Date: Tue, 23 Mar 2004 14:23:35 +0100 From: Rene de Vries <rene@tunix.nl> To: Sam Leffler <sam@errno.com> Cc: hackers@freebsd.org Subject: Fast IPSEC and hardware acceleration Message-ID: <49BB582A-7CCD-11D8-96C2-00039357FA7A@tunix.nl>
next in thread | raw e-mail | index | archive | help
Sam, I've been testing with FAST_IPSEC w/ hifn/ubsec cards and I found something which I think is a bug. Maybe you can shine some light on this issue? Configuration: - D 4.7-RELEASE w/ IPSEC - O 4.8-RELEASE w/ FAST_IPSEC + hifn (Soekris 1401) - G 4.9-STABLE w/ FAST_IPSEC + ubsec (Broadcom SSL800) (The 4.8 system could not be upgraded, therefor only the hifn driver was ported back from 4.9-RELEASE.) The IPsec setup uses racoon and has SPDs for transport esp between each system (3des and sha1 are used as cipher and authentication). Connections from D to O work with net.inet.ipsec.crypto_support=0 (or -1/1). Connections from D to G don't work with net.inet.ipsec.crypto_support=0 (or 1). Connections from O to G don't work with net.inet.ipsec.crypto_support=0 (or 1). Connections from D to G work with net.inet.ipsec.crypto_support=-1 Connections from O to G work with net.inet.ipsec.crypto_support=-1 So I concluded that the hardware encryption failed for 3des on ubsec... Now for the weird part, if I use manual keys "TESTTESTTESTTESTTESTTEST" everything seems to work just fine. Please contact me if more information is needed. Rene -- René de Vries <rene@tunix.nl> Tunix Internet Security & Training
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49BB582A-7CCD-11D8-96C2-00039357FA7A>