Date: Wed, 6 Sep 2006 08:29:13 +0200 From: Adrian Steinmann <ast@webgroup.ch> To: freebsd-stable@freebsd.org Cc: mr@freebsd.org, pjd@freebsd.org Subject: FAST_IPSEC + device padlock + device crypto + IKE broken? Message-ID: <20060906062912.GA44900@webgroup.ch>
index | next in thread | raw e-mail
In my kernel config, I have
options FAST_IPSEC
device padlock
device crypto
which enables the crypto acceleration in VIA C3 and C7 CPUs. IPSEC
with static rijndael-cbc keys of length 128, 192, and 256 makes use
of the acceleration when sysctl net.inet.ipsec.crypto_support=1;
- so far, so good.
Yet when I configure racoon from ipsec-tools, racoon2, or iked for
dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When
I set net.inet.ipsec.crypto_support=0 these same dynamic ike key
configurations work, albeit without HW crypto accelleration.
Has anyone else observed this and know what the problem is?
Adrian
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060906062912.GA44900>