IPSEC on 7.0-PRERELEASE
gnn at freebsd.org
gnn at freebsd.org
Sat Jan 26 06:58:38 PST 2008
At Fri, 25 Jan 2008 01:20:08 -0300,
Nenhum_de_Nos wrote:
>
> ---------- Forwarded message ----------
> From: Nenhum_de_Nos <matheusber at gmail.com>
> Date: Jan 25, 2008 1:19 AM
> Subject: Re: IPSEC on 7.0-PRERELEASE
> To: "Dr. Aharon Friedman" <AFriedman at drsns.com>
>
>
> On Jan 22, 2008 11:25 AM, Dr. Aharon Friedman <AFriedman at drsns.com> wrote:
> > This looks like the solution. It did pass compile. I have not run it yet,
> > but I am sure it will work. Here is the configuration part for IPSEC:
> >
> >
> >
> > options IPSEC #IP security (requires device crypto)
> >
> > options IPSEC_FILTERTUNNEL #filter ipsec packets from a
> > tunnel
> >
> > device enc #IPsec interface
> >
> > device crypto # core crypto support
> >
> > device cryptodev # /dev/crypto for access to h/w
> >
> >
> >
> > Aharon
>
> I have a IPSec tunnel over gif ifaces and all ok. was I supposed to
> change anything ?
>
Sorry to reply so late, I'm traveling at the moment. In 7.0 we have
moved to a single IPsec stack, that stack requires the "device crypto"
line whether you're using software or hardware cryptography. I think
it's time for a documentation update but that will have to wait until
I clear away some other $dayjob related work. If someone is up for
updating our IPsec docs I'd be able to help with that, just not do it
completely on my own.
Best,
George
More information about the freebsd-current
mailing list