Date: Fri, 22 Sep 2023 16:56:53 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 274007] IPSec asymmetric crypto broken Message-ID: <bug-274007-7501-6iAeUoDXMY@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-274007-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-274007-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274007 --- Comment #2 from Timothy Pearson <tpearson@raptorengineering.com> --- (In reply to Zhenlei Huang from comment #1) What would you like to know in particular? The hardware is fairly straightforward on both test boxes, we are using Opt= eron CPUs with igb Ethernet cards and the aforementioned Intel X520 card. Each = of the X520 cards in each box are directly connected together, with the IPsec = link running across them, and plain-text packets are being forwarded from the igb interfaces across the tunnel in both directions. On the Strongswan / IPSec side, the P2 tunnel is established in AES256-GCM = mode with no hashing using the in-kernel AES-NI acceleration. This setup works perfectly as long as async_crypto=3D0, as soon as async_cr= ypto is set to 1 on the FreeBSD 13 system packets start being dropped as they transit the IPSec tunnel. Setting async_crypto back to 0 immediately stops= the packet loss.=20 Reverting to FreeBSD 11 with otherwise the same setup completely "resolves" the issue, but that is obviously not a viable solution. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274007-7501-6iAeUoDXMY>