[Bug 274007] IPSec asymmetric crypto broken

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274007

--- Comment #2 from Timothy Pearson <tpearson@raptorengineering.com> ---
(In reply to Zhenlei Huang from comment #1)

What would you like to know in particular?

The hardware is fairly straightforward on both test boxes, we are using Opteron
CPUs with igb Ethernet cards and the aforementioned Intel X520 card.  Each of
the X520 cards in each box are directly connected together, with the IPsec link
running across them, and plain-text packets are being forwarded from the igb
interfaces across the tunnel in both directions.

On the Strongswan / IPSec side, the P2 tunnel is established in AES256-GCM mode
with no hashing using the in-kernel AES-NI acceleration.

This setup works perfectly as long as async_crypto=0, as soon as async_crypto
is set to 1 on the FreeBSD 13 system packets start being dropped as they
transit the IPSec tunnel.  Setting async_crypto back to 0 immediately stops the
packet loss. 
 Reverting to FreeBSD 11 with otherwise the same setup completely "resolves"
the issue, but that is obviously not a viable solution.

-- 
You are receiving this mail because:
You are the assignee for the bug.