IPsec & GLXSB - pfSense 2.0.1 i386

  • Hi,

    i've got an AMD Geode CPU with AES-128 (GLXSB) support.

    I enabled GLXSB and my IPsec connects, but i am not able to connect anywhere in the VPN.

    If i disable GLXSB and reboot, all works fine…

    Errors in IPsec Log:

    racoon: ERROR: pfkey UPDATE failed: Invalid argument
    racoon: ERROR: pfkey ADD failed: Invalid argument
    racoon: [name]: ERROR give up to get IPsec-SA due to time up to wait.

    is there an solution to fix this?

    because i would like to have some extra computing powers as this machine is kinda slow anyhow…

    thanks in advance


    My machine:


  • glxsb driver apparently has some issues with AES. Might want to try a 2.1 snapshot since it has a newer base OS. Please report back on results if you do.

  • did upgrade today, activated glxsb, rebooted (just to get sure) –> same effect

    connected but no browsing possible.

  • What is the other end of the IPSec tunnel- software client, device? I had some trouble getting a Sonicwall connected with AES, switched to 3DES and it worked. This was on a Alix running nano 2.0.1 with glxsb enabled. I've used it plenty of times between two pfsense boxes with no issues.

  • I should say anything higher than AES128 seems to be broken, glxsb only works with 128. Does it work at 128?

  • i thought glxsb only supports aes, so switching to blowfish or anything else doesn't use glxsb. right?

    i have aes 128bit in my ipsec configuration. client is an android mobile.

  • I was trying to use AES128 with glxsb. It works fine with both pfsense peers, my trouble was trying to connect from pfsense to a Sonicwall peer. It connected but wasn't passing traffic. I switched to 3DES and the tunnel came up. I didn't try disabling glxsb. I can't test anything at this point as the customer would not be amused at another outage.

Log in to reply