[Openswan Users] performance ipsec tunnel
Paul Wouters
paul at xelerance.com
Fri Apr 28 18:47:47 CEST 2006
On Fri, 28 Apr 2006, Daniele Melosi wrote:
> I notice performance decrease of my ipsec tunnel (6.70 Mb/s insteed of 22 Mb/s
> without tunnel).
So that was your reason for disabling encryption? Bad idea. You can try
and force AES over 3DES, if you are currnetly using 3DES, with esp=aes.
> Is there any traffic limits or a solution to improve performance ?
Performance depends on a lot of things, but if this is just one tunnel,
then it seems like this is a CPU limitation. There is some limited
hardware support using OCF that is currnetly being integrated into openswan.
You can find the current patch at sourceforge.net
> -- start conf file ---
> config setup
> #interfaces=%defaultroute
> #forwardcontrol=yes
> klipsdebug=all
> plutodebug=all
And logging every single packet to disk with these debugging options
will surely deteriorate your linkspeed. your bottleneck now is logging
to disk.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list