Project

General

Profile

Actions

Bug #13074

open

AES-GCM with SafeXcel on Netgate 2100 causes MBUF overload

Added by Chris S about 1 month ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Cryptographic Modules
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
22.01
Affected Architecture:
SG-2100

Description

Running IPSec tunnels on a Netgate 2100 with AES-GCM and SafeXcel enabled seem to cause an MBUF overload requiring a reboot to re-establish the tunnel.

First spotted by NOCling in the forums. I was able to reproduce on my own 6100-2100 IPsec setup.

https://forum.netgate.com/topic/171469/netgate-2100-s2s-aes-gcm-and-safexcel-mbuf-overload


Related issues

Has duplicate Bug #13075: Netgate 2100 IPsec S2S AES GCM and SafeXcel mbuf overloadDuplicate

Actions
Actions #1

Updated by Chris S about 1 month ago

Reverting to AES-CBC with SHA384 in P1 and P2 works perfectly, even with SafeXcel enabled. Only seems to apply to AES-GCM.

Actions #2

Updated by Jim Pingle about 1 month ago

  • Has duplicate Bug #13075: Netgate 2100 IPsec S2S AES GCM and SafeXcel mbuf overload added
Actions

Also available in: Atom PDF