From owner-freebsd-security Tue Nov 6 22:38:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from blue.blueskyfrog.com (blue.blueskyfrog.com [203.185.223.22]) by hub.freebsd.org (Postfix) with ESMTP id C30E637B405 for ; Tue, 6 Nov 2001 22:38:48 -0800 (PST) Received: from gold.internal.blueskyfrog.com ([192.168.121.34]) by blue.blueskyfrog.com with esmtp (Exim 3.12 #1 (Debian)) id 161MMI-0007ME-00 for ; Wed, 07 Nov 2001 16:38:46 +1000 Received: from ns by gold.internal.blueskyfrog.com with local (Exim 3.12 #1 (Debian)) id 161MMI-0007jm-00 for ; Wed, 07 Nov 2001 16:38:46 +1000 Date: Wed, 7 Nov 2001 16:38:46 +1000 From: Nick Slager To: freebsd-security@freebsd.org Subject: KAME IPsec on low-end hardware Message-ID: <20011107163846.H25762@BlueSkyFrog.COM> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Homer: Whoohooooooo! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just set up my first IPsec link between two 4.4-REL boxes. They are connected thusly: IPsec Linux IPsec Box 1 ----- router box ----- Box 2 192.168.1.1 192.168.2.1 This is all set up on a 100mb ethernet LAN. When pinging the box with the IPsec link active, I'm getting suboptimal response times: box1 ~ % ping box2 PING box2.internal (192.168.2.1): 56 data bytes 64 bytes from 192.168.2.1: icmp_seq=0 ttl=63 time=35.338 ms 64 bytes from 192.168.2.1: icmp_seq=1 ttl=63 time=34.032 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=63 time=33.999 ms With IPsec not active, response times are "normal" (~ 0.5ms) I'm guessing these high response times are due to the low end hardware in use. Box 1 is a 486DX4/100; Box 2 is a P90 (no laughing please!). Would this assumption be correct? Regards, Nick -- Excuse of the day: Look, buddy: Windows 3.1 IS A General Protection Fault. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message