Dewayne Geraghty wrote: > My apologies for the confusion, yes, the C7 only helps with AES. > > The configuration detail is: between branch offices I use FreeBSD ipsec > (AES), and within the branches Windows boxes access the firewall boxes. The > "firewalls" run samba inside a jail. Due to sensitive information (see your > local Privacy legislation), we also need to encrypt the information between > samba jail and the PC-WXP devices. Hence the need to use ipsec-AES on the > WAN and ipsec-3des on the LAN (as 3des is the best option selectable for > WXP). > > Regards, Dewayne. >
Just out of curiosity, what happens if you set net.inet.ipsec.crypto_support = -1 when using 3DES in your testing? Does the firewall work then? -Proto _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
