Am Mon, 2 May 2011 11:15:57 -0500 schrieb John Jackson <open...@lacutt.com>:
> It's probably much more straightforward to run kvm-qemu instead of > XEN. Hm, I'll consider this alternative. Till now our "test-LAN" ran on VMware but for some reasons we want to get away from VMware. > OpenBSD works fine as a guest using kvm/kvm-qemu and a CPU which > supports hardware virtualization (egrep "svm|vmx" /proc/cpuinfo). This "egrep" isn't successful on my host but this might be due to the fact that it's an AMD-Opteron (Lisbon) and not a Intel-machine. After enabling virtualizing support in BIOS (+ enabling IOMMU) "/proc/cpuinfo" shows these flags: $ grep flags /proc/cpuinfo |head -1 flags : fpu de tsc msr pae mce cx8 apic mtrr mca cmov pat clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt lm 3dnowext 3dnow constant_tsc rep_good nonstop_tsc extd_apicid pni cx16 popcnt hypervisor lahf_lm cmp_legacy extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch nodeid_msr > I've successfully run IPSEC (iked and isakmpd both work), bridging and > various network services this way. I moved from IPSEC to SSL/OpenVPN some years ago because it's more robust against packet loss but in combination with routing protocols like OSPF OpenVPN seems to be a bad choice as it keeps the tunnel-interfaces AKA link-states always UP even if the tunnel is down. Is there a way IPSEC can handle link-state-protocols better? Regards, Tobias.
