Am 29.11.2017 um 12:40 schrieb Kristof Provost:
On 29 Nov 2017, at 12:16, Matthias Meyser wrote:
Hi
i use a IPSEC Tunnel inside a VNET jail without problems.
Annoyingly /etc/rc.d/ipsec dos not run in VNET jails.
This is fixed in head see
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211364
This is NOT MFCed to stable/11 because the author isn't convinced that
VNET jails are "is sufficiently robust in stable/11 to encourage people to
use it"
As this fix only makes a difference if you
1) Have compiled a Kernel WITH VIMAGE support
2) Setup and configured a VNET jail.
3) Setup IPSEC inside the VNET jail.
i think this should be MFCed.
I stand by my initial assessment that VNET is not sufficiently stable in
stable/11 to encourage its use there.
There are still issues with IPSec, even in head. See
https://reviews.freebsd.org/D13017 for some more information on that.
Those issues are being addressed in head, but I do not expect VNET to ever
become robust in 11.
I could not find any bug report about those problems.
As there are test (your link) that are failing I would expect some sort of
bug report.
If VNET support in /etc/rc.d/ipsec is too "encouraging users" why is it in
/etc/rc.d/[routing|netif|ipfw]. I just don't get it.
Regards
Matthias
Regards,
Kristof
--
Matthias Meyser
38678 Clausthal-Zellerfeld, Marktstrasse 40
Telefon: +49 5323 9839910
Fax: +49 5323 9839917
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
