You're right.. strongswan fails/hangs with: initiating IKE_SA host-host[1] to 10.0.30.66 generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ] sending packet: from 10.0.30.114[500] to 10.0.30.66[500] (1148 bytes) received packet: from 10.0.30.66[500] to 10.0.30.114[500] (456 bytes) parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ] authentication of 'sun.strongswan.org' (myself) with pre-shared key establishing CHILD_SA host-host generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] sending packet: from 10.0.30.114[4500] to 10.0.30.66[4500] (444 bytes) retransmit 1 of request with message ID 1 sending packet: from 10.0.30.114[4500] to 10.0.30.66[4500] (444 bytes) retransmit 2 of request with message ID 1 sending packet: from 10.0.30.114[4500] to 10.0.30.66[4500] (444 bytes) ..
S. > On Apr 24, 2015, at 03:00, Andrey V. Elsukov <a...@freebsd.org> wrote: > > On 24.04.2015 03:55, Sydney Meyer wrote: >> Andrey, >> >> with your patch applied the performance drop while using the >> IPSEC-enabled kernel without doing actual IPSec traffic seems to be >> gone. >> >> I haven't tested IPSec itself yet, as i had to start from scratch >> with new VM's but i will set up a IPSec connection and report back. > > Thank you. But I think something will not work if you try it with IPSec. > Probably if you use some IKE software, it will not work with this patch. > > -- > WBR, Andrey V. Elsukov _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
