Scott,
I am experiencing an unrelated issue with the snapshot. All the
associations on the IPSEC SA page (diag_ipsec_sad.php) page show as
"Invalid" and "extension" for the "Source" and "Destination" field
respectively. The SPD page is fine.
The reason is that "setkey -D" is returning "Invalid extension type"
for each association. Adding the -v option gives the additional hint
"invalid ext type 20 was passed."
Denny
On Sep 14, 2007, at 00:43 , Denny Page wrote:
Scott,
I downloaded this file: http://snapshots.pfsense.org/FreeBSD6/
RELENG_1_2/updates/pfSense-Full-And-Embedded-Update-1.2-RC2.tgz and
installed. The openvpn executable contained in this update passes
the tests, padlock included. I will continue to test this (live)
over the next few days, but things look good to this point. Thank
you for the updated build--it is much appreciated.
Only thing that is a bit odd: In the tarball, the openvpn
executable shows a modification date of today, however when
installed in the system, it still shows a modification date of
April 5, 2006. Is the mod time explicitly set during the install?
Thanks,
Denny
On Sep 13, 2007, at 10:23 , Scott Ullrich wrote:
On 9/13/07, Denny Page <[EMAIL PROTECTED]> wrote:
Scott/Chris,
Apologies for the delay. Took me a bit to figure out the directory
structures and scripts such for the developer ISO. Still not sure I
understand it very well. :-)
I have built openvpn using the source on the developer ISO. First I
built everything using scripts in /home/pfsense/tools/
builder_script. Then, I went to /home/pfsense/tools/pfPorts/
openvpn. I removed the openvpn executable so that I could
explicitly
force a build with -static--however it's unclear to me if this step
was necessary, I was just trying to figure the build system out.
I can confirm that a build from the openvpn/crypto source code in
the
current pfSense developer system produces a correctly functioning
version of openvpn. All tests, including the specific test for the
padlock problem in OpenSSL, pass.
Some additional notes:
* The patch I referred to is actually in the pfSense repo: /home/
pfsense/tools/patches/misc/eng_padlock.c.diff.
* The patch has already been applied to openssl in /usr/src/crypto/
openssl/crypto/engine/eng_padlock.c.
* The modification on the openvpn executable in the shipping 1.2 RC2
is April 5, 2006. This predates the first 1.2 release by about a
year.
So, It appears that the problem is simply a case of the current
openvpn executable not being built/shipped. Should be easy to
correct this.
Do I need to file a new bug report, or is the existing one
sufficient?
Should be okay. Please test a snapshot in a few hours.
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
