Hi ,
To use ECDH I did the followings for Multi-Core MIPS64 processor
target
1. Cross-compiled OpenSSL 1.0.0 with ECDH support.
2. Cross-compiled strongswan (5.0.4) with
–enable-openssl,--enable-load-tester & --disable-gmp plugins.
Notes:
1. The openssl-1.0.0 with the default option generate
static lib. The strongswan uses the static openssl and crypto lib.
2. I am using the load tester plugin (strongswan
5.0.4) to create thousands of IPsec tunnels.
I installed both the packages in Wind River Linux. I configured
the following IPsec transform sets as follows
1. In conn %default section of Ipsec.conf (IKE
Responder)
ike=aes128-sha1-ecp192!
1. In load-tester section of strongswan.conf (IKE
Initiator)
proposal = aes128-sha1-ecp192
Surprisingly I find, with ECP_192, the tunnel setup rate is
very slow i.e., 3 tunnels per second. However with MODP_768 (using gmp
library), the tunnel setup rate is to be 125-130 tunnels per second. The ECDH
is supposed to be significantly faster than MODP.
Can anyone please help one this or suggest me if I might have
missed anything. Thanking you in advance for your support and help.
Regards,
Chinmaya
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
