> >I've seen a number of reports from folks successfully using hardware > >acceleration with FreeS/WAN, > > Oh? I didn't see any drivers for hardware accelerators - Or did > I miss something.
I don't think you missed anything...there's no hardware support in the mainstream code for FreeS/WAN. I have, however, seen several reports of folks adding hardware support to the FreeS/WAN code base on the mailing list. I have no idea if their code is available, or under what terms, but there are reports of folks who have done this. The libdes used by FreeS/WAN is the same libdes provided with OpenSSL, and since most crypto hardware makers who support linux provide OpenSSL patches, it may not be too hard to interface FreeS/WAN to acceleration hardware, although such a project is likely not for the feint of heart (there are still several kernel-mode/user-mode issues...AFAIK, OpenSSL is generally designed to run in user-space, while the FreeS/WAN software crypto routines are running in kernel space, which makes a big difference in how you talk to the hardware). > >although this is not a particularly main-stream > >thing. If you really want to burst to 155 MBits/sec, you'll probably need > >some form of hardware acceleration (at least for a year or two, until the > >5-6 GHz CPU's come out). > > If I need more CPU horsepower, I'll use 21264 (Alpha) CPU's instead. Sounds like a plan...I've seen reports of 3DES routines that really smoke running on Alphas, taking advantage of the true 64 bit architecture to run bit-sliced algorithms which really speed things up vs the clunky x86 systems. If you go with an alpha system, you'll probably want to use a mainstream disto...you might want to do this anyway, depending on how 'thin' you want to make your VPN gateways. You might also consider seperating your VPN gateway and firewall functions into seperate boxes, but that introduces complications of a different sort (especially routing)... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
