[FreeBSD 11 Wishlist] Replacing an OpenBSD Firewall
Mark Saad
nonesuch at longcount.org
Wed Dec 31 14:03:33 UTC 2014
> On Dec 30, 2014, at 10:04 PM, Mark Felder <feld at FreeBSD.org> wrote:
>
> After finding today that some of my intermittent home network problems
> are likely due to OpenBSD being unable to keep time* on my PC Engines
> APU4 firewall I am attempting yet again to run FreeBSD in this role.
>
> Here are my pain points that made me go with OpenBSD for so long:
>
> 1) No IPSEC in GENERIC
> 2) if_stf not having 6rd support (paging hrs@)
> 3) pf issues: ipv6 checksums, fragments
> 4) pf syntax (ok, this is really an "I wish...")
>
> I noticed net/stf-6rd-kmod now has a patch for FreeBSD 10 so I grabbed
> the diff and built an IPSEC kernel with this patch applied. I'm now
> mostly up and running except for the fact that I have no idea how to
> configure stf for 6rd. There don't seem to be any docs/examples
> anywhere. Unfortunately the man page edits in the diff don't give me any
> details. I'd love to see a simple example because I'm completely lost
> right now.
>
> In conclusion:
> - Let's get IPSEC into GENERIC or make it accessible for users via pkg.
> It will need to receive the same treatment as GENERIC's freebsd-update
> patches.
> - Can we please get 6rd support in head? I understand these shims have
> lost a lot of interest/momentum but native IPv6 isn't coming soon for
> most people.
> - Glad to see pf patches flowing in: ipv6, checksum, vnet, etc. Thanks
> everyone!
>
>
> I will say I'm completely baffled by one thing though: the concept of
> having rtadvd in base, but no dhcpd in base. That doesn't make any sense
> to me. Shouldn't rtadvd be moved to ports?
>
>
>
> *For those curious, OpenBSD falls behind several seconds per minute and
> sometimes jumps hundreds behind. It's not a hardware issue as FreeBSD
> runs fine. Changing time counters in OpenBSD didn't work. This probably
> started around the time I upgraded to OpenBSD 5.6, but I'm not sure.
Mark
Were you running openntpd ? Also did you apply the most recent firmware for the apu ?
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list