<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:10pt"><div>$grep pcrypt /proc/crypto </div><div>this command could show something like:</div><div><span style="font-family: Arial, FreeSans, Helvetica, sans-serif; line-height: 17.000099182128906px;">driver : pcrypt(authenc(hmac(sha1-generic),cbc-aes-aesni))</span><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">if not enabled, you could try:</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue',
Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><span style="font-family: Arial, FreeSans, Helvetica, sans-serif; line-height: 17.000099182128906px;">$modprobe tcrypt alg="pcrypt(authenc(hmac(sha1),cbc(aes)))" type=3</span><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;">there may be an error and you can ignore it, if the above command hangs, just ctrl-c and should be good to go.</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color:
transparent; font-style: normal;">- Naveen</div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; background-color: transparent; font-style: normal;"><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 10pt;"> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 12pt;"> <div dir="ltr"> <font size="2" face="Arial"> On Monday, March 31, 2014 6:52 PM, SM K <sacho.polo@gmail.com> wrote:<br> </font> </div> <div class="y_msg_container"><div id="yiv9631463719"><div><div dir="ltr">Hi Martin,<div><br clear="none"></div><div>Thank you very much for the reply. A few more questions.</div><div><br clear="none"></div><div class="yiv9631463719gmail_extra"><div
class="yiv9631463719gmail_quote"><blockquote class="yiv9631463719gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">
<div class="yiv9631463719"><br clear="none">
> I have seen this on boxes with aes-ni enabled and also disabled<br clear="none">
</div><div class="yiv9631463719">> The cipher suite chosen is AES-128<br clear="none">
<br clear="none">
</div>AES-NI is quite powerful and should allow you to increase your<br clear="none">
throughput. However, running AES in GCM mode is preferable, as using a<br clear="none">
traditional HMAC integrity function could become the bottleneck<br clear="none">
otherwise.<br clear="none"></blockquote><div>Sadly, some of the firewalls we use do not support GCM. Does AES-NI still help if we are using, say, <b>aes128-sha1?</b></div>
<div> </div><blockquote class="yiv9631463719gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">
<br clear="none">
If that doesn't help, you might consider using parallelized ESP<br clear="none">
processing [1], allowing you to take advantage of a multi-core system.<br clear="none"></blockquote><div><br clear="none"></div><div>This sounds promising. What do I need to enable this? Our kernel version is 2.6.35-25. How would I check if this is in use?</div>
<div>Are there any gotchas of using this?</div><div><br clear="none"></div><div>Thank you very much for your support.</div><div><br clear="none"></div><div>regards,</div><div>skmat.</div><div class="yiv9631463719yqt3213810066" id="yiv9631463719yqtfd64475"><div> </div><blockquote class="yiv9631463719gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex;">
<br clear="none">
Regards<br clear="none">
Martin<br clear="none">
<br clear="none">
[1]<a rel="nofollow" shape="rect" target="_blank" href="https://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf">https://www.strongswan.org/docs/Steffen_Klassert_Parallelizing_IPsec.pdf</a><br clear="none">
<br clear="none">
</blockquote></div></div><div class="yiv9631463719yqt3213810066" id="yiv9631463719yqtfd00287"><br clear="none"></div></div></div></div></div><br><div class="yqt3213810066" id="yqtfd31241">_______________________________________________<br clear="none">Users mailing list<br clear="none"><a shape="rect" ymailto="mailto:Users@lists.strongswan.org" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br clear="none"><a shape="rect" href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a></div><br><br></div> </div> </div> </div> </div></body></html>