[Soekris] VPN1401 for OpenSSH handshake acceleration under FreeBSD 7.0?

James R. Van Artsdalen soekris-tech at jrv.org
Thu Oct 16 20:14:35 UTC 2008

Marcus Reid wrote:
> I'm considering the VPN1401 accelerator board for our monitoring servers
> running FreeBSD 7.  The main reason for the crypto acceleration would be
> to offload OpenSSH handshakes -- does anyone know if the right algorithms
> are supported by the hardware and libcrypto.so?

FreeBSD7's openssl (both base and ports) do not not use /dev/crypto, and
hence not the VPN1401.  This is a known issue discussed in the mailing
lists.  I haven't tried the FreeBSD8 test builds.

FreeBSD7 does not use the VPN1401's random number generator to return
numbers from /dev/random.  Instead it appears that /dev/random returns
numbers from the Yarrow software PRNG as usual and the VPN1401's RNG is
only used to seed Yarrow by one byte per clock tick.

More information about the Soekris-tech mailing list