
FreeBSD 11.1-Beta1 now available - vasili111
https://lists.freebsd.org/pipermail/freebsd-stable/2017-June/087242.html
======
Mister_Snuggles
From the release notes[0]:

> Support for NAT-T is now enabled by default. The IPSEC_NAT_T kernel
> configuration option has been removed. [r315514] (Sponsored by Yandex LLC)

All I can say is thank you! I use FreeBSD as, among other things, a VPN
server/client and having to recompile my kernel to support IPSec (in 10.3) or
to support NAT Traversal (in 11.0) has honestly been my biggest annoyance with
FreeBSD. This will make upgrades a LOT easier for me.

Once 11.1 is released, I'm upgrading all of my machines.

[0]
[https://www.freebsd.org/relnotes/11-STABLE/relnotes/article....](https://www.freebsd.org/relnotes/11-STABLE/relnotes/article.html#kernel-
config)

~~~
kchoudhu
Thank god.

I remember being so excited when 11.0 was released, until I found out that
that NAT-ing on the VPN interface wasn't possible without recompiling the
kernel.

~~~
i_feel_great
What is wrong with recompiling the kernel? Last time I used FreeBSD (also
NetBSD), all that it took was to edit some config file and call a shell
script. Has it changed from that?

~~~
kchoudhu
You can't use freebsd-update if you have to recompile your kernel, which in
turn makes it difficult to manage large fleets of servers without running your
own freebsd-update server.

~~~
Mister_Snuggles
This is my biggest issue. Updating is basically a case of install updates,
recompile kernel, reboot with fingers crossed. I'm scared to upgrade to a new
release because of this.

------
mrb
" _a freebsd user with a password of freebsd is available by default for
ssh(1) access._ "

And this is why we need security vulnerability scanners that check for default
credentials :-( Instead of telling people to change the password, they should
really enforce the change with a one-time script prompting the user on the
first login.

Edit: I know, only for arm/armv6, but still doesn't excuse the security
sloppiness.

~~~
rsync
That's only for the arm/armv6 images. The entire excerpt reads:

"Note regarding arm/armv6 images: For convenience for those without console
access to the system, a freebsd user with a password of freebsd is available
by default for ssh(1) access. Additionally, the root user password is set to
root. It is strongly recommended to change the password for both users after
gaining access to the system."

I feel that if you are installing FreeBSD on ARM devices your cluefulness is
quite high and this shouldn't impact you ...

~~~
mrb
" _this shouldn 't impact you_"

"should" is a word InfoSec professionals chuckle at.

------
walterbell
From 2013 on FreeNAS CTO, [https://www.wired.com/2013/08/jordan-
hubbard/](https://www.wired.com/2013/08/jordan-hubbard/)

 _"...Apple hired Jordan Hubbard, the creator of FreeBSD, a lesser known, but
still thriving, open source operating system based on UNIX. It was a better
fit: Mac OS X shares conceptual roots with Linux, but it shares honest-to-
goodness code with FreeBSD.

Hubbard left Apple last month to return to the world of open source UNIX,
taking the chief technology officer post at iXsystems, a company that offers
servers and other data center hardware that runs FreeBSD. Apple was quite an
education, and now, he wants to bring the "Apple approach" back to the open
source game."_

~~~
dchest
He is no longer with iXSystems. But how is this related to FreeBSD 11.1-BETA1?

~~~
walterbell
Was iXSystems a contributor to FreeBSD 11.1-BETA1?

------
gravypod
It's really cool to see support for hobbyist SBC boards making it upstream.
I've recently bought an Asus TinkerBoard (for Gigabit Ethernet, wifi, and
24bit ADC/DAC) and I hope a similar thing happens with this board.

It might be nice to update some of my old Pis I've setup to the more standard
kernels that are coming out now.

~~~
ianai
With how small a FreeBSD install can be it seems a good choice.

------
mozumder
Does it support TCP Fast Open by default yet?

