Hi, I am currently testing a PC Engines APU4C4 with OpenBSD 6.5 and iked for an IPsec tunnnel between two sites which both have 1 Gbit/s uplink.
Bypassing the IPsec tunnel I get around 500 Mbit/s of bandwidth throughput which is quite satisfying. The bandwidth throughput over my IPsec tunnel achieves a max of 80 Mbit/s which I was sort of expecting with the default encryption settings (auth hmac-sha2-256 enc aes-256). In order to increase bandwidth throughput over my IPsec tunnel I wanted to know what you guys think is a good compromise between performance and security? I was thinking for example of changing the encryption cipher to aes-128 instead of aes-256 and maybe blowfish? What would you recommend? Anything else I should be looking at? maybe like a hardware crypto accellerator miniPCI card compatible with the APU4 and OpenBSD? Cheers, Mabi
