Hi,
I have the following setup, A - has two tunnels one to B(acting as Primary)
and another to C(acting as backup).
i am looking for a way to gracefully switch the data traffic from B to C by
keeping both tunnels active.
A <--> B
A <--> C
Is there a way i can the keep a
Hi,
What is the upper limit on replay window size ? i didn't find any
documentation on upper limit. is it dependent on Hardware, if so how to
find the limit
After a certain limit, i am having some problem with IPsec connection.
*replay_window = -1 | *
The IPsec replay window size for this
Hi All,
Can you please provide your input on this ?
Regards
Kapil.
On Fri, Aug 5, 2016 at 10:13 PM, Kapil Adhikesavalu <kapil20...@gmail.com>
wrote:
> With the below steps I don't see any performance improvements in ipsec in
> a multicore HW. Is there anything I am missing?
>
&
With the below steps I don't see any performance improvements in ipsec in a
multicore HW. Is there anything I am missing?
Thanks
Kapil
On 04-Aug-2016 5:37 PM, "Kapil Adhikesavalu" <kapil20...@gmail.com> wrote:
Hello,
I am getting the following errors while trying pcrypt. From
Hello,
I am getting the following errors while trying pcrypt. From the wiki page,
i see when tcrypt is used, "modprobe: ERROR: could not insert 'tcrypt':
Resource temporarily unavailable" is an expected. I am getting a different
error, please let me know if this fine.
The /proc/crypto logs in
Hi Folks,
i see in strongswan pcrypt page, to enable pcrypt you guys have asked to
enable CONFIG_PCRYPT. but the correct flag is CONFIG_CRYPTO_PCRYPT. can
you guys please correct this ?
https://github.com/torvalds/linux/blob/master/crypto/Makefile
obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
>
> It seems that our EC2 instance is on that kernel.
>
> On Wed, Jun 22, 2016 at 8:42 AM, Kapil Adhikesavalu <kapil20...@gmail.com>
> wrote:
>
>> Hi Sandeep,
>>
>> Are you by any chance using intel_aesni klm (check /proc/crypto) ? If so,
>> aesgcm256 is not suppor
Hi Sandeep,
Are you by any chance using intel_aesni klm (check /proc/crypto) ? If so,
aesgcm256 is not supported until kernel 4.1.
Otherwise you can check the logs to see for any errors.
Related to GCM256 - https://wiki.strongswan.org/issues/341
Thanks
Kapil
On 22-Jun-2016 7:12 AM, "sandeep
Hi Jeff,
Thanks for the info, couple of questions ,
1. However there was a bug in pre 4.1 kernels where AES-NI does not work
right for GCM operations.
kapil : can you point me to
On Mon, Jun 20, 2016 at 12:31 PM, Jeff Leung wrote:
> > Hi,
> >
> > i am looking for
Hi,
i am looking for ways to improve the throughput while using the strongswan
IPSEC.
I read that AES-GCM provides excellent throughput over default AES-CBC-128 when
used with AES-NI support in intel processors.
i want to enable AES-GCM128 cipher in my xeon E5 processor, and from
looking at the
10 matches
Mail list logo