From owner-freebsd-stable@FreeBSD.ORG Fri Oct 5 13:30:31 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6CDF616A474 for ; Fri, 5 Oct 2007 13:30:31 +0000 (UTC) (envelope-from bubblereading@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by mx1.freebsd.org (Postfix) with ESMTP id 1036913C478 for ; Fri, 5 Oct 2007 13:30:30 +0000 (UTC) (envelope-from bubblereading@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so95445anc for ; Fri, 05 Oct 2007 06:30:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=8CvsL3Aj8rbqv8dsBp9Wftt57Nrv2Rg9bp5w491WQcs=; b=VWKCO+Wr2qGpNLrdZlcamDw4+V/+/SjvJU85plhHEPJgy/7hTfo60zVVsj3amtP7y9/EwjGR3uh2DXvfCiXPKTr3cwsZ1sYewwKq9HGJLS3l6QPXonqdqsBNY5y/ywmeZiFPuxk8lMm42JsmBocrm5kKvocWDfNLOf9cYi6kg7c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=msdgSz7VCjjSzfrOj3k3zeWakXJBEx36mEXBfCF1vzasaxUqEetuAfRIWKSRUUxrXljSAzUYEhMguYhbTd5VIvwjFOIavbqbWhO+TnO8UO+ZVJSGf/5WP3fn1ifWjNeXl3wLn/eWt9wKXYiGkfENqZPRg3ycF+9Fa75FVF/B+AI= Received: by 10.150.11.6 with SMTP id 6mr531900ybk.1191591030340; Fri, 05 Oct 2007 06:30:30 -0700 (PDT) Received: by 10.90.99.9 with HTTP; Fri, 5 Oct 2007 06:30:30 -0700 (PDT) Message-ID: Date: Fri, 5 Oct 2007 14:30:30 +0100 From: "Bubble Reading" To: "Stefan Esser" , freebsd-stable@freebsd.org In-Reply-To: <47063B2F.4080801@FreeBSD.org> MIME-Version: 1.0 References: <47063B2F.4080801@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: OpenSWAN equivalent on FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2007 13:30:31 -0000 Thanks Stefan. My aim is to: Set up IPSec on FreeBSD (Use Fast IPSec) - Run VPN tests for the different ciphers & modes - Run with OCF and a cryptosoft variant How do I do this ? Is there some documentation ? Regards, Bubble On 10/5/07, Stefan Esser wrote: > > Bubble Reading wrote: > > Hi, > > > > I am using FreeBSD v6.2. > > > > Ques 1: Is there Linux OpenSWAN equivalent Fast-IPSec implementation on > > FreeBSD ? > > Not sure that I understand your question correctly. The FAST_IPSEC > in FreeBSD-6.x supports hardware-crypto (it has been renamed to just > IPSEC in FreeBSD-7.x). OCF is a port of the BSD crypto framework to > Linux. > > > Ques 2: How do I use the userland application on FreeBSD to use > Fast-IPSec > > stack & OCF ? > > Configure the kernel with appropriate crypto devices configured. > > device crypto > device cryptodev > > The kernel and OpenSSL libraries (and thus all programs based on > them) automatically use HW crypto, provided a driver is configured > in the kernel and the hardware is present. Other software can be > taught to use the crypto device (as OCF is a port of the OpenBSD > and FreeBSD crypto framework, I'd assume that software written for > OCF should build and run under both BSDs, too). > > This works well with hardware crypto in the VIA C3 and newer and > with some add-on cards (Soekris). > > Regards, STefan > -- Regards, Bubble