Date: Fri, 5 Oct 2007 14:30:30 +0100 From: "Bubble Reading" <bubblereading@gmail.com> To: "Stefan Esser" <se@freebsd.org>, freebsd-stable@freebsd.org Subject: Re: OpenSWAN equivalent on FreeBSD Message-ID: <a65132710710050630r4c7fe649n3b7b05ff4c81a1db@mail.gmail.com> In-Reply-To: <47063B2F.4080801@FreeBSD.org> References: <a65132710710050550w45e14cf4oe59923a318fc4d41@mail.gmail.com> <47063B2F.4080801@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Stefan. My aim is to: Set up IPSec on FreeBSD (Use Fast IPSec) - Run VPN tests for the different ciphers & modes - Run with OCF and a cryptosoft variant How do I do this ? Is there some documentation ? Regards, Bubble On 10/5/07, Stefan Esser <se@freebsd.org> wrote: > > Bubble Reading wrote: > > Hi, > > > > I am using FreeBSD v6.2. > > > > Ques 1: Is there Linux OpenSWAN equivalent Fast-IPSec implementation on > > FreeBSD ? > > Not sure that I understand your question correctly. The FAST_IPSEC > in FreeBSD-6.x supports hardware-crypto (it has been renamed to just > IPSEC in FreeBSD-7.x). OCF is a port of the BSD crypto framework to > Linux. > > > Ques 2: How do I use the userland application on FreeBSD to use > Fast-IPSec > > stack & OCF ? > > Configure the kernel with appropriate crypto devices configured. > > device crypto > device cryptodev > > The kernel and OpenSSL libraries (and thus all programs based on > them) automatically use HW crypto, provided a driver is configured > in the kernel and the hardware is present. Other software can be > taught to use the crypto device (as OCF is a port of the OpenBSD > and FreeBSD crypto framework, I'd assume that software written for > OCF should build and run under both BSDs, too). > > This works well with hardware crypto in the VIA C3 and newer and > with some add-on cards (Soekris). > > Regards, STefan > -- Regards, Bubble
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a65132710710050630r4c7fe649n3b7b05ff4c81a1db>