[Openswan Users] Fwd: IPSEC poor Speed performance
Hardik A Gohil
hardik at willowglen.com.my
Mon Jan 19 21:47:56 EST 2015
Hello,
I am working on Openswan IPSEC implementation on Embedded board running
Linux-2.6.35.9.
I am testing the Ethernet Speed using iperf for Host-Host Tunnel.
Ethernet support 100Mbps.
# iperf -c 192.168.82.99
------------------------------------------------------------
Client connecting to 192.168.82.99, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 192.168.82.111 port 47913 connected with 192.168.82.99 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.2 sec 7.88 MBytes 6.51 Mbits/sec
Attached ipsec auto status and log messages
how to verify whether ipsec is working fine.i cannot run ipsec auto verify.
--
Regards
Hardik A Gohil
Willowglen Msc Bhd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150120/d36480e2/attachment-0001.html>
-------------- next part --------------
# ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.82.111
000 interface eth0/eth0 192.168.82.111
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 6 subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 25.0.0.0/8, fd00::/8, fe80::/10
000 - disallowed 0 subnets:
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
000 private address space in internal use, it should be excluded!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "host-host": 192.168.82.111<192.168.82.111>...192.168.82.99<192.168.82.99>; erouted; eroute owner: #5
000 "host-host": myip=unset; hisip=unset;
000 "host-host": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "host-host": policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK; prio: 32,32; interface: eth0;
000 "host-host": newest ISAKMP SA: #3; newest IPsec SA: #5;
000 "host-host": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000
000 #4: "host-host":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 27709s; isakmp#3; idle; import:not set
000 #4: "host-host" esp.32a0f152 at 192.168.82.99 esp.51456a6f at 192.168.82.111 tun.0 at 192.168.82.99 tun.0 at 192.168.82.111 ref=0 refhim=4294901761
000 #3: "host-host":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2508s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set
000 #5: "host-host":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 27721s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #5: "host-host" esp.8118ec39 at 192.168.82.99 esp.46e66ae1 at 192.168.82.111 tun.0 at 192.168.82.99 tun.0 at 192.168.82.111 ref=0 refhim=4294901761
000 #2: "host-host":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27261s; isakmp#1; idle; import:admin initiate
000 #2: "host-host" esp.c16e7d33 at 192.168.82.99 esp.e611eefa at 192.168.82.111 tun.0 at 192.168.82.99 tun.0 at 192.168.82.111 ref=0 refhim=4294901761
000 #1: "host-host":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1770s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
000
-------------- next part --------------
A non-text attachment was scrubbed...
Name: messages
Type: application/octet-stream
Size: 37870 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20150120/d36480e2/attachment-0001.obj>
More information about the Users
mailing list