The following reply was made to PR bin/29915; it has been noted by GNATS.

From: manu@netbsd.org (Emmanuel Dreyfus)
To: peter@boku.net (Peter Eisch), gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/29915 Can't setkey for tcp-md5 anymore
Date: Sat, 9 Apr 2005 19:29:58 +0200

 Peter Eisch <peter@boku.net> wrote:
 
 > This is good.  I've got i386 and sparc64 (just for endian testing) working
 > with a cisco but there's an odd nuance.  The initial SYNs originated from
 > NetBSD don't have the tcp-md5 auth in them.  If the cisco originates with a
 > SYN (with the tcp-md5) NetBSD will SYN-ACK with the tcp-md5 auth.
 
 Did that also happen in NetBSD 2.0 (or older relase), or is that problem
 specific to -current?
  
 > Beyond this detail, I'm ready to give it some load testing and then look at
 > what it takes to add/delete keys dynamically.  Should calls like OpenBSDs
 > work with this libipsec?
 
 AFAIK, OpenBSD uses a different implementation, but I don't know how
 different it is.
 
 -- 
 Emmanuel Dreyfus
 Le cahier de l'admin BSD 2eme ed. est dans toutes les bonnes librairies
 http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
 manu@netbsd.org