Hi Victor, > How many IPsec VPN tunnels can strongswan handle?
I don't have much experience with upscaling our new (5.x) IKEv1 implementation in charon yet. However, it uses the same architecture as IKEv2, which can handle several ten thousand tunnels when configured properly. > What maximum speed rate can it handle in one tunnel or in all 50 tunnels for > example under Linux/FreeBSD? > I have modern Supermicro server with Xeon 3.0GHz and 4 Gig RAM I don't have much experience with FreeBSD. On Linux, by default IPsec processing runs on a single core only, which limits throughput to a few hundred MBit/s. It doesn't really matter if this is for a single or for 50 tunnels. If you need more, you might consider using AES-NI acceleration if possible, or switch to parallel crypto processing. There is a good paper about the parallelization work from Steffen Klassert with some numbers at [1]. Regards Martin [1]http://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
