From owner-freebsd-security  Tue Dec  4  9: 3:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38])
	by hub.freebsd.org (Postfix) with ESMTP id 6310C37B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 09:03:30 -0800 (PST)
Received: from [192.168.69.11] (unknown [192.168.69.11])
	by warez.scriptkiddie.org (Postfix) with ESMTP
	id 6FB2862D01; Tue,  4 Dec 2001 09:03:29 -0800 (PST)
Date: Tue, 4 Dec 2001 09:03:50 -0800 (PST)
From: Lamont Granquist <lamont@scriptkiddie.org>
To: Trent Tobias <tritttrott@yahoo.com>
Cc: <freebsd-security@freebsd.org>
Subject: Re: Speeding up IPSEC Gateway
In-Reply-To: <20011204124735.46928.qmail@web21206.mail.yahoo.com>
Message-ID: <20011204090242.B18024-100000@coredump.scriptkiddie.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


try a recent STABLE from yesterday or today.  someone broke TCP in 4.4 and
it only recently got fixed.  see recent threads in freebsd-hackers for
more information.

On Tue, 4 Dec 2001, Trent Tobias wrote:
> I currently have 3 IPSEC Gateways set up with
> 4.4-STABLE running on 1.5GHz machines.  It is a fully
> meshed setup (all is connected to all via IPSEC ESP
> Tunnels, using gif).
>
> All three boxes have 128kbit connections to the
> internet, but it seems like my maximum connection
> speed between my 3 local nets only reaches approx
> 30kbits/s (i use bing to determine this).
>
> I realise that encryption/decryption takes its toll in
> the kernel relaying the packets, but this slow?
>
> My only guess is that I am using the wrong parameters
> for encryption - I am using the default config for
> racoon with longer (8 hours) key lifetimes.
>
> Trent
>
> __________________________________________________
> Do You Yahoo!?
> Buy the perfect holiday gifts at Yahoo! Shopping.
> http://shopping.yahoo.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message