On Mon, May 2, 2011 at 7:40 PM, Tobias Crefeld <t...@cataneo.eu> wrote: > Am Mon, 2 May 2011 11:15:57 -0500 > schrieb John Jackson <open...@lacutt.com>: > >> It's probably much more straightforward to run kvm-qemu instead of >> XEN. > > Hm, I'll consider this alternative. Till now our "test-LAN" ran on > VMware but for some reasons we want to get away from VMware. > > >> OpenBSD works fine as a guest using kvm/kvm-qemu and a CPU which >> supports hardware virtualization (egrep "svm|vmx" /proc/cpuinfo). > > This "egrep" isn't successful on my host but this might be due to the > fact that it's an AMD-Opteron (Lisbon) and not a Intel-machine. After > enabling virtualizing support in BIOS (+ enabling IOMMU) > "/proc/cpuinfo" shows these flags: > > $ grep flags /proc/cpuinfo |head -1 > flags B B B B B : fpu de tsc msr pae mce cx8 apic mtrr mca cmov pat clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt lm 3dnowext 3dnow constant_tsc rep_good nonstop_tsc extd_apicid pni cx16 popcnt hypervisor lahf_lm cmp_legacy extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch nodeid_msr
you're looking for svm flag which is not in your output however (not sure what's that hypervisor one) > > >> I've successfully run IPSEC (iked and isakmpd both work), bridging and >> various network services this way. > > I moved from IPSEC to SSL/OpenVPN some years ago because it's more > robust against packet loss but in combination with routing protocols > like OSPF OpenVPN seems to be a bad choice as it keeps the > tunnel-interfaces AKA link-states always UP even if the tunnel is down. > Is there a way IPSEC can handle link-state-protocols better? > > > > Regards, > B Tobias.
