Date: Tue, 10 Aug 2004 10:31:27 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: current@freebsd.org Subject: Re: IPSec + 5.2.current Problem Message-ID: <20040810103127.56fda573@Magellan.Leidinger.net> In-Reply-To: <Pine.BSF.4.53.0408091417500.1709@e0-0.zab2.int.zabbadoz.net> References: <200408080622.i786Mnhe017474@www1.pochta.ru> <20040808132524.GB1033@mehnert.org> <20040808155623.2fa6fb4b@Magellan.Leidinger.net> <20040809112700.GB659@mehnert.org> <20040809150754.13ca108a@Magellan.Leidinger.net> <Pine.BSF.4.53.0408091314260.1709@e0-0.zab2.int.zabbadoz.net> <20040809153341.24963cfd@Magellan.Leidinger.net> <Pine.BSF.4.53.0408091338520.1709@e0-0.zab2.int.zabbadoz.net> <20040809161137.0bab2d07@Magellan.Leidinger.net> <Pine.BSF.4.53.0408091417500.1709@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 9 Aug 2004 14:27:49 +0000 (UTC)
"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> wrote:
> On Mon, 9 Aug 2004, Alexander Leidinger wrote:
>
> > > which on ? use vs. require ? I think this is just not HEAD.
> >
> > In my case it's -current from Jul 18.
>
> and use vs. require does make a difference for you ?
I don't know, I can't test it, the box is in production now. But it
seems to make a difference for Hannes.
> > > your problem: do you really need gif(4) ? if yes - what for ?
> >
> > In my case the problem doesn't matter, since using FAST_IPSEC works for
> > me. But I think it should be fixed for 5.3.
>
> the MSIZE= should really be fixed I think, yes.
I was talking about the other problem we see, I have MSIZE in the
kernel, and IPSEC didn't worked (at least not with require).
> > As you can see in the above mentioned mail, I converted a 4.x system to
> > -current. On 4.x I've used gif for a tunnel (as documented in the
> > handbook)
>
> I will have to read this. Nether had to use gif(4) with IPsec on the
> 4.[7-*] machines I co-configered. Perhaps the handbook is just
> outdated.
>
> > between the FreeBSD system and a VPN appliance which isn't
> > under my control. Is there another way to setup a tunnel in -current?
>
> only use IPSec w/o gif(4). gif(4) is currently needed for few things
> - IPv6 with FAST_IPSEC
> - running s.th. like a link bound routing protocol over IPsec (I think)
>
> That's what I can think of at the moment.
>
> but take care - whatever your applicance on the other side does and
> how it had worked up to now ...
Since it works and the system went live, I won't change anything ATM.
Bye,
Alexander.
--
I'm available to get hired (preferred in .lu).
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040810103127.56fda573>