From owner-freebsd-hackers  Thu May 11  1:17:23 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id CAEFC37B902; Thu, 11 May 2000 01:17:20 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id BAA30932;
	Thu, 11 May 2000 01:17:20 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Thu, 11 May 2000 01:17:20 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Ville-Pertti Keinonen <will@iki.fi>, hackers@FreeBSD.ORG
Subject: Re: ipsec 'replay' syslog error messages after reboot of one host
In-Reply-To: <200005110733.AAA62618@apollo.backplane.com>
Message-ID: <Pine.BSF.4.21.0005110112410.27069-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu, 11 May 2000, Matthew Dillon wrote:

>     I had to fix up /etc/rc.network a little to load the ipsec rules
>     at the appropriate point (just after the interface and ipfw setup,
>     but before any services (like NFS) are run).  I am going to put the
>     (relatively simple) patch for rc.network up for a quick review and
>     then commit it along with an example file and a reference to the
>     example file in the man page.

Please submit this to the KAME folks (snap-users@kame.net) as well so we
can keep in sync. I'm in the process of merging the latest KAME snapshot
into 5.0 with the aim of trying to update our IPv6/IPSec support
(Currently our IPSec code dates to November 1999), so keeping the two
codebases in sync as much as possible will help my job - I don't want the
FreeBSD IPv6/IPsec code to get ahead of the KAME code, or I'm likely to
miss the change locally and blow it away.

I'm not sure whether or not the problem you had was a bug - again, you'd
be best off speaking to the KAME guys directly (although given the age of
our ipsec code I don't know how much they'd be able to help)

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message