|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Soekris 5501-70: what to do with hifn & PCI ethernet
I bought a Soekris net5501-70, used. It came with a vpn1411 card. This shows up in OpenBSD as:
Code:
hifn0 at pci0 dev 17 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 15 Also, if some (userland) code does some AES or MD5, will it automatically use that card? I'm planning to use the box as a firewall between my WAN and LAN, as it only has 100mbit Ethernet - debating whether to drop in a gig-E card in the PCI to make it more useful. I was a little disappointed that the onboard NICs are somewhat crippled in OpenBSD, but they're still fast enough for my WAN. It's another toy on the Isle of Misfit Toys...the pile of small, strange exotic boxes in the corner of my desk |
|
||||
As far as I know, the hifn(4) device can only be used as a crypto offlload driver for ipsec(4). I have some Alix machines that use the glxsb(4) device, which has similar IPSec offload and can also act as a source of entropy for the kernel. A tiny advantage for a tiny platform.
According to CVS logs, the userland access driver for our crypto devices, crypto(4), has been removed for 5.7. The log stated, "The interface has been disabled by default for about 4 years and currently there's not much value in having it around at all." I did play with this driver when I first got my Alixes. I used OpenSSL's CLI tool. Yes, it encrypted/decrypted with improved performance. But I just played with it; my use of openssl(1) on those platforms was not then or now a part of normal day to day production operations. I use IPSec, and take the default crypto transforms, which includes AES-CBC. I have not tried to use IPSec with the offload device disabled and measure performance differences, so I do not know its value for that function. Edited to add: I misread the hifn(4) man page. Your 7955 can also be an entropy source. Last edited by jggimi; 15th December 2014 at 04:00 AM. Reason: clarity, correction |
|
|||
Quote:
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
soekris net5501-60 box with vpn1411 problem | igy01 | OpenBSD Installation and Upgrading | 3 | 5th November 2014 02:12 AM |
firewalling with a small soekris appliance | wesley | OpenBSD Security | 2 | 6th June 2011 05:29 PM |
Soekris experiences | Carpetsmoker | General Hardware | 42 | 21st August 2009 01:52 PM |
soekris help | revzalot | OpenBSD Installation and Upgrading | 6 | 17th December 2008 07:40 PM |
Soekris Help | revzalot | General Hardware | 2 | 27th August 2008 01:35 PM |