Date: Tue, 23 Mar 2004 14:23:35 +0100 From: Rene de Vries <rene@tunix.nl> To: Sam Leffler <sam@errno.com> Cc: hackers@freebsd.org Subject: Fast IPSEC and hardware acceleration Message-ID: <49BB582A-7CCD-11D8-96C2-00039357FA7A@tunix.nl>
next in thread | raw e-mail | index | archive | help
Sam, I've been testing with FAST_IPSEC w/ hifn/ubsec cards and I found=20 something which I think is a bug. Maybe you can shine some light on=20 this issue? Configuration: - D 4.7-RELEASE w/ IPSEC - O 4.8-RELEASE w/ FAST_IPSEC + hifn (Soekris 1401) - G 4.9-STABLE w/ FAST_IPSEC + ubsec (Broadcom SSL800) (The 4.8 system could not be upgraded, therefor only the hifn driver=20 was ported back from 4.9-RELEASE.) The IPsec setup uses racoon and has SPDs for transport esp between each=20= system (3des and sha1 are used as cipher and authentication). Connections from D to O work with net.inet.ipsec.crypto_support=3D0 (or=20= -1/1). Connections from D to G don't work with net.inet.ipsec.crypto_support=3D0=20= (or 1). Connections from O to G don't work with net.inet.ipsec.crypto_support=3D0=20= (or 1). Connections from D to G work with net.inet.ipsec.crypto_support=3D-1 Connections from O to G work with net.inet.ipsec.crypto_support=3D-1 So I concluded that the hardware encryption failed for 3des on ubsec... Now for the weird part, if I use manual keys "TESTTESTTESTTESTTESTTEST"=20= everything seems to work just fine. Please contact me if more information is needed. Rene --=20 Ren=E9 de Vries <rene@tunix.nl> Tunix Internet Security & Training=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49BB582A-7CCD-11D8-96C2-00039357FA7A>