[Openswan Users] IPSEC - Does `ping` involve any hashing activity?

Paul Wouters paul at xelerance.com
Sun Oct 28 11:12:03 EDT 2007

On Sun, 28 Oct 2007, KokHow.Teh at infineon.com wrote:

> >> 	Greetings. I use openswan-2.4.9 to test my hardware
> cryptographic
> >> drivers. Here is the /etc/ipsec.conf:
> >So you are using snapgear's OCF patch?
> I am not sure. I download the source from
> http://www.openswan.org/download/. Only the openswan-2.4.9.tar.gz but
> not the openswan-2.4.9.kernel-2.6-klips.patch.gz

Okay, then openswan uses the NETKEY ipsec code, which uses the
native crypto tools. So if your kernel crypto is accelerated, so is
openswan, but if your kernel is not, then openswan is not either.

> I have found out the code snippet to use hardware crypto for ESP hashing
> to commented out in the cryptoapi.c:

> I am not sure if it is a simple matter of adding/registering this
> structure in ipsec_cryptoapi_init routine to get the OCF to use hardware
> crypto for hashing.

If you want hardware acceleration, either apply the snapgear OCF patch to
2.4.9, or use openswan 3.x.x.

> >Openswan-3.x.x with OCF support, as far as I know, does not try to
> hardware offload IKE, as the speedgains for that were minimal or
> non-existant, so having ike= with md5 wouldn't make a difference. I am
> not sure about snapgear's OCF patch to openswan 2.4.9 and what it
> supports or not. David will probably be able to answer that.
> Where to get Openswan-3.x.x? I thought the latest is only 2.4.9 from the
> URL given above?


Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list