> [...FreeBSD 6.2...OpenVPN...] > My question is whether adding the vpn1411 encryption card will help > increase my throughput.
I tried it under NetBSD (with a 4801, I think it was) and my experience says it won't. I found that, for OpenVPN's use, the overhead of crossing into the kernel outweighed the crypto performance gain. FreeBSD may be different; I don't know how much of that overhead is the hardware and how much is the software. Also, this was testing a single stream in isolation. It's possible that if you have multiple data streams going, you'd see an overall throughput win even if a single stream in isolation is impaired, because crypto offload means non-crypto stuff can happen on the main CPU while the crypto is running. > I've searched the mailing list archives and I've seen several folks > having issues with the vpn1411 card and getting "Corrupted MAC on > input" errors with any kind of usermode encryption, which OpenVPN > uses. I saw that with ssh. I didn't see anything to make me think that OpenVPN was getting hit with comparable problems, but I didn't look, either; it's entirely possible some small fraction of OpenVPN's packets were getting corrupted too, with the corruption hidden by retransmissions. Also, my experience is a few years old by now. It's possible some relevant piece has changed since then. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Soekris-tech mailing list [email protected] http://lists.soekris.com/mailman/listinfo/soekris-tech
