On Thu, Aug 17, 2017 at 03:51:25AM +0000, Dan Mahoney wrote: > All, > > Please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220170 > > Basically, there's a kernel module that's only usable if you've built a > custom kernel with IPSEC_SUPPORT. Since to build a custom kernel you've > going to rebuild this module anyway, I'm not sure why it was shipped in > -base. > > ISC runs a lot of BGP routing daemons and many of the people we peer with > require password auth as part of their peering policy. We were really > hoping for our new platform to not need to invent extra mechanics to > build/deploy custom kernels. > > How hard would it be to add: > > 1) IPSEC_SUPPORT to base without waiting for 11.2? (After all, IPSEC > itself is already in the base kernel). > > or > > 2) Building another module that would add the necessary IPSEC_SUPPORT > knobs so TCPMD5 loads without needing to modify the shipped kernel? >
+1 It would be even better to exchange IPSEC with IPSEC_SUPPORT in GENERIC. Both modules: IPSEC as well as TCPMD5 could be loaded at boot time or later. Best regards, -- Marek Zarychta
signature.asc
Description: PGP signature
