fast_ipsec(4)
NAME
Fast IPsec - hardware-accelerated IP Security Protocols
SYNOPSIS
options FAST_IPSEC device crypto net.inet.esp.enable net.inet.ah.enable net.inet.ipcomp.enable
DESCRIPTION
- IPsec is a set of protocols, ESP (for Encapsulating Security
- Payload) AH
(for Authentication Header), and IPComp (for IP Payload Com - pression Protocol) that provide security services for IP datagrams.
Fast IPsec
- experimental implementation of these protocols that uses the
- crypto(4)
subsystem to carry out cryptographic operations. This - means, in particular, that cryptographic hardware devices are employed when
- ever possible
to optimize the performance of these protocols. - In general, the Fast IPsec implementation is intended to be
- compatible
with the KAME IPsec implementation. This documentation con - centrates on
differences from that software. The user should refer to - ipsec(4) for
basic information on setting up and using these protocols. - System configuration requires the crypto(4) subsystem. When
- the Fast
IPsec protocols are configured for use, all protocols are - included in the
system. To selectively enable/disable protocols, use - sysctl(8).
DIAGNOSTICS
To be added.
SEE ALSO
crypto(4), ipsec(4), setkey(8), sysctl(8)
HISTORY
- The protocols draw heavily on the OpenBSD implementation of
- the IPsec
protocols. The policy management code is derived from the - KAME implementation found in their IPsec protocols. The Fast IPsec pro
- tocols first
appeared in FreeBSD 5.0.
BUGS
There is presently no support for IPv6.
The IPcomp protocol support does not work.
- Certain legacy authentication algorithms are not supported
- because of
issues with the crypto(4) subsystem. - This documentation is incomplete.
- BSD January 20, 2003