FAST_IPSEC on EMT64 / AMD64
mv at roq.com
Mon Sep 12 04:35:25 PDT 2005
Bjoern A. Zeeb wrote:
>On Mon, 12 Sep 2005, Kris Kennaway wrote:
>>On Mon, Sep 12, 2005 at 11:56:58AM +1000, Michael VInce wrote:
>>>I am getting a Intel Xeon based EMT64 server as a gateway that may in
>>>the future do some VPN,
>>>I wondered if the EMT64 servers could run FAST_IPSEC under AMD64 FreeBSD.
>>>With these options below compiled into the kernel I was able to boot
>>>FreeBSD with no panics if I booted into single user mode and then just
>>>did 'exit' to go back to regular boot, otherwise it would panic as if
>>>it was an AMD64 CPU.
>>You forgot to include details of the panic.
>That would be really good to know.
>Then we'd finally know more than was given in
Sorry instead of getting a core dump I grabbed a FreeBSD AMD64 beta4 6.0
ISO and put it on this server.
But I do have some good news in what I found.
Recompiled FAST_IPSEC into the kernel and rebooted it, it came up fine..
So then put in some ipsec security policies into /etc/ipsec.conf
and ran /etc/rc.d/ipsec start
and it ran fine.
I then installed ipsec-tools and loaded up the racoon daemon this also
triggers a panic on my FreeBSD AMD64 6.0 laptop with out FAST_IPSEC
being compiled into the kernel and its loaded up fine.
This looks all completely solid. I haven't been able to panic the server
with a full VPN configuration activated.
The only thing I haven't done is tested if the IPSEC VPN actually can work.
This is no mistake this is AMD64 kernel FreeBSD with FAST_IPSEC I just
cheated using the Intel EMT64
beast# /sbin/sysctl -a | grep ipsec
ipsecpolicy 16 4K - 520 256
ipsecrequest 2 1K - 4 256
ipsec-reg 3 1K - 24 32
beast# uname -a
FreeBSD beast 6.0-BETA4 FreeBSD 6.0-BETA4 #0: Mon Sep 12 20:40:05 UTC
2005 root at beast:/usr/obj/usr/src/sys/GENERIC_IPSEC amd64
More information about the freebsd-amd64