From owner-freebsd-questions Wed Nov 29 15:31:50 2000 Delivered-To: freebsd-questions@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id CEEFA37B400 for ; Wed, 29 Nov 2000 15:31:47 -0800 (PST) Received: from zinnia (zinnia.ezo.net [206.150.211.129]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id SAA06824; Wed, 29 Nov 2000 18:37:59 -0500 (EST) Message-ID: <000501c05a5b$0bf1be90$81d396ce@ezo.net> From: "Jim Flowers" To: Cc: "Archie Cobbs" , Subject: Re: SKIP port on 4.x Date: Wed, 29 Nov 2000 18:21:04 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Craig, Your observations match ours exactly. We also have a need to bring skip along in 4.x (it still works with 4.0-RELEASE) to maintain and expand existing VPN networks. I have tried ed0, rl0 and xl0 pci interface cards and ed0 isa interface cards, always with the same result. The problem is in the processing of the authentication algorithm. If you leave off the -m mac_algorithm key but include the -k key algorithm and -t crypto algorithm it will interoperate with other freebsd versions (at least it just did on my 4.2-RELEASE). Unfortunately MD5 is the only authentication algorithm that skip-1.0 has so I can't think of any way to explore this further. I did a diff on the gmake on 4.0-RELEASE and 4.2-RELEASE and found only a couple of possible areas in the warnings. The first is using /usr/src/sys instead of /usr/include and /usr/src/sys/i386/include instead of /usr/include/machine in the work/skip/freebsd/ directory. Probably not significant. The second is a redundant redeclaration of memcmp in skip_os.h previously defined in sys/libkern.h, also not significant. The third is the use of gensetdefs skip.kld in the later version but this looks pretty equivalent to the methodology in the earlier version. So it appears that the trouble is probably not with skip, itself, but with the way it is linked into the OS or the crypto implementation. Hopefully Archie is right and it is something simple. I wonder if it would help if we would sponser the necessary effort? Jim Flowers mailto:jflowers@ezo.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message