IPsec & GLXSB - pfSense 2.0.1 i386



  • Hi,

    i've got an AMD Geode CPU with AES-128 (GLXSB) support.

    I enabled GLXSB and my IPsec connects, but i am not able to connect anywhere in the VPN.

    If i disable GLXSB and reboot, all works fine…

    Errors in IPsec Log:

    racoon: ERROR: pfkey UPDATE failed: Invalid argument
    racoon: ERROR: pfkey ADD failed: Invalid argument
    racoon: [name]: ERROR 5.6.7.8 give up to get IPsec-SA due to time up to wait.
    

    is there an solution to fix this?

    because i would like to have some extra computing powers as this machine is kinda slow anyhow…

    thanks in advance

    elemay.

    My machine:

    http://en.wikipedia.org/wiki/Fit-PC#fit-PC_1.0



  • glxsb driver apparently has some issues with AES. Might want to try a 2.1 snapshot since it has a newer base OS. Please report back on results if you do.



  • did upgrade today, activated glxsb, rebooted (just to get sure) –> same effect

    connected but no browsing possible.



  • What is the other end of the IPSec tunnel- software client, device? I had some trouble getting a Sonicwall connected with AES, switched to 3DES and it worked. This was on a Alix running nano 2.0.1 with glxsb enabled. I've used it plenty of times between two pfsense boxes with no issues.



  • I should say anything higher than AES128 seems to be broken, glxsb only works with 128. Does it work at 128?



  • i thought glxsb only supports aes, so switching to blowfish or anything else doesn't use glxsb. right?

    i have aes 128bit in my ipsec configuration. client is an android mobile.



  • I was trying to use AES128 with glxsb. It works fine with both pfsense peers, my trouble was trying to connect from pfsense to a Sonicwall peer. It connected but wasn't passing traffic. I switched to 3DES and the tunnel came up. I didn't try disabling glxsb. I can't test anything at this point as the customer would not be amused at another outage.


Log in to reply