Michael VInce mv at
Mon Sep 12 04:35:25 PDT 2005

Bjoern A. Zeeb wrote:

>On Mon, 12 Sep 2005, Kris Kennaway wrote:
>>On Mon, Sep 12, 2005 at 11:56:58AM +1000, Michael VInce wrote:
>>>Hi guys,
>>>I am getting a Intel Xeon based EMT64 server as a gateway that may in
>>>the future do some VPN,
>>>I wondered if the EMT64 servers could run FAST_IPSEC under AMD64 FreeBSD.
>>>With these options below compiled into the kernel I was able to boot
>>>FreeBSD with no panics if I booted into single user mode and then just
>>>did 'exit'  to go back to regular boot, otherwise it would panic as if
>>>it was an AMD64 CPU.
>>You forgot to include details of the panic.
>That would be really good to know.
>Then we'd finally know more than was given in

Sorry instead of getting a core dump I grabbed a FreeBSD AMD64 beta4 6.0 
ISO and put it on this server.
But I do have some good news in what I found.
Recompiled FAST_IPSEC into the kernel and rebooted it, it came up fine..
So then put in some ipsec security policies into /etc/ipsec.conf
and ran /etc/rc.d/ipsec start
and it ran fine.
I then installed ipsec-tools and loaded up the racoon daemon this also 
triggers a panic on my FreeBSD AMD64 6.0 laptop with out FAST_IPSEC 
being compiled into the kernel and its loaded up fine.
This looks all completely solid. I haven't been able to panic the server 
with a full VPN configuration activated.
The only thing I haven't done is tested if the IPSEC VPN actually can work.

This is no mistake this is AMD64 kernel FreeBSD with FAST_IPSEC I just 
cheated using the Intel EMT64


beast# /sbin/sysctl -a | grep ipsec
  ipsecpolicy    16     4K       -      520  256
 ipsecrequest     2     1K       -        4  256
    ipsec-reg     3     1K       -       24  32
net.inet.ipsec.def_policy: 1
net.inet.ipsec.esp_trans_deflev: 1
net.inet.ipsec.esp_net_deflev: 1
net.inet.ipsec.ah_trans_deflev: 1
net.inet.ipsec.ah_net_deflev: 1
net.inet.ipsec.ah_cleartos: 1
net.inet.ipsec.ah_offsetmask: 0
net.inet.ipsec.dfbit: 0
net.inet.ipsec.ecn: 0
net.inet.ipsec.debug: 0
net.inet.ipsec.esp_randpad: -1
net.inet.ipsec.crypto_support: 0
net.inet6.ipsec6.def_policy: 1
net.inet6.ipsec6.esp_trans_deflev: 1
net.inet6.ipsec6.esp_net_deflev: 1
net.inet6.ipsec6.ah_trans_deflev: 1
net.inet6.ipsec6.ah_net_deflev: 1
net.inet6.ipsec6.ecn: 0
net.inet6.ipsec6.debug: 0
net.inet6.ipsec6.esp_randpad: -1
beast# uname -a
FreeBSD beast 6.0-BETA4 FreeBSD 6.0-BETA4 #0: Mon Sep 12 20:40:05 UTC 
2005     root at beast:/usr/obj/usr/src/sys/GENERIC_IPSEC  amd64

More information about the freebsd-amd64 mailing list