Subject: IPSEC anyone?
To: None <current-users@NetBSD.ORG>
From: Chris Gabe <chris@visgen.com>
List: current-users
Date: 03/14/1998 19:00:33
Anyone out there try out the Jan 98 version of NRL IPv6 + IPSEC on top of 1.3?
I have, and it's on the verge of working, but I'm having a hard time figuring 
out the new "key" interface.  Anyone have any hints where I might get a 
smidgen of early documentation on it?  Ie PFKEYV2 database interface.

They disabled ipfilter too.  Anyone working on porting ipfilter into 
that framework?

As far as I can guess, I've loaded up keys so that two of my systems should 
communicate if encryption/authorization is specified in the route.
But, it's refusing to transfer based on different bucket contents so 
I've set up kesy wrong (probably), or not built the kernel right (it's 
actually getting there and refusing, so I think not).  Sometimes it just 
sets up a normal route too, even though I specify -tunnel -auth -encrypt.
I'd like to know why that is.
I infer that from the netstat output, which has either 1029 or a very large
number in the "Use" column, and ping, which works when it's 1029, and 
hangs when it's the other number, along with kernel messages about the
bucket contents problem.