Date: Wed, 07 Nov 2001 08:20:36 -0600 From: Eric Anderson <anderson@centtech.com> To: Nick Slager <ns@blueskyfrog.com> Cc: Darren Reed <avalon@cairo.anu.edu.au>, freebsd-security@freebsd.org Subject: Re: KAME IPsec on low-end hardware Message-ID: <3BE94334.488CC3A8@centtech.com> References: <20011107163846.H25762@BlueSkyFrog.COM> <200111070830.fA78Uu0W029670@cairo.anu.edu.au> <20011107223149.A31603@BlueSkyFrog.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
I have done many experiments with this, and never seen over 10ms ping times, using 2 486-133's to do the ipsec tunneling.. sounds like maybe something isn't set up just right.. ping every IP you know of, and see if anything else has high ping times, also, if there are multiple IP's on the ipsec boxes, try pinging from each of those to see how it turns out.. try turning encryption off, just using a tunnel.. anyway, I'm using blowfish (which seems to be one of the slowest) and still get sub 10ms ping times (usually 5-8ms). Eric Nick Slager wrote: > > Thus spake Darren Reed (avalon@cairo.anu.edu.au): > > > > 64 bytes from 192.168.2.1: icmp_seq=1 ttl=63 time=34.032 ms > > > 64 bytes from 192.168.2.1: icmp_seq=2 ttl=63 time=33.999 ms > > > > > > With IPsec not active, response times are "normal" (~ 0.5ms) > > > > That doesn't sound normal to me. > > > > I've been using IPsec on a OpenBSD/sparc (IPX) box which is > > definately not faster than either the DX4/100 or P90 and my > > ping times are still in the 3-5 ms range to a NetBSD/Celeron-533. > > In the absence of IPsec, ping times are sub-1ms. These are > > on the same LAN (no router between them), however. That is > > using DES-MD5. > > Hmmm, odd. I've just changed the encryption/hash to DES/MD5. > No change in response times. > > I will take the router box out of the loop tomorrow and > see how things go, but don't think that's the problem. > > Nick > > -- > Excuse of the day: > Password is too complex to decrypt > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology No single raindrop believes it is to blame for the flood. ------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BE94334.488CC3A8>