Thank you for testing the scenario and confirming our findings. For now, we're going to run ipv6 in ipv6. The only reason I was trying to use ipv4 for the tunnel is because many of the server providers we've contacted, especially in South America and Asian locations, do not provide any SLA on ipv6.
Thanks, James On November 14, 2015 2:51:19 PM MST, Tuomo Soini <[email protected]> wrote: >On Sat, 14 Nov 2015 13:03:50 +0900 >Paul Wouters <[email protected]> wrote: > >> You can try esp=aes_gcm128-null which is the fastest good crypto algo >> to use but I'm not sure if that is your real problem > >I don't think that's the problem. There is some huge performance >bottleneck in kernel when running ipv6 in ipv4 with xfrm/netkey ipsec >stack. On my quick test it show exactly same type of performance >problem. > >-- >Tuomo Soini <[email protected]> >Foobar Linux services >+358 40 5240030 >Foobar Oy <http://foobar.fi/> >_______________________________________________ >Swan mailing list >[email protected] >https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
