Hello, Waiting for a feedback on this.
Thanks, Shahreen On 17.07.2014 14:23, Shahreen Ahmed wrote:
Hi all, I am trying to use aes-gcm crypto algorithm in my setup where the cpu has 'aes' instruction enabled and the relevant drivers are loaded: lsmod | grep -e aes -e gcm gcm 10857 0 aesni_intel 12915 4 cryptd 8006 4 ghash_clmulni_intel,aesni_intel aes_x86_64 7961 1 aesni_intel aes_generic 27609 2 aesni_intel,aes_x86_64 I compiled Strongswan with --enable-gcm and added the 'gcm' plugin in the strongswan.conf file. If I use 'aes128gcm8' as 'esp' in ipsec.conf I get poor performance (60% less throughput on UDP traffic) than using only 'aes128'. My question is : 1) with only 'aes128' what integrity algo does it actually use? 2) To enable and use 'aes128gcm8' effectively (as expecting better throughput) do I need to take any extra steps than the above? I tried with using PRF for GCM resulting no improvement. Thanks, Shahreen
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
