On Thu, Jun 22, 2006 at 06:30:27PM +0200, Dries Schellekens wrote:
> Bihlmaier Andreas wrote:
>
> >>As I say earlier, the hardware is working, but the performance
> >>bottleneck is elsewhere (presumably kernel crypto framework).
> >
> >I'm sorry, I didn't get it the first time, but I get it know :)
> >This is what I was seeking for, an answer.
> >Now I have to greatly improve my C skills in search for a solution ;)
>
> You could use the ssh tunneling support to create a vpn. Then all crypto
> is processed using the OpenSSL and thus bypassing the kernel crypto
> framework.
> Cheers,
> Dries
Complexity of the setup and this keeps me from following your advice:
"Since a SSH-based setup entails a fair amount of overhead, it may be more
suited to temporary setups, such as for wireless VPNs. More permanent
VPNs are better provided by tools such as ipsecctl(8) and isakmpd(8)."
- ssh(1)
And the other point is, there is a bug/problem and (again a quote):
"The only good bug is a dead bug!"
- Starship Troopers
As always thanks for help/clues/advice/suggestions
ahb
