Thank you for your reply Martin,
The esp= keyword has an implicit fallback proposal if you don't append
an exclamation mark, refer to the ipsec.conf manpage for details.
I feel silly right now, this was my mistake as I already saw this on
manpage.
Most likely you are actually using AES256 with SHA1-HMAC, for which
181Mbps is in the range of what to expect.
You are absolutely right, and looks like Win8 also does not support
AES-GCM.
Anyway, with AES_CBC_128 I have quite similar results, about 205Mbps.
If you need more throughput for these clients, you probably want to
have
a look at the Linux pcrypt extensions to parallelize IPsec to multiple
cores.
Thanks, I have already saw Steffen Klassert document. At the moment I
want to get max performance from one core.
I really want to understand, what is limiting factor in this particular
case. My server can handle 600Mbps unencrypted traffic using one core,
encryption of aes-128-cbc can achieve 405MBps also with one core (at
least with OpenSSL library). Why I get only 181Mbps while core load is
only 14%.
Most important thing to me is to understand whole picture. Can you point
me to right direction for future reading?
Also, how to check what crypto library strongswan currently use. Maybe
switching to newer kernel would help, my current kernel is v2.6.32.
Thank you in advance
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
