FreeBSD i IPv6

[Tomasz Luchowski]

dla wszystkich zainteresowanych:

----- Forwarded message from Kris Kennaway <kris w FreeBSD.org> -----

Delivered-To: freebsd-stable w freebsd.org
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Sun, 16 Jul 2000 16:00:16 -0700 (PDT)
From: Kris Kennaway <kris w FreeBSD.org>
To: stable w freebsd.org, net w freebsd.org
Subject: HEADS UP! Please test new KAME
X-Loop: FreeBSD.ORG
Precedence: bulk

I meant to send this out yesterday, but forgot. I have merged the KAME
code from -current, which brings 4.1 up to the most recent sources from
the KAME project (http://www.kame.net). What does this give us? I'm glad
you asked :-)

* Signficantly improved IPSEC functionality. In particular, IPSEC security
associations must no longer be manually keyed: the new code supports
racoon, the KAME IKE daemon, which is located in
/usr/ports/security/racoon. Racoon has been shown to interoperate well
with other vendor IKE systems, meaning that FreeBSD 4.1 can be used in a
heterogeneous IPSEC environment. However, racoon *is* still a work in
progress, meaning that there may still be bugs, configuration syntax
changes, etc.

* About 9 months of fixes and improvements to the IPv6 code relative to
what was previously in 4.0.

* FreeBSD 4.1 can now be installed on an IPv6-only network - this will be
the first release of FreeBSD that never needs to operate using IPv4 at
all! ftp7.jp.freebsd.org (Japan #7) is an IPv6-reachable mirror site for
installation and package-fetching.

* Several additional system utilities (whois, fetch, and possibly others)
have gained the ability to operate over IPv6.

* FreeBSD 4.1 will ship with numerous IPv6-ready packages including web
servers and browsers, all manner of network clients (FTP, IRC, SSH, ...)
and network tools. See http://www.freebsd.org/ports/ipv6.html for a list
of IPv6-capable ports.

* One useful feature of KAME which has not yet been merged across is the
ALTQ traffic-shaping system - I hope to get this in time for 4.2. The more
experimental KAME code has also not been merged. If you need those
features, I suggest you make use of the KAME snapshots from www.kame.net
which will become available after 4.1-RELEASE.

* I am sure I have forgotten some of the features of the new code :-)

The merged changes have been tested in -current for several weeks without
incident. The only known problem is that NFS mounts over IPSEC do not seem
to work reliably (in my testing environment, at least) - I have seen
eventual hangs with IPSEC/ESP mounts and possible data corruption with
IPSEC/AH.

However, there's of course no way for me to have tested everything, so
there may still be bugs which affect operation. There are still 9 days
until the scheduled release of 4.1-RELEASE in which to find and correct
problems, so I respectfully ask all of you who can test the new code to
please do as much as you can *now*, while there's still time, and not
after the release has been rolled when it's too late. Thanks!

On behalf of the FreeBSD community, I would like to thank the KAME
developer team for their tireless work and dedication to the BSD
community, and in particular the efforts of Hagino-san, Umemoto-san and
Sumikawa-san (I hope I'm not forgetting anyone) for bringing the latest
code into FreeBSD.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe w alum.mit.edu>

----- End forwarded message -----

-- 
/* [zuntum] zuntum w eik.pl , [WWW] http://eik.pl/~zuntum */