Hello George,
sorry for the late reply. I wasn't benchmarking/testing anything specific, i'm
just interested in FreeBSD for virtual networking (router, packet filter,
ipsec-gateway, etc.) since the addition of XENHVM and more recently IPSEC.
(Network) Benchmarking a virtual environment is a top
Two things you might do to help.
The first is just send out a list of what you are testing so we know.
The second is to contribute configs and the like to the netperf repo
https://github.com/gvnn3/netperf
We take pull requests :-)
Best,
George
On 3 Aug 2015, at 23:20, Sydney Meyer wrote:
Be
> On 04 Aug 2015, at 02:18, John-Mark Gurney wrote:
>
> Sydney Meyer wrote this message on Mon, Aug 03, 2015 at 01:15 +0200:
>> the revision i built included gnn's patches to setkey already.
>>
>> I have tried to setup a tunnel using strongswan with gcm as esp cipher mode,
>> but the connectio
Sydney Meyer wrote this message on Mon, Aug 03, 2015 at 01:15 +0200:
> the revision i built included gnn's patches to setkey already.
>
> I have tried to setup a tunnel using strongswan with gcm as esp cipher mode,
> but the connection fails with "algorithm AES_GCM_16 not supported by kernel"..
Besides strongswan (actually, i don't know of any other ike-daemon which
supports aes-gcm, apart from netbsd's racoon) connections with manually set up
policies indeed seem to work fine, host-host iperf stuff, nothing fancy yet.
Anyway, i will start playing around with this in some more scenario
This is being actively debugged and jmg@ and I have been testing a fix
that should
address this issue.
Best,
George
On 3 Aug 2015, at 0:15, Sydney Meyer wrote:
Hi John-Mark,
the revision i built included gnn's patches to setkey already.
I have tried to setup a tunnel using strongswan with
Hi John-Mark,
the revision i built included gnn's patches to setkey already.
I have tried to setup a tunnel using strongswan with gcm as esp cipher mode,
but the connection fails with "algorithm AES_GCM_16 not supported by kernel"..
Here's the full log output:
Aug 3 00:34:28 00[DMN] Starting
Sydney Meyer wrote this message on Sun, Aug 02, 2015 at 04:03 +0200:
> i have tried your patches from your ipsecgcm branch. The build completes,
> boots fine and indeed, dmesg shows "aesni0:
> on motherboard".
Yeh, these patches are more about getting IPsec to work w/ the modes
that aesni now s
Hi John-Mark,
i have tried your patches from your ipsecgcm branch. The build completes, boots
fine and indeed, dmesg shows "aesni0: on
motherboard".
I'm going to try out the new cipher modes tomorrow and will get back..
> On 01 Aug 2015, at 22:01, John-Mark Gurney wrote:
>
> Sydney Meyer wr
Sydney Meyer wrote this message on Wed, Jul 29, 2015 at 22:01 +0200:
> Same here, fixed running r286015. Thanks a bunch.
If you'd like to do some more testing, test the patches in:
https://github.com/jmgurney/freebsd/tree/ipsecgcm
These patches get GCM and CTR modes working as tested against Net
Same here, fixed running r286015. Thanks a bunch.
> On 29 Jul 2015, at 14:56, Alexandr Krivulya wrote:
>
> 29.07.2015 10:17, John-Mark Gurney пишет:
>> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300:
>>
>> [...]
>>
>>> With r285535 all works fine.
>> Sydney Meyer wro
29.07.2015 10:17, John-Mark Gurney пишет:
> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300:
>
> [...]
>
>> With r285535 all works fine.
> Sydney Meyer wrote this message on Mon, Jul 27, 2015 at 23:49 +0200:
>> I'm having the same problem with IPSec, running -current with r
Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300:
[...]
> With r285535 all works fine.
Sydney Meyer wrote this message on Mon, Jul 27, 2015 at 23:49 +0200:
>
> I'm having the same problem with IPSec, running -current with r285794.
>
> Don't know if this helps, but "nets
Hello,
I'm having the same problem with IPSec, running -current with r285794.
Don't know if this helps, but "netstat -s -p esp" shows packets dropped; bad
ilen.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/free
27.07.2015 10:23, Alexandr Krivulya пишет:
> 26.07.2015 21:39, George Neville-Neil пишет:
>>
>> On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote:
>>
>>> 25.07.2015 00:38, John-Mark Gurney пишет:
Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38
+0300:
> I have IPSEC t
26.07.2015 21:39, George Neville-Neil пишет:
>
>
> On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote:
>
>> 25.07.2015 00:38, John-Mark Gurney пишет:
>>> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38
>>> +0300:
I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I
On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote:
25.07.2015 00:38, John-Mark Gurney пишет:
Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38
+0300:
I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see
only
outgoing esp packets on ng interface:
This change i
25.07.2015 00:38, John-Mark Gurney пишет:
> Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300:
>> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only
>> outgoing esp packets on ng interface:
> This change is -stable, not -current, but the change reference
Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 +0300:
> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only
> outgoing esp packets on ng interface:
This change is -stable, not -current, but the change referenced below
is -current... Which one are you runnin
24.07.2015 15:13, Andrey V. Elsukov пишет:
> On 24.07.2015 15:10, Alexandr Krivulya wrote:
>> In that bug L2TP use IPSEC in transport mode, but in my scenario IPSEC
>> in tunnel mode inside L2TP. And it works fine prior to r285536.
> But r285536 didn't touch head's source. This is commit into stabl
On 24.07.2015 15:10, Alexandr Krivulya wrote:
> In that bug L2TP use IPSEC in transport mode, but in my scenario IPSEC
> in tunnel mode inside L2TP. And it works fine prior to r285536.
But r285536 didn't touch head's source. This is commit into stable/10.
So, it can't break something in 11.0-CURRE
24.07.2015 13:19, Andrey V. Elsukov пишет:
> On 23.07.2015 10:38, Alexandr Krivulya wrote:
>> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only
>> outgoing esp packets on ng interface:
> What FreeBSD version do you use?
> Please check https://bugs.freebsd.org/bugzilla/show_bu
On 23.07.2015 10:38, Alexandr Krivulya wrote:
> I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only
> outgoing esp packets on ng interface:
What FreeBSD version do you use?
Please check https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192774
and your security policies configu
I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see only
outgoing esp packets on ng interface:
root@thinkpad:/usr/src # tcpdump -i ng0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ng0, link-type NULL (BSD loopback), capture size 262144 byt
24 matches
Mail list logo
