Re: Simple IPSEC client with certificate - phase 1 time out

To: Greg Troxel <gdt%ir.bbn.com@localhost>
Subject: Re: Simple IPSEC client with certificate - phase 1 time out
From: Frank Wille <frank%phoenix.owl.de@localhost>
Date: Tue, 08 Mar 2016 14:32:23 +0100

Greg Troxel wrote:

> It seems to me that if a kernel with "option IPSEC" and w/o swcrypto
> doesn't work, then perhaps it should fail to config, or log an error at
> runtime.  (Perhaps swcrypto isn't required, and it's just that there
> must be some crypto provider.)

As far as I understand swcrypto registers software encryption algorithms in
the kernel for 3des, aes, blowfish, etc.. They are not explicitely required
as you may also use hardware for that.

-- 
Frank Wille

References:
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Frank Wille
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Christos Zoulas
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Frank Wille
- Re: Simple IPSEC client with certificate - phase 1 time out
  - From: Greg Troxel

Prev by Date: Re: Simple IPSEC client with certificate - phase 1 time out
Next by Date: Re: Simple IPSEC client with certificate - phase 1 time out
Previous by Thread: Re: Simple IPSEC client with certificate - phase 1 time out
Next by Thread: pf or npf?
Indexes:

Home | Main Index | Thread Index | Old Index