OpenSWAN equivalent on FreeBSD
Bubble Reading
bubblereading at gmail.com
Fri Oct 5 06:30:31 PDT 2007
Thanks Stefan.
My aim is to:
Set up IPSec on FreeBSD (Use Fast IPSec)
- Run VPN tests for the different ciphers & modes
- Run with OCF and a cryptosoft variant
How do I do this ? Is there some documentation ?
Regards,
Bubble
On 10/5/07, Stefan Esser <se at freebsd.org> wrote:
>
> Bubble Reading wrote:
> > Hi,
> >
> > I am using FreeBSD v6.2.
> >
> > Ques 1: Is there Linux OpenSWAN equivalent Fast-IPSec implementation on
> > FreeBSD ?
>
> Not sure that I understand your question correctly. The FAST_IPSEC
> in FreeBSD-6.x supports hardware-crypto (it has been renamed to just
> IPSEC in FreeBSD-7.x). OCF is a port of the BSD crypto framework to
> Linux.
>
> > Ques 2: How do I use the userland application on FreeBSD to use
> Fast-IPSec
> > stack & OCF ?
>
> Configure the kernel with appropriate crypto devices configured.
>
> device crypto
> device cryptodev
>
> The kernel and OpenSSL libraries (and thus all programs based on
> them) automatically use HW crypto, provided a driver is configured
> in the kernel and the hardware is present. Other software can be
> taught to use the crypto device (as OCF is a port of the OpenBSD
> and FreeBSD crypto framework, I'd assume that software written for
> OCF should build and run under both BSDs, too).
>
> This works well with hardware crypto in the VIA C3 and newer and
> with some add-on cards (Soekris).
>
> Regards, STefan
>
--
Regards,
Bubble
More information about the freebsd-stable
mailing list