Got strongswan working on R2 Pro, but the performance is lackluster at best.
78 Mbps UP and DOWN best, saturating one CPU with 100% irq. Better than Mikrotik hAP ax lite [35 Mbps UP and DOWN]
I will contact the author and report back.
I might need to read the datasheets and code myself as a last resort. Can’t wait to pick up C, haven’t used since high school.
And it seems it needs some patches before i have not found yet…the other series i’ve found is newer
looks like the first patch from the series are already in (moving kconfig), as there is already a rockchip dir and the rk3288 is already there…maybe we just need to skip the first patch(es)
Thanks for all the helping.
I will take a look soon. I am having some trouble with the journctl -xe on your base Ubuntu image, continuously running as a StrongSwan server for 20 days now.
Had not running the board so long…serial console should work when you reconnect and get additional output…maybe you missed the baud setting (1500000) on reconnect or use wrong serial device? In other thread you’ve wrote that ssh works well then,so board is not freezed.
But as r2pro uses onboard uart adapter,it is possible that this has freezed.
I have booted the kernel with the crypto driver enabled after fixing issue with renamed pmic driver (prevents sdcard access). See no dmesg messages for crypto and also no dma errors…need to know how to check. Maybe i enable the debugfs option then i should see these entries
Thanks Frank.
I got some time tonight to download the code and re-compiled the kernel.
I am having some trouble with clients on the subnet having 5Mbps download, but 68Mbps upload. the upload is similar to before the crypto modules were applied.
Got a kernel message saying
alg: No test for echainiv(authenc(hmac(sha256),cbc(des3_ede))) (echainiv(authenc(hmac(sha256-ce),cbc(des3_ede-generic))))
I started with your config through ./build.sh importconfig
Then added my driver support and nf tables.
The funny thing is that I lost all inbound connection ability as well.
I can’t SSH or do an Iperf3 speed test to the BPi anymore. Wondering whether this is nftables related, but tcpdump is also quite slow.
If you have no nftables rules applied it should have no impact. Thats strange…you could try using 6.6 without the crypto offloading enabled…i have only made basic test over console…no network test with 6.6 yet
I highly doubt the crypto extensions would break the network configuration at large. I am going to learn how the crypto extenion could help with xfrm encryption and decryption.
You did not change any network related kernel options from 6.2 to 6.6?
No, not as far as i remember. Config should be similar as on 6.1 except the network-stack…only noticed that mfd driver was renamed in 6.5 from rk808 to rk8xx which breakes sdcard too.
For testing crypto we need to look on debugfs and compare the values to them after running the test command
That probably explained when my system wasn’t booting after bringing to 6.5. You know I needed to keep pressing Maskrom, because all I do is writing the new kernel onto the SD card.
I will do a diff between the default importconfig for 6.6 and my working 6.2 kernel (with strongswan, nft, and everything needed for a 70/70 IPsec tunnel). Trying to get better the speed than this. The WAN is 125/125, limitation of the WiFi card/dorm congestion.