FAST_IPSEC + device padlock + device crypto + IKE broken?
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Sep 5 23:36:40 PDT 2006
On Wed, Sep 06, 2006 at 08:29:13AM +0200, Adrian Steinmann wrote:
> In my kernel config, I have
>
> options FAST_IPSEC
> device padlock
> device crypto
>
> which enables the crypto acceleration in VIA C3 and C7 CPUs. IPSEC
> with static rijndael-cbc keys of length 128, 192, and 256 makes use
> of the acceleration when sysctl net.inet.ipsec.crypto_support=1;
> - so far, so good.
>
> Yet when I configure racoon from ipsec-tools, racoon2, or iked for
> dynamic keying, I get a "PFKEYv2 UPDATE" (or similar) failure. When
> I set net.inet.ipsec.crypto_support=0 these same dynamic ike key
> configurations work, albeit without HW crypto accelleration.
>
> Has anyone else observed this and know what the problem is?
Is this after my recent padlock(4) update in RELENG_6?
--
Pawel Jakub Dawidek http://www.wheel.pl
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060906/5c75a40b/attachment.pgp
More information about the freebsd-stable
mailing list