Date: Mon, 03 Dec 2007 16:29:22 -0500 From: Michael Proto <mike@jellydonut.org> To: Dewayne Geraghty <phil@amdg.etowns.org> Cc: freebsd-stable@freebsd.org Subject: Re: IPSEC + Via Padlock + racoon + Windows Message-ID: <47547532.3040505@jellydonut.org> In-Reply-To: <00c401c835f1$7c6a2260$0105000a@black> References: <45B7689C.2060209@vwsoft.com> <023801c83548$aac34320$0205000a@white> <47541532.7010300@jellydonut.org> <00c401c835f1$7c6a2260$0105000a@black>
next in thread | previous in thread | raw e-mail | index | archive | help
Dewayne Geraghty wrote: > My apologies for the confusion, yes, the C7 only helps with AES. > > The configuration detail is: between branch offices I use FreeBSD ipsec > (AES), and within the branches Windows boxes access the firewall boxes. The > "firewalls" run samba inside a jail. Due to sensitive information (see your > local Privacy legislation), we also need to encrypt the information between > samba jail and the PC-WXP devices. Hence the need to use ipsec-AES on the > WAN and ipsec-3des on the LAN (as 3des is the best option selectable for > WXP). > > Regards, Dewayne. > Just out of curiosity, what happens if you set net.inet.ipsec.crypto_support = -1 when using 3DES in your testing? Does the firewall work then? -Proto
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47547532.3040505>