From owner-freebsd-net Fri Jul 7 9:10:43 2000 Delivered-To: freebsd-net@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id B1A9037BE30 for ; Fri, 7 Jul 2000 09:10:36 -0700 (PDT) (envelope-from louie@whizzo.transsys.com) Received: from whizzo.transsys.com (localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.9.3/8.9.1) with ESMTP id MAA92715; Fri, 7 Jul 2000 12:10:32 -0400 (EDT) (envelope-from louie@whizzo.transsys.com) Message-Id: <200007071610.MAA92715@whizzo.transsys.com> X-Mailer: exmh version 2.1.1 10/15/1999 To: Len Conrad Cc: freebsd-net@FreeBSD.ORG X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: KAME stable 20000704 References: <4.3.2.7.2.20000707162836.03d4ead0@mail.Go2France.com> In-reply-to: Your message of "Fri, 07 Jul 2000 16:45:50 +0200." <4.3.2.7.2.20000707162836.03d4ead0@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 07 Jul 2000 12:10:32 -0400 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org There's no current support in KAME or OpenSSL for hardware encryption acceleration. The OpenBSD guys have support for a Hi/fn 7751-based board (see http://www.powercrypt.com which is reasonably priced.) It's supported for use in their IPSEC stack only at this point. I've got a couple of these boards that I'm playing with in my spare time. Currently, I'm learning the wonders of newbus to figure out how to port the OpenBSD driver. The powercrypt board is available with FreeBSD drivers (including for 4.0 and 5.0-current) which exports a user-mode interface for fairly "raw" access to the hardware. You might be able to use that interface to speed-up SSL operations. The Hi/fn board can support probably a couple hundred crypto contexts simultanously, if I recall correctly. That number drops quite a bit if you want to perform compression because the compression contexts are quite a bit larger. louie > Hi > > Are there any hardware-encryption boards for KAME or OpenSSL? > > We've been talking to some large accounts that have evaluated variouis VPN > solutions and had concluded that software-only VPN's just can't keep up > with large number of simultaneous tunnels. They told us some Cisco box > with hardware-encryption had the best comfort level. > > Len > > ===================== > > >As usual, KAME Project has released "stable" packages of IPv6/IPsec > >network code for the following BSD variants. > > > >--- > >bsdi3 BSDI BSD/OS http://www.bsdi.com/ > > kernel: BSD/OS 3.1 patchlevel 0 > > userland: BSD/OS 3.0 patchlevel 0 > > include: BSD/OS 3.0 patchlevel 0 + ISC BIND 4.9.7 > >bsdi4 BSDI BSD/OS 4.1 patchlevel 0 http://www.bsdi.com/ > >freebsd2 FreeBSD 2.2.8-RELEASE http://www.freebsd.org/ > >freebsd3 FreeBSD 3.4-RELEASE http://www.freebsd.org/ > >netbsd NetBSD 1.4.2 http://www.netbsd.org/ > >openbsd OpenBSD 2.7 http://www.openbsd.org/ > >--- > > > >Note: {Free,Net,Open}BSD-current have already merged the KAME source > >code, from *past* versions of KAME codebase. For differences between > >KAME kits and *BSD tree, please visit: > > http://www.kame.net/project-overview.html#release > > http://www.kame.net/dev/cvsweb.cgi/kame/COVERAGE > > > >They are free of charge but absolutely no warranty. They are avaiable > >from the following web site: > > > > http://www.kame.net/ > > > >To know the changes from the previous stable package, please refer to > >the CHANGELOG/RELNOTES file. > > > >--KAME Project > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-net" in the body of the message > > Len > http://BIND8NT.MEIway.com: ISC BIND 8 installable binary for NT4 > http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message