From owner-freebsd-stable@FreeBSD.ORG Wed Mar 18 23:02:06 2015 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C8B3B7FA for ; Wed, 18 Mar 2015 23:02:06 +0000 (UTC) Received: from alogis.com (firewall.alogis.com [212.184.102.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 585A1A94 for ; Wed, 18 Mar 2015 23:02:05 +0000 (UTC) Received: from msx3.exchange.alogis.com (msx3.exchange.alogis.com [10.1.1.26]) by alogis.com (8.13.4/8.13.1) with ESMTP id t2IMvvG0090410; Wed, 18 Mar 2015 23:57:57 +0100 (CET) (envelope-from Holger.Kipp@alogis.com) Received: from MSXCN2.exchange.alogis.com ([fe80::11b6:f5c4:b8ee:4a89]) by msx3.exchange.alogis.com ([fe80::1d83:c3db:ce3c:c06c%14]) with mapi id 14.03.0210.002; Wed, 18 Mar 2015 23:57:56 +0100 From: Holger Kipp To: Matt Smith Subject: Re: 35-40% performance drop releng9 vs releng10 openvpn Thread-Topic: 35-40% performance drop releng9 vs releng10 openvpn Thread-Index: AQHQX4EpoI3TBx1o7ECUKHQZurQGdZ0fCEqAgAORNwCAABfkgIAAFJqAgAADUgCAABWeOA== Date: Wed, 18 Mar 2015 22:57:55 +0000 Message-ID: <1002A954-F846-4B69-8326-5448B3BAB089@alogis.com> References: <5506250A.2000506@sentex.net> <20150316132055.GQ32288@funkthat.com> <5509D6C6.4050204@sentex.net> <20150318211457.GL51048@funkthat.com> <5509FC19.2020201@sentex.net>,<20150318224034.GG1271@xtaz.uk> In-Reply-To: <20150318224034.GG1271@xtaz.uk> Accept-Language: de-DE, en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: John-Mark Gurney , FreeBSD-STABLE Mailing List X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 23:02:06 -0000 Dear all, > On 18.03.2015, at 23:41, "Matt Smith" wrote: > >> On Mar 18 18:28, Mike Tancsa wrote: >>> On 3/18/2015 5:14 PM, John-Mark Gurney wrote: >>> As I've never used OpenVPN before and their docs don't go into saying >>> what it's using.. Is OpenVPN a kernel or userland VPN? Do they use >>> IPSec in the kernel? or are they just using UDP or TCP for their >>> connections? >> >> All in userland. I use UDP for the transport, and it uses OpenSSL in th= e base for the crypto. In this case, AES-128-CBC. There is no hardware as= sist on the APU either to offload the AES. > > Isn't OpenSSL in the base on releng9 the 0.9.8 version whereas in releng1= 0 it's the 1.0.1 version? This could make a significant difference. I've he= ard rumours before that the newer version is a lot slower but I've never ha= d cause to believe it. Quick search brought up https://www.stunnel.org/pipermail/stunnel-users/2013-April/004176.html so I'd second using same program versions and only change OS or vice versa = (so we aren't comparing apples to minced meat ;-) Best regards, Holger __________________________________________________________ Holger Kipp Diplom-Mathematiker Senior Consultant Tel. : +49 30 436 58 114 Fax. : +49 30 436 58 214 Mobil: +49 178 36 58 114 Email: holger.kipp@alogis.com alogis AG Alt-Moabit 90b D-10559 Berlin http://www.alogis.com __________________________________________________________ alogis AG Sitz/Registergericht: Berlin/AG Charlottenburg, HRB 71484 Vorstand: Arne Friedrichs, Joern Samuelson Aufsichtsratsvorsitzender: Reinhard Mielke