From owner-freebsd-questions Wed Nov 29 16:24:58 2000 Delivered-To: freebsd-questions@freebsd.org Received: from gatekeeper.streamflo.com (gatekeeper.streamflo.com [204.209.251.6]) by hub.freebsd.org (Postfix) with ESMTP id 5F9DB37B401 for ; Wed, 29 Nov 2000 16:24:55 -0800 (PST) Received: by gatekeeper.streamflo.com (8.9.3) id RAA82744; Wed, 29 Nov 2000 17:24:35 -0700 (MST) Received: from gatekeeper.streamflo.com by gatekeeper.streamflo.com via SMTP id xma082742; Wed, 29 Nov 00 17:24:21 -0700 Received: from mailhub.streamflo.com by mailhub.streamflo.com id RAA82922; Wed, 29 Nov 2000 17:24:21 -0700 (MST) From: "Craig W. Penner" Organization: Stream-Flo Industries Ltd. To: "Jim Flowers" Date: Wed, 29 Nov 2000 17:24:05 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: SKIP port on 4.x Reply-To: cpenner@streamflo.com Cc: "Archie Cobbs" , Message-ID: <3A253BB5.7399.FFFDF090@localhost> In-reply-to: <000501c05a5b$0bf1be90$81d396ce@ezo.net> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jim, > Your observations match ours exactly. We also have a need to bring > skip along in 4.x (it still works with 4.0-RELEASE) to maintain and > expand existing VPN networks. For what it's worth, I found that it still works with 4.1-RELEASE, but not with 4.1.1-RELEASE. So it broke sometime during the two months that passed between those two releases. > So it appears that the trouble is probably not with skip, itself, but > with the way it is linked into the OS or the crypto implementation. That's the conclusion I arrived at as well, and if I had to guess, I would guess at the latter (the crypto implementation). From the release notes for 4.1.1: "Since 4.1-RELEASE was produced in August 2000, RSA released their code into the public domain and a number of other security enhancements were made possible through the FreeBSD project's permission to export cryptographic code from the United States. These changes are fully reflected in 4.1.1- RELEASE..." Unfortunately, debugging this kind of a problem is somewhat outside my area of expertise. > Hopefully Archie is right and it is something simple. I wonder if it > would help if we would sponser the necessary effort? That thought occurred to me as well, and this is something I might actually be able to help out with. What would it take? Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message