Date: Wed, 6 Sep 2006 08:29:13 +0200 From: Adrian Steinmann <ast@webgroup.ch> To: freebsd-stable@freebsd.org Cc: mr@freebsd.org, pjd@freebsd.org Subject: FAST_IPSEC + device padlock + device crypto + IKE broken? Message-ID: <20060906062912.GA44900@webgroup.ch>
next in thread | raw e-mail | index | archive | help
In my kernel config, I have
options FAST_IPSEC
device padlock
device crypto
which enables the crypto acceleration in VIA C3 and C7 CPUs. IPSEC
with static rijndael-cbc keys of length 128, 192, and 256 makes use
of the acceleration when sysctl net.inet.ipsec.crypto_support=1;
- so far, so good.
Yet when I configure racoon from ipsec-tools, racoon2, or iked for
dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When
I set net.inet.ipsec.crypto_support=0 these same dynamic ike key
configurations work, albeit without HW crypto accelleration.
Has anyone else observed this and know what the problem is?
Adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060906062912.GA44900>