Scott,
Again, the reference that you are looking at is about the *kernel*
interface used for IPSEC. OpenVPN itself is not a kernel module, and
does not use the kernel padlock support. OpenVPN uses user space
encryption/decryption and the padlock support comes from the OpenSSL
implementation.
You can easily test the presence of the padlock engine by use of the
openssl and openvpn executables.
Go to a a shell in a pfSense 1.2RC2 install and try
openssl engine
or
openvpn --show-engines
You will see that there are 9 or so hardware engines supported, of
which padlock is one.
If you execute the test described in the defect report (http://
cvstrac.pfsense.com/tktview?tn=1447) on an 1.2RC2 system with padlock
hardware (C7), you should easily be able to reproduce the failure.
Denny
On Sep 10, 2007, at 14:26 , Scott Ullrich wrote:
On 9/10/07, Denny Page <[EMAIL PROTECTED]> wrote:
Scott,
Padlock does not require kernel support for use by OpenVPN. Note
also that
the patch is not applicable to the kernel. Perhaps you were
thinking of
IPSEC?
No. http://threads.seas.gwu.edu/cgi-bin/man2web?
program=padlock§ion=4
Padlock support is compiled into the pfSense distribution for
OpenSSL, and
thereby for OpenVPN and for SSH. This is a good thing--it should
be enabled
in the kernel as well.
So, any idea of how the patch is in the dev source but not in the
build?
It is not in the dev source build.
http://pfsense.com/cgi-bin/cvsweb.cgi/tools/builder_scripts/conf/
pfSense_Dev.6?rev=1.35
The developer edition installs all FreeBSD binaries including loadable
modules and is meant for developers trying to adapt pfSense, etc.
Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
