[strongSwan-dev] XFRM_SUB_POLICY config in kernel

SM K sacho.polo at gmail.com
Wed Apr 22 02:00:23 CEST 2015


When testing strongswan performance, we saw that the performance differed
by a lot between an ubuntu server and a centos server, with everything else
being the same. We noticed that the CONFIG_XFRM_SUB_POLICY settings on the
two kernels were different. Ubuntu had it enabled and centos had it
enabled. We disabled this on the kernel we built and got the same
performance as ubuntu server. Does anyone know when this config is
required? I am surprised that this would be enabled by default on centos if
the ipsec performance is gonna suck.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150421/c98dbf05/attachment.html>

More information about the Dev mailing list