Date: Mon, 12 Sep 2005 21:35:11 +1000 From: Michael VInce <mv@roq.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-amd64@FreeBSD.org, Kris Kennaway <kris@obsecurity.org> Subject: Re: FAST_IPSEC on EMT64 / AMD64 Message-ID: <432567EF.2060800@roq.com> In-Reply-To: <Pine.BSF.4.53.0509120718260.46635@e0-0.zab2.int.zabbadoz.net> References: <4324E06A.4090400@roq.com> <20050912054858.GA28647@xor.obsecurity.org> <Pine.BSF.4.53.0509120718260.46635@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bjoern A. Zeeb wrote: >On Mon, 12 Sep 2005, Kris Kennaway wrote: > > > >>On Mon, Sep 12, 2005 at 11:56:58AM +1000, Michael VInce wrote: >> >> >>>Hi guys, >>>I am getting a Intel Xeon based EMT64 server as a gateway that may in >>>the future do some VPN, >>>I wondered if the EMT64 servers could run FAST_IPSEC under AMD64 FreeBSD. >>>With these options below compiled into the kernel I was able to boot >>>FreeBSD with no panics if I booted into single user mode and then just >>>did 'exit' to go back to regular boot, otherwise it would panic as if >>>it was an AMD64 CPU. >>> >>> >>You forgot to include details of the panic. >> >> > >That would be really good to know. > >Then we'd finally know more than was given in >http://www.freebsd.org/cgi/query-pr.cgi?pr=amd64/73211 > > Sorry instead of getting a core dump I grabbed a FreeBSD AMD64 beta4 6.0 ISO and put it on this server. But I do have some good news in what I found. Recompiled FAST_IPSEC into the kernel and rebooted it, it came up fine.. So then put in some ipsec security policies into /etc/ipsec.conf ipsec_enable="YES" and ran /etc/rc.d/ipsec start and it ran fine. I then installed ipsec-tools and loaded up the racoon daemon this also triggers a panic on my FreeBSD AMD64 6.0 laptop with out FAST_IPSEC being compiled into the kernel and its loaded up fine. This looks all completely solid. I haven't been able to panic the server with a full VPN configuration activated. The only thing I haven't done is tested if the IPSEC VPN actually can work. This is no mistake this is AMD64 kernel FreeBSD with FAST_IPSEC I just cheated using the Intel EMT64 Regards, Mike beast# /sbin/sysctl -a | grep ipsec ipsecpolicy 16 4K - 520 256 ipsecrequest 2 1K - 4 256 ipsec-reg 3 1K - 24 32 net.inet.ipsec.def_policy: 1 net.inet.ipsec.esp_trans_deflev: 1 net.inet.ipsec.esp_net_deflev: 1 net.inet.ipsec.ah_trans_deflev: 1 net.inet.ipsec.ah_net_deflev: 1 net.inet.ipsec.ah_cleartos: 1 net.inet.ipsec.ah_offsetmask: 0 net.inet.ipsec.dfbit: 0 net.inet.ipsec.ecn: 0 net.inet.ipsec.debug: 0 net.inet.ipsec.esp_randpad: -1 net.inet.ipsec.crypto_support: 0 net.inet6.ipsec6.def_policy: 1 net.inet6.ipsec6.esp_trans_deflev: 1 net.inet6.ipsec6.esp_net_deflev: 1 net.inet6.ipsec6.ah_trans_deflev: 1 net.inet6.ipsec6.ah_net_deflev: 1 net.inet6.ipsec6.ecn: 0 net.inet6.ipsec6.debug: 0 net.inet6.ipsec6.esp_randpad: -1 beast# uname -a FreeBSD beast 6.0-BETA4 FreeBSD 6.0-BETA4 #0: Mon Sep 12 20:40:05 UTC 2005 root@beast:/usr/obj/usr/src/sys/GENERIC_IPSEC amd64
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?432567EF.2060800>