Subject: new ipsec policy engine
To: None <tech-net@netbsd.org>
From: None <itojun@iijlab.net>
List: tech-net
Date: 06/12/2000 23:26:15
I've committed latest KAME ipsec policy engine, as well as the
latest racoon pkgsrc (pkgsrc/security/racoon). I ran key exchange
between KAME/NetBSD 1.4.2 node and netbsd-current node before commit,
so it should work okay. we may need more detailed tests.
racoon pkgsrc has couple of known caveats, which should be addressed
soon. if you are curious, see pkgsrc/security/racoon/pkg/DESCR.
I do not intend to chase KAME ipsec tree for kernel side (modulo
serious bugs, of coursee). I'll update racoon pkgsrc whenever
necessary.
please update libipsec and setkey(8) if you use latest kernel.
please let me know if any of the ipsec-related PRs still persist,
or they are fixed.
itojun