Date: Wed, 7 Nov 2001 16:38:46 +1000 From: Nick Slager <ns@BlueSkyFrog.COM> To: freebsd-security@freebsd.org Subject: KAME IPsec on low-end hardware Message-ID: <20011107163846.H25762@BlueSkyFrog.COM>
next in thread | raw e-mail | index | archive | help
Just set up my first IPsec link between two 4.4-REL boxes. They are connected thusly: IPsec Linux IPsec Box 1 ----- router box ----- Box 2 192.168.1.1 192.168.2.1 This is all set up on a 100mb ethernet LAN. When pinging the box with the IPsec link active, I'm getting suboptimal response times: box1 ~ % ping box2 PING box2.internal (192.168.2.1): 56 data bytes 64 bytes from 192.168.2.1: icmp_seq=0 ttl=63 time=35.338 ms 64 bytes from 192.168.2.1: icmp_seq=1 ttl=63 time=34.032 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=63 time=33.999 ms With IPsec not active, response times are "normal" (~ 0.5ms) I'm guessing these high response times are due to the low end hardware in use. Box 1 is a 486DX4/100; Box 2 is a P90 (no laughing please!). Would this assumption be correct? Regards, Nick -- Excuse of the day: Look, buddy: Windows 3.1 IS A General Protection Fault. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011107163846.H25762>