[Openswan Users] performance ipsec tunnel

Paul Wouters paul at xelerance.com
Fri Apr 28 18:47:47 CEST 2006


On Fri, 28 Apr 2006, Daniele Melosi wrote:

> I notice performance decrease of my ipsec tunnel (6.70 Mb/s insteed of 22 Mb/s
> without tunnel).

So that was your reason for disabling encryption? Bad idea. You can try
and force AES over 3DES, if you are currnetly using 3DES, with esp=aes.

> Is there any traffic limits or a solution to improve performance ?

Performance depends on a lot of things, but if this is just one tunnel,
then it seems like this is a CPU limitation. There is some limited
hardware support using OCF that is currnetly being integrated into openswan.
You can find the current patch at sourceforge.net

> -- start conf file ---
> config setup
>         #interfaces=%defaultroute
>         #forwardcontrol=yes
>         klipsdebug=all
>         plutodebug=all

And logging every single packet to disk with these debugging options
will surely deteriorate your linkspeed. your bottleneck now is logging
to disk.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list