From owner-freebsd-stable Fri Oct 4 15:51:58 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF97837B401 for ; Fri, 4 Oct 2002 15:51:57 -0700 (PDT) Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 3FC4443E3B for ; Fri, 4 Oct 2002 15:51:57 -0700 (PDT) (envelope-from kudzu@tenebras.com) Received: (qmail 22121 invoked from network); 4 Oct 2002 22:51:56 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 4 Oct 2002 22:51:56 -0000 Message-ID: <3D9E1B8A.9080709@tenebras.com> Date: Fri, 04 Oct 2002 15:51:54 -0700 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en, fr-fr, ru MIME-Version: 1.0 To: Glenn Trewitt Cc: Randy Bush , FreeBSD Stable Subject: Re: small install References: <3D9E11DB.73D3D7E9@cs.cmu.edu> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Glenn Trewitt wrote: > DESTDIR=/s1/soekris If you're doing IPSec or PPTP or any VPN you may want OpenSSL, since it's the source of the crypto libs, and hardware support for the vpn card is available via Sam Leffler's OpenBSD /dev/crypto patches to -STABLE as of 08/xx/2002. This causes kern_random to use the HW RBG on the HiFn chip, and the OpenSSL Engine code uses the crypto functions of the chip. It seems that ENGINE is not included in the base install of OpenSSL, which caused some confusion during my first attempt to apply the patch, but is easily remedied. I question whether you'd want any compiler at all on a firewall... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message