Just offhand I'd say that didn't sound too bad ... if the security is to be any good it *ought* to require a bit of cpu time. Basically it's a factor of 10 on each pass through the encrypt/decrypt...
-- Edmund Cramp http://www.emgsrus.com/graffiti.htm > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf > Of Dustin Puryear > Sent: Tuesday, June 18, 2002 1:01 PM > To: [email protected] > Subject: Re: [brlug-general] VPNs > > > At 12:06 PM 6/18/2002 -0500, you wrote: > >I am using the built in stuff that is in OpenBSD (IPSec) with manual > >3des keys. > > I haven't messed with the OpenBSD IPSec implementation. A > factor of 20, > huh? That's kind of brutal, but to be honest, I have yet to > toy with an > IPSec-based VPN myself. Is that performance expected? > > Regards, Dustin > > > > >Shannon > > > >On Tue, 2002-06-18 at 09:16, Dustin Puryear wrote: > > > What software are you using for the actual VPN? > > > > > > Regards, Dustin > > > > > > At 08:45 PM 6/17/2002 -0500, you wrote: > > > >Just in case anyone was wondering, I did some throughput > testing on a > > > >test VPN I have here. It is pretty CPU intensive as far > as I can tell. > > > >The VPN was running on two OpenBSD boxes with ~400 mhz > cpus. See the > > > >details and gnuplots at: > > > > > > > > >http://www.ligo-la.caltech.edu/~sroddy/netpipetests/netpipe_t > ests.html > > > > > > > >About a factor of 20 reduction in speed when going from > > > >client->gateway->(encrypted)=>gateway=>(decrypted)->client. > > > > > > > >I am going to do some further testing on faster > machines. I am also > > > >going to try blowfish vs. 3des encryption. Blowfish > seems to be faster > > > >than 3des on ssh. > > > > > > > >-- > > > >Shannon Roddy > > > > >__________________________________________________________________ > > > >Systems Administrator California Institute of > Technology > > > >[EMAIL PROTECTED] LIGO Livingston Observatory > > > >ph: (225)686-3106 19100 LIGO Lane > > > >fx: (225)686-7189 Livingston, LA 70754 > > > >Web Page > http://www.ligo-la.caltech.edu/~sroddy > > > >Calendar/Schedule See Home Page > > > >Wireless Email (255 Chars) [EMAIL PROTECTED] > > > > > > > >_______________________________________________ > > > >General mailing list > > > >[email protected] > > > >http://brlug.net/mailman/listinfo/general_brlug.net > > > > > > > > > --- > > > Dustin Puryear <[EMAIL PROTECTED]> > > > UNIX and Network Consultant > > > http://members.telocity.com/~dpuryear > > > PGP Key available at http://www.us.pgp.net > > > In the beginning the Universe was created. > > > This has been widely regarded as a bad move. - Douglas Adams > > > > > > > > > _______________________________________________ > > > General mailing list > > > [email protected] > > > http://brlug.net/mailman/listinfo/general_brlug.net > >-- > >Shannon Roddy > >__________________________________________________________________ > >Systems Administrator California Institute of Technology > >[EMAIL PROTECTED] LIGO Livingston Observatory > >ph: (225)686-3106 19100 LIGO Lane > >fx: (225)686-7189 Livingston, LA 70754 > >Web Page > http://www.ligo-la.caltech.edu/~sroddy > >Calendar/Schedule See Home Page > >Wireless Email (255 Chars) [EMAIL PROTECTED] > > > >_______________________________________________ > >General mailing list > >[email protected] > >http://brlug.net/mailman/listinfo/general_brlug.net > > > --- > Dustin Puryear <[EMAIL PROTECTED]> > UNIX and Network Consultant > http://members.telocity.com/~dpuryear > PGP Key available at http://www.us.pgp.net > In the beginning the Universe was created. > This has been widely regarded as a bad move. - Douglas Adams > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net >
