Date: Tue, 30 Dec 2014 21:04:11 -0600 From: Mark Felder <feld@FreeBSD.org> To: freebsd-hackers@freebsd.org Subject: [FreeBSD 11 Wishlist] Replacing an OpenBSD Firewall Message-ID: <1419995051.3716640.208176841.1676669A@webmail.messagingengine.com>
next in thread | raw e-mail | index | archive | help
After finding today that some of my intermittent home network problems are likely due to OpenBSD being unable to keep time* on my PC Engines APU4 firewall I am attempting yet again to run FreeBSD in this role. Here are my pain points that made me go with OpenBSD for so long: 1) No IPSEC in GENERIC 2) if_stf not having 6rd support (paging hrs@) 3) pf issues: ipv6 checksums, fragments 4) pf syntax (ok, this is really an "I wish...") I noticed net/stf-6rd-kmod now has a patch for FreeBSD 10 so I grabbed the diff and built an IPSEC kernel with this patch applied. I'm now mostly up and running except for the fact that I have no idea how to configure stf for 6rd. There don't seem to be any docs/examples anywhere. Unfortunately the man page edits in the diff don't give me any details. I'd love to see a simple example because I'm completely lost right now. In conclusion: - Let's get IPSEC into GENERIC or make it accessible for users via pkg. It will need to receive the same treatment as GENERIC's freebsd-update patches. - Can we please get 6rd support in head? I understand these shims have lost a lot of interest/momentum but native IPv6 isn't coming soon for most people. - Glad to see pf patches flowing in: ipv6, checksum, vnet, etc. Thanks everyone! I will say I'm completely baffled by one thing though: the concept of having rtadvd in base, but no dhcpd in base. That doesn't make any sense to me. Shouldn't rtadvd be moved to ports? *For those curious, OpenBSD falls behind several seconds per minute and sometimes jumps hundreds behind. It's not a hardware issue as FreeBSD runs fine. Changing time counters in OpenBSD didn't work. This probably started around the time I upgraded to OpenBSD 5.6, but I'm not sure.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1419995051.3716640.208176841.1676669A>