cycles to fix bugs and help people
with getting started.
--Pekka Nikander
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Crist J. Clark wrote:
I'm running RELENG_4_5. Could revision 1.214 to ip_input.c have
something to do with this?
That is definitely a possibility. I didn't see this behaviour
on my kernel build from Oct 11 sources, but I do see it on later
ones. However, there was a long time after Oct 11 bef
Crist,
Crist J. Clark wrote:
I don't see this. I have one rule on my external interface,
block in log quick on de0 all head 2000
...
pass in quick proto esp from any to 12.234.89.252/32 group 2000
That allows in ESP traffic from any host. No
are frustrated by
this double processing too.
In a message Pekka Nikander says:
From the security point of view this does not matter so much,
since the IPsec code is taking care of the protection and
dropping those packets.
Can you clarify on this. In order to allow a peer network
at in the user land, having some process listening to
a PFKEY socket and adding and deleting routes as it sees
tunnel mode SPD entries coming and going.
--Pekka Nikander
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
o configure the tunnel twice: once the enc
interface, IP addresses and routing etc, and a second time
set up the proper IPsec SPD entries. Perhaps the enc
interface could be even more intelligent, and set up default
SPD entries based on routing tables???
--Pekka Nikander
To Unsubscribe: send m
ot be that easy...
Now, out of curiosity, why do you consider loif[] evil?
--Pekka Nikander
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
wing
small hack to netinet6/esp_input.c It changes the ESP tunneled
packets to look like they were coming from the loopback interface.
And it works like charm. However, this is not a proper fix,
and a better one might be to increment NLOOP and use loif[1]
instead of loif[0]. Opinions?
-
jeremie le-hen wrote:
However, I fight with 802.1x under FreeBSD. I know Pekka Nikander worked on an
802.1x implementation under FreeBSD (see [1]), but I wasn't able to make it
work with a FreeRadius server.
My 802.1x implementation is still lacking quite a lot,
especially at the user
or PAM. Think with logging in, it will authenticate you to the
> (physical) network and the (ethernet) switch will put you into the
> right VLAN for example. Or it could prompt for secure-id.
Ditto.
> Probably it should even be recognized by the TrustedBSD components,
> talk to <
only client
side functionality, but it has been tested to be able to send the
EAPOL START and LOGOFF messages. No documentation yet, sorry. RTFS.
--Pekka Nikander
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
11 matches
Mail list logo
