Hi,
To use ECDH (for enhanced setup rate), I did the followings
for Multi-Core MIPS64 processor target
1.
Cross-compiled OpenSSL 1.0.0 with ECDH support.
2.
Cross-compiled strongswan (5.0.4) with –enable-openssl,--enable-load-tester &
--disable-gmp
plugins.
I installed both the packages in Linux. I have configured the
followings
1. In conn %default section of Ipsec.conf (IKE Responder)
ike=aes128-sha1-ecp192!
2. In
load-tester section of strongswan.conf (IKE Initiator)
proposal = aes128-sha1-ecp192
I find, with ECP_192, the tunnel setup rate is very slow
i.e., 35-37 (approx.) tunnels per second. However with MODP_768 (using gmp
library), the tunnel setup rate is to be 125-130 tunnels per second. What I
understand, the ECDH is faster than MODP. Can anyone please suggest me if I am
missing
anything?. Thanking you in advance for your support and help.
Regards,
Chinmaya
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
