Hello All, Drifting off topic on this one but when I saw OpenVPN Openvpn performance on OpenBSD (with Tap Interfaces) is less than one would expect.. even turning off ciphers and auth... you can still get about 80-90mb/s on a machine that would forward about 3.5Gb/s - 5Gb/s In doing a test with tap interfaces and a userland bridge (thanks Claudio) to test where the bottleneck was (incase it was the Tap interface was slow) it looked like OpenBSD Tap interfaces were not performance of the tap interfaces were about 10% slower than bridging physical interfaces To blame... as OpenVPN vpn say themselves it needs a rewrite and perhaps the code inefficiencies in OpenVPN combined with the OpenBSD Mitigations limit performance.
sorry for drifting a little off topic... Tom Smyth On Tue, 1 Sep 2020 at 14:40, Stuart Henderson <s...@spacehopper.org> wrote: > On 2020-09-01, Hrvoje Popovski <hrv...@srce.hr> wrote: > > Hi all, > > > > does anyone use an openconnect server on openbsd and have guidelines on > > how to configure it? i see that an openconnect server can use radius, so > > it's interesting to me. Which client do you use to connect to the > > openconnect server? > > It worked when I tested after porting ocserv/openconnect, but I'm not using > it in production. You should be able to connect to ocserv using either the > openconnect client or cisco anyconnect client. > > > If there is something else that can use radius, i would like to know? > > at least these: > > - npppd (yeuch l2tp :) > > - openvpn (there's a username/pw auth method using a helper script, > you can write something calling a radius client to check auth, also > yeuch openvpn :) > > I did once see some code including radius support for iked but it > was tied up with a bunch of other changes and looked a bit complex > to separate. I don't recall whether it was just username/pw or if > it did full EAP. > > > -- Kindest regards, Tom Smyth.