Re: [pfSense Support] PFsense as PN server

[Rainer Duffner]

alan walters wrote:

Your aren’t going to terminate the ssl connections  on
The firewall ??? what benefit would ssl accelerators provide.
We are planning something similar at the moment. My present thoughts are to use 
opteron processors on the vpn servers. And run pfsense on that hardware.
 



This is from a (almost idle) IBM LS20 2.0 GHz Dual Core Dual Opteron 
Blade, 1 MB Cache (RHEL4-AMD64 - FreeBSD's non-existant FC-failover 
support doesn't let me any choice here - but the numbers should be in 
the right ballpark):
===================
OpenSSL 0.9.7a Feb 19 2003
built on: Thu Oct  6 13:41:39 EDT 2005
options:bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) 
aes(partial) blowfish(ptr2)
compiler: gcc -fPIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -DKRB5_MIT -DOPENSSL_NO_IDEA -DOPENSSL_NO_MDC2 
-DOPENSSL_NO_RC5 -DOPENSSL_NO_EC -I/usr/kerberos/include -DL_ENDIAN 
-DTERMIO -Wall -DMD32_REG_T=int -O2 -g -pipe -m64 -Wa,--noexecstack
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 
bytes
md2               1503.10k     3152.55k     4339.11k     4795.39k     
4909.74k
mdc2                 0.00         0.00         0.00         0.00         
0.00
md4              18619.34k    62840.47k   176072.53k   320213.67k   
420093.95k
md5              14716.69k    46055.30k   119688.87k   199830.19k   
247160.83k
hmac(md5)         7761.32k    27257.24k    82330.28k   165962.41k   
237734.57k
sha1             16178.74k    45727.10k    96874.41k   134190.42k   
151379.97k
rmd160           12130.01k    33528.32k    69918.21k    95937.88k   
107672.92k
rc4             144444.90k   150359.64k   155039.57k   156210.52k   
157245.58k
des cbc          39090.10k    41027.39k    41519.02k    41678.51k    
41746.43k
des ede3         15552.41k    15824.92k    15924.82k    15949.48k    
15840.60k
idea cbc             0.00         0.00         0.00         0.00         
0.00
rc2 cbc          20894.13k    21729.26k    21868.46k    21910.19k    
21970.94k
rc5-32/12 cbc        0.00         0.00         0.00         0.00         
0.00
blowfish cbc     69273.69k    73876.35k    74984.45k    75436.71k    
75603.97k
cast cbc         53019.16k    55266.71k    55873.37k    56158.89k    
56620.37k
aes-128 cbc      87868.44k    91959.89k    93882.28k    94908.76k    
95016.28k
aes-192 cbc      79097.22k    82687.49k    83933.44k    84250.28k    
84339.37k
aes-256 cbc      71791.63k    74495.49k    75358.04k    75094.36k    
75216.21k
                 sign    verify    sign/s verify/s
rsa  512 bits 0.000328s 0.000027s   3050.5  37659.1
rsa 1024 bits 0.001227s 0.000067s    814.7  14917.9
rsa 2048 bits 0.006821s 0.000199s    146.6   5023.8
rsa 4096 bits 0.044185s 0.000682s     22.6   1466.6
                 sign    verify    sign/s verify/s
dsa  512 bits 0.000208s 0.000242s   4810.4   4139.8
dsa 1024 bits 0.000565s 0.000668s   1771.0   1496.3
dsa 2048 bits 0.001803s 0.002181s    554.8    458.5
========================

I assume that's also what you could get from e.g. a SunFire X4100 (do 
the SAS-drives work with FreeBSD?).


Soekris says:
http://www.soekris.com/vpn1401.htm
"Authentication, SHA-1 and MD5 at 325 to 360 Mbps" -
In light of these numbers, that would be pretty good, wouldn't it?

Their upcoming vpn1461 reads even better:
http://www.soekris.com/vpn1461.htm


But we'll see when it ships (and when drivers for FreeBSD ship...)




cheers,
Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]