From owner-freebsd-current@FreeBSD.ORG Sat Jan 26 14:58:38 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1306216A477 for ; Sat, 26 Jan 2008 14:58:38 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from outbound0.mx.meer.net (outbound0.mx.meer.net [209.157.153.23]) by mx1.freebsd.org (Postfix) with ESMTP id 0263113C45A for ; Sat, 26 Jan 2008 14:58:37 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from mail.meer.net (mail.meer.net [209.157.152.14]) by outbound0.mx.meer.net (8.12.10/8.12.6) with ESMTP id m0QEY57T082747; Sat, 26 Jan 2008 06:34:05 -0800 (PST) (envelope-from gnn@neville-neil.com) Received: from mail2.meer.net (mail2.meer.net [64.13.141.16]) by mail.meer.net (8.13.3/8.13.3/meer) with ESMTP id m0QEY4Yb052665; Sat, 26 Jan 2008 06:34:04 -0800 (PST) (envelope-from gnn@neville-neil.com) Received: from minion.local.neville-neil.com ([203.118.14.76]) (authenticated bits=0) by mail2.meer.net (8.14.1/8.14.1) with ESMTP id m0QEY28G065930; Sat, 26 Jan 2008 06:34:03 -0800 (PST) (envelope-from gnn@neville-neil.com) Date: Sat, 26 Jan 2008 22:33:59 +0800 Message-ID: From: gnn@freebsd.org To: Nenhum_de_Nos In-Reply-To: <4956a5e50801242020j41fea759v84720c62a246db63@mail.gmail.com> References: <012101c85cbe$3d93fef0$292d280a@friedman.net> <4795B6ED.8020902@beardz.net> <003901c85d02$96a78d60$292d280a@friedman.net> <4956a5e50801242019m37675b90t7fbbb72d4d917960@mail.gmail.com> <4956a5e50801242020j41fea759v84720c62a246db63@mail.gmail.com> User-Agent: Wanderlust/2.15.5 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.7 Emacs/22.1.50 (i386-apple-darwin8.10.1) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Cc: freebsd-current@freebsd.org Subject: Re: IPSEC on 7.0-PRERELEASE X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jan 2008 14:58:38 -0000 At Fri, 25 Jan 2008 01:20:08 -0300, Nenhum_de_Nos wrote: > > ---------- Forwarded message ---------- > From: Nenhum_de_Nos > Date: Jan 25, 2008 1:19 AM > Subject: Re: IPSEC on 7.0-PRERELEASE > To: "Dr. Aharon Friedman" > > > On Jan 22, 2008 11:25 AM, Dr. Aharon Friedman wrote: > > This looks like the solution. It did pass compile. I have not run it yet, > > but I am sure it will work. Here is the configuration part for IPSEC: > > > > > > > > options IPSEC #IP security (requires device crypto) > > > > options IPSEC_FILTERTUNNEL #filter ipsec packets from a > > tunnel > > > > device enc #IPsec interface > > > > device crypto # core crypto support > > > > device cryptodev # /dev/crypto for access to h/w > > > > > > > > Aharon > > I have a IPSec tunnel over gif ifaces and all ok. was I supposed to > change anything ? > Sorry to reply so late, I'm traveling at the moment. In 7.0 we have moved to a single IPsec stack, that stack requires the "device crypto" line whether you're using software or hardware cryptography. I think it's time for a documentation update but that will have to wait until I clear away some other $dayjob related work. If someone is up for updating our IPsec docs I'd be able to help with that, just not do it completely on my own. Best, George