FAST_IPSEC bug fix
Mike Tancsa
mike at sentex.net
Sun Apr 25 20:38:01 PDT 2004
At 11:23 PM 25/04/2004, Sam Leffler wrote:
> But there is no one to maintain and merge bugfixes into FAST_IPSEC
>>from KAME The KAME stack might be slower, but there is active
>>(relative to FAST_IPSEC) development.
>
>You said that because of a bug w/ the hifn card that you cannot/will not
>use FAST IPsec. I said that's not a reason to not use it, that even w/o
>hardware acceleration it's still faster than KAME.
Sorry, I meant to add that the old_sa issue killed it for us in conjunction
with the HiFn bug and the limitation of the newer Soekris cards to only 100
sites, we had to move back to KAME. We still have a number of remote
Soekris boxes deployed using FAST_IPSEC with our patches deployed and they
work well and will continue to use them as is.
>Unfortunately the policy is that I cannot MFC something w/o it first going
>in -current. I'll try to test the change under -current this week but if
>someone else could do it then a commit would happen sooner.
I *completely* understand and I really dont mean to seem to be complaining
or anything because I am certainly not. I was going to try and put
together a -current box later this week to try and test it so that I can at
least report back that it works.
---Mike
More information about the freebsd-hardware
mailing list