Date: Tue, 28 Jul 2015 10:25:59 -0700 From: Adrian Chadd <adrian.chadd@gmail.com> To: Daniel Plominski <Daniel@plominski.eu> Cc: freebsd-security@freebsd.org, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: remove IPsec SKIPJACK support... Message-ID: <CAJ-VmonhV2oCem4ZDnPdPOzk5H%2BGxK77VQQVQjJKS_9ZWv-mSA@mail.gmail.com> In-Reply-To: <55B768DC.6020009@Plominski.eu> References: <20150728005730.GL78154@funkthat.com> <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com> <20150728034157.GO78154@funkthat.com> <5E419103-3111-4ADC-A49F-B703BBBC9C5F@netgate.com> <20150728060740.GP78154@funkthat.com> <55B768DC.6020009@Plominski.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I'd put together a deprecation plan, which starts with the kernel warning that this stuff is being removed, MFC that to stable/10 and stable/9 so people aren't surprised when they upgrade, and then have it removed in 11. -adrian On 28 July 2015 at 04:34, Daniel Plominski <Daniel@plominski.eu> wrote: > instead of code to remove it is a better idea manuals to revise, people > depend on old recommendations like > https://www.freebsd.org/doc/handbook/ipsec.html > > would be better: > https://blog.plitc.eu/2014/freebsd-10-ipv4-vpn-relay-ipsec-entryopenvpn-middleopenvpn-exit-node-mit-jails/ > > or the racoon example from: > https://blog.plitc.eu/2014/freebsd-10-ipv4-ipsec-net-to-net-vpn-in-der-jail/ > > best regards > > Daniel >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmonhV2oCem4ZDnPdPOzk5H%2BGxK77VQQVQjJKS_9ZWv-mSA>