Date: Wed, 18 Mar 2015 22:40:34 +0000 From: Matt Smith <fbsd@xtaz.co.uk> To: Mike Tancsa <mike@sentex.net> Cc: John-Mark Gurney <jmg@funkthat.com>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: Re: 35-40% performance drop releng9 vs releng10 openvpn Message-ID: <20150318224034.GG1271@xtaz.uk> In-Reply-To: <5509FC19.2020201@sentex.net> References: <5506250A.2000506@sentex.net> <20150316132055.GQ32288@funkthat.com> <5509D6C6.4050204@sentex.net> <20150318211457.GL51048@funkthat.com> <5509FC19.2020201@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 18 18:28, Mike Tancsa wrote: >On 3/18/2015 5:14 PM, John-Mark Gurney wrote: >>As I've never used OpenVPN before and their docs don't go into saying >>what it's using.. Is OpenVPN a kernel or userland VPN? Do they use >>IPSec in the kernel? or are they just using UDP or TCP for their >>connections? > >All in userland. I use UDP for the transport, and it uses OpenSSL in >the base for the crypto. In this case, AES-128-CBC. There is no >hardware assist on the APU either to offload the AES. > Isn't OpenSSL in the base on releng9 the 0.9.8 version whereas in releng10 it's the 1.0.1 version? This could make a significant difference. I've heard rumours before that the newer version is a lot slower but I've never had cause to believe it. It could be worth installing OpenSSL from the ports system on the releng9 box and reinstalling OpenVPN so that it links against it. Then they will both be on 1.0.1. Could be an interesting test? -- Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150318224034.GG1271>