From owner-freebsd-questions Thu Nov 30 5: 1:36 2000 Delivered-To: freebsd-questions@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id CE80F37B401 for ; Thu, 30 Nov 2000 05:01:33 -0800 (PST) Received: from ezo.net (c3-1d160.neo.rr.com [24.93.233.160]) by lily.ezo.net (8.8.7/8.8.7) with ESMTP id IAA07235; Thu, 30 Nov 2000 08:08:51 -0500 (EST) Message-ID: <3A264F80.A39648B3@ezo.net> Date: Thu, 30 Nov 2000 08:00:48 -0500 From: Jim Flowers Organization: EZNets, Inc. X-Mailer: Mozilla 4.72 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Archie Cobbs Cc: cpenner@streamflo.com, freebsd-questions@freebsd.org Subject: Re: SKIP port on 4.x References: <3A253BB5.7399.FFFDF090@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hey Archie, If we provide the funding for a few hours of effort, do you know anyone who could take a look at this sooner rather than later? The field of view has been narrowed down pretty much and may be no more complicated than which of the multiple md5.h header files is being used. "Craig W. Penner" wrote: > > Jim, > > > Your observations match ours exactly. We also have a need to bring > > skip along in 4.x (it still works with 4.0-RELEASE) to maintain and > > expand existing VPN networks. > > For what it's worth, I found that it still works with 4.1-RELEASE, > but not with 4.1.1-RELEASE. So it broke sometime during the two > months that passed between those two releases. > > > So it appears that the trouble is probably not with skip, itself, but > > with the way it is linked into the OS or the crypto implementation. > > That's the conclusion I arrived at as well, and if I had to guess, I > would guess at the latter (the crypto implementation). From the > release notes for 4.1.1: > > "Since 4.1-RELEASE was produced in August 2000, RSA released > their code into the public domain and a number of > other security enhancements were made possible through the > FreeBSD project's permission to export cryptographic code > from the United States. These changes are fully reflected in 4.1.1- > RELEASE..." > > Unfortunately, debugging this kind of a problem is somewhat > outside my area of expertise. > > > Hopefully Archie is right and it is something simple. I wonder if it > > would help if we would sponser the necessary effort? > > That thought occurred to me as well, and this is something I might > actually be able to help out with. What would it take? > > Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message