From owner-freebsd-security  Mon Jan 21 23:43:42 2002
Delivered-To: freebsd-security@freebsd.org
Received: from xoanon.mcwest.org (xoanon.Colorado.EDU [198.11.17.3])
	by hub.freebsd.org (Postfix) with ESMTP id AB86D37B402
	for <freebsd-security@FreeBSD.ORG>; Mon, 21 Jan 2002 23:43:39 -0800 (PST)
Received: from xoanon.mcwest.org (localhost [127.0.0.1])
	by xoanon.mcwest.org (8.11.1/8.11.1) with ESMTP id g0M7iAB01318
	for <freebsd-security@FreeBSD.ORG>; Tue, 22 Jan 2002 00:44:10 -0700 (MST)
	(envelope-from mccreary@xoanon.mcwest.org)
Message-Id: <200201220744.g0M7iAB01318@xoanon.mcwest.org>
To: freebsd-security@FreeBSD.ORG
From: "Sean McCreary" <mccreary@pch.net>
Subject: Update for isakmpd port
Date: Tue, 22 Jan 2002 00:44:10 -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I've put together an update for isakmpd in the ports collection, and I'd like
some feedback before I submit the changes.  The port is based off the 
isakmpd source released with OpenBSD 3.0, but includes several patches to
make it work better with FreeBSD.  In addition to patches to the sysdep
files for FreeBSD, I also changed the default location for the isakmpd.conf
from /etc/isakmpd to /usr/local/etc/isakmpd.  This may be controversial, but
it seems to match the approach taken in other ports like the one for OpenSSH.
Feel free to tell me whether you think this is a good or bad thing :-)

This version also supports negotiation of SAs in phase 2 that use encryption
algorithms other than DES or 3DES, and uses arc4random() for the generation
of cookies rather than the predictable sequence generated by random().  There
are a few more things that need to be done to fix problems with building
certpatch automatically and running the regression tests, but the daemon
itself runs well for me and I'd like feedback on how well it works for others.

You can temporarily obtain the port from either

      http://www.pch.net/software/isakmpd/isakmpd-3.0_FreeBSD_Port.tgz

or

      ftp://ftp.cs.colorado.edu/pub/isakmpd/isakmpd-3.0_FreeBSD_Port.tgz

Please send feedback to either <isakmpd@pch.net> or me directly.
--
Sean McCreary                                                 mccreary@pch.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message