[Soekris] Hi/fn cards and SSH...
Andy Michaels
lego at therac25.net
Fri Mar 16 14:04:03 UTC 2007
On Fri, 16 Mar 2007, Stuart Henderson wrote:
> On 2007/03/16 09:34, Austin Murphy wrote:
>> On 3/15/07, Andy Michaels <lego at therac25.net> wrote:
>>> I found a thread from 2004 on the OpenBSD mailing lists about an issue
>>> where SSH connections with high volume traffic caused dropped
>>> connections on a Soekris 4801. Does anyone know if this issue is
>>> resolved? I'm hoping with 3 years in between, the issue has died. I
>>> ask because we are about to purchase 2 4801s and 2 1411 mini-PCI cards.
>>> If there's an issue with OpenSSH, then this will not suit our needs.
>>
>> I have 2 net4801's running OpenBSD, 3.9 and 4.0. When I put in the
>> vpn1411 card I get problems with OpenSSH. "Corrupted MAC on input" is
>> the error. It does not seem to have anything to do with the system
>> load. I don't know if it is a hardware or software problem, but maybe
>> OpenBSD 4.1 will fix it.
>
> using sysctl 'kern.usercrypto=0' (see /etc/sysctl.conf) will allow
> the card to be used for IPsec which doesn't have reported problems,
> and disable it for userland which does.
>
So the problem only exists if I run the crypto code in userland? Maybe I
don't completely understand the situation, but when you say "used for
IPSEC", does this imply that IPSEC is run as part of the kernel and that
say, L2TP is not? What about OpenVPN?
Sorry if I've got things really confused. I just want to know what the
limitations will be.
Thanks for the response!
-Andy
More information about the Soekris-tech
mailing list