From owner-freebsd-stable@FreeBSD.ORG  Wed Mar 18 22:40:39 2015
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4695E489
 for <freebsd-stable@freebsd.org>; Wed, 18 Mar 2015 22:40:39 +0000 (UTC)
Received: from mail.xtaz.uk (tao.xtaz.uk [IPv6:2001:8b0:202::10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 085287FA
 for <freebsd-stable@freebsd.org>; Wed, 18 Mar 2015 22:40:38 +0000 (UTC)
Received: by mail.xtaz.uk (Postfix, from userid 1001)
 id 230B2209AF1D; Wed, 18 Mar 2015 22:40:34 +0000 (GMT)
Date: Wed, 18 Mar 2015 22:40:34 +0000
From: Matt Smith <fbsd@xtaz.co.uk>
To: Mike Tancsa <mike@sentex.net>
Subject: Re: 35-40% performance drop releng9 vs releng10 openvpn
Message-ID: <20150318224034.GG1271@xtaz.uk>
Mail-Followup-To: Matt Smith <fbsd@xtaz.co.uk>,
 Mike Tancsa <mike@sentex.net>, John-Mark Gurney <jmg@funkthat.com>,
 FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
References: <5506250A.2000506@sentex.net> <20150316132055.GQ32288@funkthat.com>
 <5509D6C6.4050204@sentex.net> <20150318211457.GL51048@funkthat.com>
 <5509FC19.2020201@sentex.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <5509FC19.2020201@sentex.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: John-Mark Gurney <jmg@funkthat.com>,
 FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2015 22:40:39 -0000

On Mar 18 18:28, Mike Tancsa wrote:
>On 3/18/2015 5:14 PM, John-Mark Gurney wrote:
>>As I've never used OpenVPN before and their docs don't go into saying
>>what it's using.. Is OpenVPN a kernel or userland VPN?  Do they use
>>IPSec in the kernel? or are they just using UDP or TCP for their
>>connections?
>
>All in userland.  I use UDP for the transport, and it uses OpenSSL in 
>the base for the crypto.  In this case, AES-128-CBC.  There is no 
>hardware assist on the APU either to offload the AES.
>

Isn't OpenSSL in the base on releng9 the 0.9.8 version whereas in 
releng10 it's the 1.0.1 version? This could make a significant 
difference. I've heard rumours before that the newer version is a lot 
slower but I've never had cause to believe it.

It could be worth installing OpenSSL from the ports system on the 
releng9 box and reinstalling OpenVPN so that it links against it. Then 
they will both be on 1.0.1. Could be an interesting test?

-- 
Matt