FAST_IPSEC(4) MidnightBSD Kernel Interfaces Manual FAST_IPSEC(4)

NAME

Fast IPsec — hardware-accelerated IP Security Protocols

SYNOPSIS

options FAST_IPSEC
device crypto

net.inet.esp.enable
net.inet.ah.enable
net.inet.ipcomp.enable

DESCRIPTION

IPsec is a set of protocols, ESP (for Encapsulating Security Payload) AH (for Authentication Header), and IPComp (for IP Payload Compression Protocol) that provide security services for IP datagrams. Fast IPsec is an experimental implementation of these protocols that uses the crypto(4) subsystem to carry out cryptographic operations. This means, in particular, that cryptographic hardware devices are employed whenever possible to optimize the performance of these protocols.

In general, the Fast IPsec implementation is intended to be compatible with the KAME IPsec implementation. This documentation concentrates on differences from that software. The user should refer to ipsec(4) for basic information on setting up and using these protocols.

System configuration requires the crypto(4) subsystem. When the Fast IPsec protocols are configured for use, all protocols are included in the system. To selectively enable/disable protocols, use sysctl(8).

DIAGNOSTICS

To be added.

SEE ALSO

crypto(4), ipsec(4), setkey(8), sysctl(8)

HISTORY

The protocols draw heavily on the OpenBSD implementation of the IPsec protocols. The policy management code is derived from the KAME implementation found in their IPsec protocols. The Fast IPsec protocols first appeared in FreeBSD 5.0.

BUGS

There is presently no support for IPv6.

The IPcomp protocol support does not work.

Certain legacy authentication algorithms are not supported because of issues with the crypto(4) subsystem.

This documentation is incomplete.

MidnightBSD 0.3 January 20, 2003 MidnightBSD 0.3