From owner-freebsd-net@freebsd.org Tue Jul 28 11:35:44 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B00A9AD898; Tue, 28 Jul 2015 11:35:44 +0000 (UTC) (envelope-from Daniel@Plominski.eu) Received: from root1-rz1-hetzner.plitc.eu (root1-rz1-hetzner.plitc.eu [IPv6:2a01:4f8:a0:4283::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "root1-rz1-hetzner.plitc.eu", Issuer "StartCom Class 2 Primary Intermediate Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA810999; Tue, 28 Jul 2015 11:35:43 +0000 (UTC) (envelope-from Daniel@Plominski.eu) Received: from localhost (localhost [127.0.0.1]) by root1-rz1-hetzner.plitc.eu (Postfix) with ESMTP id 58D35AE007A; Tue, 28 Jul 2015 13:35:39 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at root1-rz1-hetzner.plitc.eu Received: from root1-rz1-hetzner.plitc.eu ([127.0.0.1]) by localhost (root1-rz1-hetzner.plitc.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MeuKhM7cMnrS; Tue, 28 Jul 2015 13:35:38 +0200 (CEST) Received: from [172.31.253.4] (unknown [46.246.49.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: daniel@plominski.eu) by root1-rz1-hetzner.plitc.eu (Postfix) with ESMTPSA id B23E7AE0074; Tue, 28 Jul 2015 13:35:37 +0200 (CEST) Message-ID: <55B768DC.6020009@Plominski.eu> Date: Tue, 28 Jul 2015 13:34:52 +0200 From: Daniel Plominski MIME-Version: 1.0 To: freebsd-security@freebsd.org, freebsd-net@freebsd.org Subject: Re: remove IPsec SKIPJACK support... References: <20150728005730.GL78154@funkthat.com> <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com> <20150728034157.GO78154@funkthat.com> <5E419103-3111-4ADC-A49F-B703BBBC9C5F@netgate.com> <20150728060740.GP78154@funkthat.com> In-Reply-To: <20150728060740.GP78154@funkthat.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jGUuK6UbOa00VscmegvsdeIvUkhoLjqv2" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 11:35:44 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jGUuK6UbOa00VscmegvsdeIvUkhoLjqv2 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable instead of code to remove it is a better idea manuals to revise, people depend on old recommendations like https://www.freebsd.org/doc/handbook/ipsec.html would be better: https://blog.plitc.eu/2014/freebsd-10-ipv4-vpn-relay-ipsec-entryopenvpn-m= iddleopenvpn-exit-node-mit-jails/ or the racoon example from: https://blog.plitc.eu/2014/freebsd-10-ipv4-ipsec-net-to-net-vpn-in-der-ja= il/ best regards Daniel --jGUuK6UbOa00VscmegvsdeIvUkhoLjqv2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVt2jhAAoJEHqkZNWiQao77nAP/0difbhZBxTb6h6emlCIbuQ7 5YayC7tIyneiFIfYQMd3DjM4kc4B3NLegX2uG/nSUu3VcGGvHK1xpNMhjYsiK9wX viZFrhLwu8YSQuTfp1na+w9znFru+elEImzCdZw++3BLm5eYRAbAUnx3Z0jmicq5 QdrzeCev2dmrV9hTBxJSlOfoZ56DIztgeE2UuwGOXi+ZmFDBqp4ci9LH180OOfNw vd5Lxd/i02ICd7XnPIdCp7Whk0XYPSXrTKNERT5x5GCnkoeOpire0KeYJjsFSx4h mfg8HhE6X3Gz6R6cZ0kHZRu1UFwDIR8MHoJYJ+idTUk/wwRlmdhKRYvHC7Wz66vc TW29ZCdAYLkOUMNN2ndU9speUIzCRP5hFp/HtboE3CViXK5c14caFXSedupd3q0+ 8BRgv6wRfAlrWtpXYyRycJYTIgbZ1Mebshi5NZhiqzJtJ511PWnAJzjd8Ox0a+V6 FuL6rs+k//roKH6sO8kWGgldaM3pc10hwB461KOVgewX0n8bcHxa5rO7oeNqbMr9 27/P+G6059G10XmNUDe2vktBIGQT+yus/OJBg1Ykk4HXy3vyGpWY2PGWW5sV2DHw crld3e4Ud7bzpWGlZxQEk0vcfa9fGwv2Gj9/7U91jFjI6qk8ZEoTzCgWnzXhVIYU YAPR/xTa8UT6k1FSz1kU =hggU -----END PGP SIGNATURE----- --jGUuK6UbOa00VscmegvsdeIvUkhoLjqv2--