[Openswan Users] performance ipsec tunnel

Paul Wouters paul at xelerance.com
Fri Apr 28 18:47:47 CEST 2006

On Fri, 28 Apr 2006, Daniele Melosi wrote:

> I notice performance decrease of my ipsec tunnel (6.70 Mb/s insteed of 22 Mb/s
> without tunnel).

So that was your reason for disabling encryption? Bad idea. You can try
and force AES over 3DES, if you are currnetly using 3DES, with esp=aes.

> Is there any traffic limits or a solution to improve performance ?

Performance depends on a lot of things, but if this is just one tunnel,
then it seems like this is a CPU limitation. There is some limited
hardware support using OCF that is currnetly being integrated into openswan.
You can find the current patch at sourceforge.net

> -- start conf file ---
> config setup
>         #interfaces=%defaultroute
>         #forwardcontrol=yes
>         klipsdebug=all
>         plutodebug=all

And logging every single packet to disk with these debugging options
will surely deteriorate your linkspeed. your bottleneck now is logging
to disk.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list