[strongSwan] very low performance of IKEv2 ESP, please help
Martin Willi
martin at strongswan.org
Fri Oct 3 11:28:35 CEST 2014
Hi,
> Currently I am stuck with performance problem (iperf) throw IPSec
> tunnel from notebook (win8) to server, which are connected throw
> switch.
> With IPSec I get only 181Mbps, cpu load is 14%
> Here is openssl speed test for aes-128-gcm, which shows 506MBps speed:
> esp=aes128gcm8-sha256-modp1024
AFAIK at least on Windows 7 the Agile VPN Client does not support
AES-GCM. Check "ipsec statusall" for the actually negotiated proposals.
The esp= keyword has an implicit fallback proposal if you don't append
an exclamation mark, refer to the ipsec.conf manpage for details.
Most likely you are actually using AES256 with SHA1-HMAC, for which
181Mbps is in the range of what to expect.
If you need more throughput for these clients, you probably want to have
a look at the Linux pcrypt extensions to parallelize IPsec to multiple
cores.
Regards
Martin
More information about the Users
mailing list