pfSense Support Subscription

Author Topic: State of Via Padlock in pfSense 1.2.2/.3 or 2.0  (Read 2549 times)

0 Members and 1 Guest are viewing this topic.

Offline Anathematic

  • Newbie
  • *
  • Posts: 7
    • View Profile
State of Via Padlock in pfSense 1.2.2/.3 or 2.0
« on: April 05, 2009, 02:31:33 pm »
Greetings,

I have been searching through the forums but I am unable to find a clear answer. With the current version of pfSense, 1.2.2, what is the status of Via Padlock support? I found this post here that talks about enabling the kernel module http://forum.pfsense.org/index.php/topic,13791.msg73550.html#msg73550 . All the other posts are circa 2006. So does this mean that the modules aren't loaded by default? From what I can discern from the interwebs there seems to be a huge performance increase using padlock for things like vpn etc.. Reason I am asking is I just picked up the Via VB8001 with the new Nano processor, then tossed in an intel dual ethernet pci express card.

Anyone have any experience with Padlock?

Thanks,
« Last Edit: April 05, 2009, 03:30:34 pm by Anathematic »

Offline Anathematic

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: State of Via Padlock in pfSense 1.2.2/.3 or 2.0
« Reply #1 on: April 05, 2009, 03:18:22 pm »
Looking through the hardware support for 7.1 I don't see any reference to it. http://www.freebsd.org/releases/7.1R/hardware.html#CRYPTO-ACCEL
However there is a man page for it http://www.freebsd.org/cgi/man.cgi?query=padlock&apropos=0&sektion=4&manpath=FreeBSD+7.0-RELEASE&format=html

So I guess my question is, is it compiled into the kernel that pfSense runs? Does anyone have any experience using it? Stability/reliability?
« Last Edit: April 05, 2009, 03:26:01 pm by Anathematic »

Offline Anathematic

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: State of Via Padlock in pfSense 1.2.2/.3 or 2.0
« Reply #2 on: April 06, 2009, 12:18:28 am »
So far I have added padlock_load="YES" to /bootl/loader.conf. When I look at dmesg I see padlock0: No ACE support. Googleing this seems to mean that the module isnt loaded. Anyone know anything special about this?

I am using an extra via epia board right now, hence the c3 processor. I figured this being a more mature product would have better support than the nano board. Plus I can fubar it without taking down the network.
thanks in advance for any help.


$ dmesg
Copyright (c) 1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
   The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-RELEASE-p8 #0: Thu Jan  8 22:07:30 EST 2009
    sullrich@freebsd7-releng_1_2_1.pfsense.org:/usr/obj.pfSense/usr/src/sys/pfSense.7
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: VIA C3 Samuel 2 (800.03-MHz 686-class CPU)
  Origin = "CentaurHauls"  Id = 0x673  Stepping = 3
  Features=0x803035<FPU,DE,TSC,MSR,MTRR,PGE,MMX>
real memory  = 528416768 (503 MB)
avail memory = 502845440 (479 MB)
wlan: mac acl policy registered
kbd1 at kbdmux0
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
hptrr: HPT RocketRAID controller driver v1.1 (Jan  8 2009 22:07:11)
cryptosoft0: <software crypto> on motherboard
padlock0: No ACE support.

« Last Edit: April 06, 2009, 12:22:11 am by Anathematic »