[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Fast IPSEC and hardware acceleration
From: Rene de Vries <rene () tunix ! nl>
Date: 2004-03-23 13:23:35
Message-ID: 49BB582A-7CCD-11D8-96C2-00039357FA7A () tunix ! nl
[Download RAW message or body]
Sam,
I've been testing with FAST_IPSEC w/ hifn/ubsec cards and I found
something which I think is a bug. Maybe you can shine some light on
this issue?
Configuration:
- D 4.7-RELEASE w/ IPSEC
- O 4.8-RELEASE w/ FAST_IPSEC + hifn (Soekris 1401)
- G 4.9-STABLE w/ FAST_IPSEC + ubsec (Broadcom SSL800)
(The 4.8 system could not be upgraded, therefor only the hifn driver
was ported back from 4.9-RELEASE.)
The IPsec setup uses racoon and has SPDs for transport esp between each
system (3des and sha1 are used as cipher and authentication).
Connections from D to O work with net.inet.ipsec.crypto_support=0 (or
-1/1).
Connections from D to G don't work with net.inet.ipsec.crypto_support=0
(or 1).
Connections from O to G don't work with net.inet.ipsec.crypto_support=0
(or 1).
Connections from D to G work with net.inet.ipsec.crypto_support=-1
Connections from O to G work with net.inet.ipsec.crypto_support=-1
So I concluded that the hardware encryption failed for 3des on ubsec...
Now for the weird part, if I use manual keys "TESTTESTTESTTESTTESTTEST"
everything seems to work just fine.
Please contact me if more information is needed.
Rene
--
René de Vries <rene@tunix.nl>
Tunix Internet Security & Training
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic