Those look like reasonable numbers for the given scenario. Improving your IPsec bandwidth would take more horsepower than an APU box. Improving site-to-site encrypted VPN speed, asuming two APU boxes, would require switching from IPsec to something like a WireGuard VPN, available on -current as a package, but I'm not quite sure how much performance would be attainable on OpenBSD. Heard >500Mbps on APU3/Debian combo[1], but once again, don't believe everything you read on Internet.
Regards and good luck! [1] https://teklager.se/en/knowledge-base/apu2-vpn-performance/ El mar., 11 jun. 2019 a las 18:10, mabi (<[email protected]>) escribió: > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Tuesday, June 11, 2019 1:04 PM, Christian Weisgerber <[email protected]> > wrote: > > > > childsa enc aes-128-gcm > > > > Correct. > > For reference I now changed the childsa encryption cipher to aes-128-gcm and > get 93 Mbit/s throughput instead of the 80 Mbit/s I saw with aes-256. > > Better than nothing but still not quite optimal so I was wondering if anyone > had already achieved better IPsec site-to-site bandwidth throughput with a PC > Engines APU4 box? > > I have a very simple site-2-site IPsec connection which basically is just the > following config in my iked.conf file: > > ikev2 active esp from $local_ip to $remote_ip local $local_ip peer $remote_ip > childsa enc aes-128-gcm srcid $local_ip dstid $remote_ip > ikev2 active esp from $local_network to $remote_network local $local_ip peer > $remote_ip childsa enc aes-128-gcm srcid $local_ip dstid $remote_ip > > Cheers, > Mabi >
