From owner-freebsd-security  Tue Dec  4  4:47:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web21206.mail.yahoo.com (web21206.mail.yahoo.com [216.136.175.8])
	by hub.freebsd.org (Postfix) with SMTP id 97F6037B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 04:47:35 -0800 (PST)
Message-ID: <20011204124735.46928.qmail@web21206.mail.yahoo.com>
Received: from [62.153.168.98] by web21206.mail.yahoo.com via HTTP; Tue, 04 Dec 2001 04:47:35 PST
Date: Tue, 4 Dec 2001 04:47:35 -0800 (PST)
From: Trent Tobias <tritttrott@yahoo.com>
Subject: Speeding up IPSEC Gateway
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I currently have 3 IPSEC Gateways set up with
4.4-STABLE running on 1.5GHz machines.  It is a fully
meshed setup (all is connected to all via IPSEC ESP
Tunnels, using gif).

All three boxes have 128kbit connections to the
internet, but it seems like my maximum connection
speed between my 3 local nets only reaches approx
30kbits/s (i use bing to determine this).

I realise that encryption/decryption takes its toll in
the kernel relaying the packets, but this slow?

My only guess is that I am using the wrong parameters
for encryption - I am using the default config for
racoon with longer (8 hours) key lifetimes.

Trent

__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message