[Openswan Users] Latency with Openswan?

Joost Kraaijeveld J.Kraaijeveld at Askesis.nl
Mon Jul 10 16:38:54 CEST 2006

On Fri, 2006-07-07 at 18:03 +0200, Paul Wouters wrote:
> On Fri, 7 Jul 2006, Joost Kraaijeveld wrote:
> > Does anyone know if and how much latency is added to a connection if the
> > connection is done through an OpenSwan tunnel with a pre-shared or RSA
> > key? ?
> I am not sure if I understand the question entirely. Are you talking about
> the latency of IPsec in general, or the difference between PSK and RSA?
A customer of mine has several ipsec tunnels ( > 100) through which
Citrix ICA session run. The users experience latency (long response
times), which makes typing really awkward experience. I want to rule out
that the OpenSwan ipsec tunnels are responsible for the latency (I
actually suspect the upstream provider's way of handling the

> It all depends on the hardware. IKE is not causing much latency at all,
> because it happens once per hour. And if you wish to get a better
> throughput for ESP, then adding CPU power or hardware accelerators will
> help you.
As far as I can see we have bandwidth enough (we almost never saturate
the connection, measured with iptraf).


Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
web: www.askesis.nl

More information about the Users mailing list