Hi Martin, Thank you very much for the reply. A few more questions.
> > I have seen this on boxes with aes-ni enabled and also disabled > > The cipher suite chosen is AES-128 > > AES-NI is quite powerful and should allow you to increase your > throughput. However, running AES in GCM mode is preferable, as using a > traditional HMAC integrity function could become the bottleneck > otherwise. > Sadly, some of the firewalls we use do not support GCM. Does AES-NI still help if we are using, say, *aes128-sha1?* > > If that doesn't help, you might consider using parallelized ESP > processing [1], allowing you to take advantage of a multi-core system. > This sounds promising. What do I need to enable this? Our kernel version is 2.6.35-25. How would I check if this is in use? Are there any gotchas of using this? Thank you very much for your support. regards, skmat. > > Regards > Martin > > [1] > https://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf > >
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
