isakmpd does not do the crypto processing of the actual IPSec tunnels, it only does the ike negotiations.
Presuming you want to use aes-128, `openssl speed aes' shows that a 1ghz system that is running 'vi' to type this message is capable of (at the lowest end) 27mbyte per second. I think you should do your own tests but it looks like you'd have to stoop pretty low to not be able to handle 5mbit. Thanks, -- Todd Fries .. [EMAIL PROTECTED] _____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | "..in support of free software solutions." \ 250797 (FWD) | \ \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Chris Bullock on 20071105 19:14.17, we have: | Some say that isakmpd is resource intensive. What is the recommended | hardware for a 5mb full duplex optical Internet connection that is doing | nothing but VPN. | Regards, | Chris | | On 11/4/07, Chris Bullock <[EMAIL PROTECTED]> wrote: | > | > We have been using OpenBSD my entire IT career, 5 1/2 years, I like the | > way its easy to roll out, configure and the cost the most. | > | > I would like an honest opinion of the group. We have customers that | > maintain their own firewalls and VPNs and it appears to us that that those | > sites seem to transmit data quicker than the sites that we maintain with | > OpenBSD firewalls and VPNs, assuming identical bandwidth. We have an | > OpenBSD VPN/firewall at our main site, so realistically, all of our data | > does transpose OpenBSD before it ultimately hits our network. | > | > My question is should I consider a non OpenBSD solutions, ie Cisco devs or | > should I attempt to tweak my existing boxes? | > Regards, | > Chris
