OpenSolaris

1. Community: OS/Net (ON)
   1. Blogs
   2. Development Process
   3. Developer's Reference
      1. Introduction
      2. Prerequisites
      3. The Source Tree, part 1
      4. The Source Tree, part 2
      5. Building OpenSolaris
      6. Installing and Testing OpenSolaris
      7. Integration Procedure
      8. Best Practices and Requirements
      9. Glossary
   4. Discussions
   5. Installation (from source) Quickstart
      1. Annotated nightly(1) Mail Example
   6. Currently Known Issues
   7. CRT
      1. Advocates & Sponsors
      2. Becoming a CRT Advocate
      3. Charter
      4. RTI nits to avoid
      5. Sponsor Tasks
      6. Becoming a Sponsor
   8. Schedule
   9. ONNV Flag Days, Heads Ups, and Project Integration History
      1. All
      2. Builds 91-95
      3. Builds 86-90
      4. Builds 81-85
      5. Builds 76-80
      6. Builds 71-75
      7. Builds 66-70
      8. Builds 61-65
      9. Builds 56-60
      10. Builds 51-55
      11. Builds 46-50
      12. Builds 41-45
      13. Builds 36-40
      14. Builds 31-35
      15. Builds 26-30
      16. Builds 21-25
   10. Leaders
   11. Observers
   12. Putback Logs
   13. Developing Solaris
       1. Quality Death Spiral
   14. wx
   15. findunref and unreferenced files
   16. Bourne/Korn Shell Coding Conventions

FLAG DAY for IPsec and Punchin users - IPsec/SMF (PSARC 2007/200)

Date: Mon, 14 May 2007 23:08:52 -0700 (PDT)
From: Mark Fenwick <markfen at jurassic-x4600 dot sfbay dot sun dot com>
To: 
Subject: FLAG DAY for IPsec and Punchin users - IPsec/SMF (PSARC 2007/200)

To: onnv-gate at onnv dot sfbay dot sun dot com, on-all at sun dot com
Cc: ipsec-punchin-announce at sun dot com
In-Reply-To: "Your message with ID" <Roam.SIMC.2.0.6.1178758434.21255.markfen at jurassic dot sfbay dot Sun dot Com>
Message-ID: <Roam.SIMC.2.0.6.1179209332.15921.markfen at jurassic-x4600 dot sfbay dot Sun dot Com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII



**** Users of Punchin on Solaris Nevada please read the whole message *****

Gatelings,

The following putback introduces a dedicated set of smf(5) services for IPsec:

PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) service

The new sevices are:

svc:/network/ipsec/policy:default
svc:/network/ipsec/ipsecalgs:default
svc:/network/ipsec/manual-key:default
svc:/network/ipsec/ike:default

These services can be manipulated with svcadm(1M). The configuration files
used by the underlying commands have not changed, if you use have IPsec configured now, everything should keep working as before. Live upgrade and bfu do the right things on upgrade.

Note that BFU-ing a system backwards from a build with these new services
may require manual intervention to disable the service.

Punchin users:

Before BFU-ing or upgrading to onv_65 you need to upgrade your punchin
client package. The package is available here:

http://atlantic.east.sun.com/ipsec/projects/punchin/beta/index.shtml

You need to install version 2.0.13 of the punchin client.

The OPG/ITops packages need to be at version 1.1.5, you can upgrade to version
1.1.6 but there is no requirement to do this.

If you forget, you can still punchin with an older package by doing:

cp /etc/inet/ike/config.punchin /etc/inet/ike/config

You should install the new package and remove /etc/inet/ike/config
as soon as possible if you use this workaround.

Thanks!

Mark


----------------------------------------------------------------------------
  Mark Fenwick, Solaris Security Technologies.
  TEL: +1 (650) 786 2733 (X82733)                     __o
  Sun Microsystems Inc, Menlo Park, California.      `\<,_
                                                   (*)/ (*)
----------------------------------------------------------------------------