On Tue, 2009-04-07 at 14:11 -0500, Nicolas Williams wrote: > On Tue, Apr 07, 2009 at 02:59:33PM -0400, Dan McDonald wrote: > > On Tue, Apr 07, 2009 at 02:43:35PM -0400, Girish Moodalbail wrote: > > > For now (first phase) 'ifconfig' will not be made obsolete. The *_alg > > > support will be present in ifconfig(1M) as it is today. We will not carry > > > forward the *_algs support in 'ipadm' as 'ipsecconf' is the right place > > > for people to configure it. > > > > Okay, so *_algs goes away no later than when ifconfig(1M) does. Good. > > > > BTW, for folks in the audience with existing *_algs ifconfig deployments. > > If > > you have: > > > > ifconfig ip.tun0 ..... encr_algs <foo> encr_auth_algs <bar> .... > > > > You merely need to make that an entry in /etc/inet/ipsecinit.conf > > (i.e. ipsecconf(1M) input): > > But is that really what we want? I'd rather have a CLI interface than > an $EDITOR interface.
If ipsecconf isn't sufficient, then an RFE should be filed to add to it so that you can supply policy on the command-line. I doubt that this is in scope for this project, though. -Seb _______________________________________________ networking-discuss mailing list [email protected]
