How likely is it that we can get a kernel tweak for 11.1 so the tcpmd5.ko module works?
Dan Mahoney
dmahoney at isc.org
Thu Aug 17 03:51:35 UTC 2017
All,
Please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220170
Basically, there's a kernel module that's only usable if you've built a
custom kernel with IPSEC_SUPPORT. Since to build a custom kernel you've
going to rebuild this module anyway, I'm not sure why it was shipped in
-base.
ISC runs a lot of BGP routing daemons and many of the people we peer with
require password auth as part of their peering policy. We were really
hoping for our new platform to not need to invent extra mechanics to
build/deploy custom kernels.
How hard would it be to add:
1) IPSEC_SUPPORT to base without waiting for 11.2? (After all, IPSEC
itself is already in the base kernel).
or
2) Building another module that would add the necessary IPSEC_SUPPORT
knobs so TCPMD5 loads without needing to modify the shipped kernel?
-Dan Mahoney
ISC
More information about the freebsd-net
mailing list