Date: Fri, 5 Oct 2007 14:30:30 +0100 From: "Bubble Reading" <bubblereading@gmail.com> To: "Stefan Esser" <se@freebsd.org>, freebsd-stable@freebsd.org Subject: Re: OpenSWAN equivalent on FreeBSD Message-ID: <a65132710710050630r4c7fe649n3b7b05ff4c81a1db@mail.gmail.com> In-Reply-To: <47063B2F.4080801@FreeBSD.org> References: <a65132710710050550w45e14cf4oe59923a318fc4d41@mail.gmail.com> <47063B2F.4080801@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Stefan.
My aim is to:
Set up IPSec on FreeBSD (Use Fast IPSec)
- Run VPN tests for the different ciphers & modes
- Run with OCF and a cryptosoft variant
How do I do this ? Is there some documentation ?
Regards,
Bubble
On 10/5/07, Stefan Esser <se@freebsd.org> wrote:
>
> Bubble Reading wrote:
> > Hi,
> >
> > I am using FreeBSD v6.2.
> >
> > Ques 1: Is there Linux OpenSWAN equivalent Fast-IPSec implementation on
> > FreeBSD ?
>
> Not sure that I understand your question correctly. The FAST_IPSEC
> in FreeBSD-6.x supports hardware-crypto (it has been renamed to just
> IPSEC in FreeBSD-7.x). OCF is a port of the BSD crypto framework to
> Linux.
>
> > Ques 2: How do I use the userland application on FreeBSD to use
> Fast-IPSec
> > stack & OCF ?
>
> Configure the kernel with appropriate crypto devices configured.
>
> device crypto
> device cryptodev
>
> The kernel and OpenSSL libraries (and thus all programs based on
> them) automatically use HW crypto, provided a driver is configured
> in the kernel and the hardware is present. Other software can be
> taught to use the crypto device (as OCF is a port of the OpenBSD
> and FreeBSD crypto framework, I'd assume that software written for
> OCF should build and run under both BSDs, too).
>
> This works well with hardware crypto in the VIA C3 and newer and
> with some add-on cards (Soekris).
>
> Regards, STefan
>
--
Regards,
Bubble
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a65132710710050630r4c7fe649n3b7b05ff4c81a1db>