> -----Original Message----- > From: Antony Antony [mailto:[email protected]] > Subject: Re: [Swan-dev] [PATCH libreswan] Add support for IPSec HW-offload > on the NIC > > Hi Ilan, > > offload patches are in the libreswan master now. > > thanks, > -antony
Thank you, Antony. We'll give this a try too. We'll be in touch regarding the next steps of development of this feature. Ilan. > > On Sun, Jul 02, 2017 at 06:30:51AM +0000, Ilan Tayari wrote: > > > -----Original Message----- > > > From: Antony Antony [mailto:[email protected]] > > > Subject: Re: [Swan-dev] [PATCH libreswan] Add support for IPSec HW- > offload > > > on the NIC > > > > > > On Thu, Jun 29, 2017 at 04:51:12PM +0000, Ilan Tayari wrote: > > > > > Here are a couple of proposed changes, untested, after a closer > > > review. > > > > > > > > > > 1. rename option to "nic-offload". Libreswan is moving away from > "_" > > > > > 2. whack --nic-offload > > > > > 3. nic-offload:yes; in "ipsec staus" connection > > > > > 4. there is one coding style change I made. > > > > > > > > > > > > > > > > I just tested this. > > > > > > > > 1. I would squash your patch 0001 into my patch, no need to put this > > > naming back-and-forth into git history > > > > > > good. > > > > > > > 2. ipsec status shows nic-offload:yes > > > > > > > 000 "myconn": nflog-group: unset; mark: unset; vti-iface:unset; > vti- > > > routing:no; vti-shared:no; nic-offload:yes; > > > > > > looks good. thanks for testing. > > > > > > > 3. I'll try to get whack command line switch to work next week. > > > > Do you have an example of command to add a connection with specific > > > phase2alg using whack? > > > > > > try: this line for both ends. > > > > > > ipsec whack --psk --encrypt --name myconn --tunnel --host > "192.168.7.1" \ > > > --to --host "192.168.7.11" --esp aes_gcm256-null --nic-offload > > > > > > ipsec auto --up myconn > > > > This works well. Sets up offload properly. > > Traffic is crypto-offloaded. > > > > > > > > and to delete > > > > > > ipsec auto --delete myconn > > > > This too. I added and deleted several times with some variations. > > > > > > > > If it is ikev2 add both of these " --ikev2-allow --ikev2-propose" > > > > This also worked well. I also tried transport mode. > > > > > > > > -antony _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
