[Openswan Users] IPSEC - Does `ping` involve any hashing activity?

Paul Wouters paul at xelerance.com
Sat Oct 27 13:15:39 EDT 2007

On Sat, 27 Oct 2007, KokHow.Teh at infineon.com wrote:

> 	Greetings. I use openswan-2.4.9 to test my hardware
> cryptographic drivers. Here is the /etc/ipsec.conf:

So you are using snapgear's OCF patch?

>   ike=aes-md5
>   esp=aes-md5
> 	I configured the cryptographic hardware with AES and MD5
> priorities to be at 400 and 300 respectively and put some debug messages
> into the driver codes. While I could see the debug printouts of AES
> encrypt/decrypt showing that AES is in operation and the hardware
> cryptographic is used, I don't see any debug printout of hardware MD5 at
> all. My question is if `ping` involve any hashing operation at all?

If you configure esp=aes-md5 it should.
Openswan-3.x.x with OCF support, as far as I know, does not try to hardware
offload IKE, as the speedgains for that were minimal or non-existant, so
having ike= with md5 wouldn't make a difference. I am not sure about
snapgear's OCF patch to openswan 2.4.9 and what it supports or not. David
will probably be able to answer that.


More information about the Users mailing list