IPsec & GLXSB - pfSense 2.0.1 i386
-
Hi,
i've got an AMD Geode CPU with AES-128 (GLXSB) support.
I enabled GLXSB and my IPsec connects, but i am not able to connect anywhere in the VPN.
If i disable GLXSB and reboot, all works fine…
Errors in IPsec Log:
racoon: ERROR: pfkey UPDATE failed: Invalid argument racoon: ERROR: pfkey ADD failed: Invalid argument racoon: [name]: ERROR 5.6.7.8 give up to get IPsec-SA due to time up to wait.
is there an solution to fix this?
because i would like to have some extra computing powers as this machine is kinda slow anyhow…
thanks in advance
elemay.
My machine:
-
glxsb driver apparently has some issues with AES. Might want to try a 2.1 snapshot since it has a newer base OS. Please report back on results if you do.
-
did upgrade today, activated glxsb, rebooted (just to get sure) –> same effect
connected but no browsing possible.
-
What is the other end of the IPSec tunnel- software client, device? I had some trouble getting a Sonicwall connected with AES, switched to 3DES and it worked. This was on a Alix running nano 2.0.1 with glxsb enabled. I've used it plenty of times between two pfsense boxes with no issues.
-
I should say anything higher than AES128 seems to be broken, glxsb only works with 128. Does it work at 128?
-
i thought glxsb only supports aes, so switching to blowfish or anything else doesn't use glxsb. right?
i have aes 128bit in my ipsec configuration. client is an android mobile.
-
I was trying to use AES128 with glxsb. It works fine with both pfsense peers, my trouble was trying to connect from pfsense to a Sonicwall peer. It connected but wasn't passing traffic. I switched to 3DES and the tunnel came up. I didn't try disabling glxsb. I can't test anything at this point as the customer would not be amused at another outage.