com with esmtp id 1BuS1n-0QXUf20; Tue, 10 Aug 2004 10:30:39 +0200 Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1]) i7A8UgKZ099358; Tue, 10 Aug 2004 10:30:42 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Date: Tue, 10 Aug 2004 10:31:27 +0200 From: Alexander Leidinger To: "Bjoern A. Zeeb" Message-Id: <20040810103127.56fda573@Magellan.Leidinger.net> In-Reply-To: References: <200408080622.i786Mnhe017474@www1.pochta.ru> <20040808132524.GB1033@mehnert.org> <20040808155623.2fa6fb4b@Magellan.Leidinger.net> <20040809112700.GB659@mehnert.org> <20040809150754.13ca108a@Magellan.Leidinger.net> <20040809153341.24963cfd@Magellan.Leidinger.net> <20040809161137.0bab2d07@Magellan.Leidinger.net> X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ID: Ek9ntZZLre2feWU2mF6AT2zizYOrmerwXw7Qu1HJQzLdBUHkoVSREx@t-dialin.net cc: Hannes Mehnert cc: current@freebsd.org Subject: Re: IPSec + 5.2.current Problem X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2004 08:30:57 -0000 On Mon, 9 Aug 2004 14:27:49 +0000 (UTC) "Bjoern A. Zeeb" wrote: > On Mon, 9 Aug 2004, Alexander Leidinger wrote: > > > > which on ? use vs. require ? I think this is just not HEAD. > > > > In my case it's -current from Jul 18. > > and use vs. require does make a difference for you ? I don't know, I can't test it, the box is in production now. But it seems to make a difference for Hannes. > > > your problem: do you really need gif(4) ? if yes - what for ? > > > > In my case the problem doesn't matter, since using FAST_IPSEC works for > > me. But I think it should be fixed for 5.3. > > the MSIZE= should really be fixed I think, yes. I was talking about the other problem we see, I have MSIZE in the kernel, and IPSEC didn't worked (at least not with require). > > As you can see in the above mentioned mail, I converted a 4.x system to > > -current. On 4.x I've used gif for a tunnel (as documented in the > > handbook) > > I will have to read this. Nether had to use gif(4) with IPsec on the > 4.[7-*] machines I co-configered. Perhaps the handbook is just > outdated. > > > between the FreeBSD system and a VPN appliance which isn't > > under my control. Is there another way to setup a tunnel in -current? > > only use IPSec w/o gif(4). gif(4) is currently needed for few things > - IPv6 with FAST_IPSEC > - running s.th. like a link bound routing protocol over IPsec (I think) > > That's what I can think of at the moment. > > but take care - whatever your applicance on the other side does and > how it had worked up to now ... Since it works and the system went live, I won't change anything ATM. Bye, Alexander. -- I'm available to get hired (preferred in .lu). http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7