Am 06.11.2019 um 13:03 schrieb Eugene Grosbein:
06.11.2019 18:29, Muenz, Michael wrote:
Am 06.11.2019 um 01:21 schrieb Eugene Grosbein:
06.11.2019 4:55, Muenz, Michael wrote:
These were my short results via OPNsense on 4 year old XEONs.
So its 11.2, mostly untuned and strongswan as IPsec implementation.
If you need more detailed specs just drop me a line.
https://www.routerperformance.net/comparing-opnsense-vpn-performance/
Was it strongswan in user-level IPsec processing mode or kernel-level?
Not really sure if I understand you right, encryption and ESP should run in
kernel space, only IKE packets for SA handling run in user space.
AFAIK strongswan may process all traffic in user-land via tun(4) interface for
some setups.
It differs from racoon that never processes payload by itself.
I know that for route-based IPSEC strongswan creates a tun(4) interface,
classic policy-based IPSEC is pushed via enc(4).
Strongswan itself is not really clear about this and I never used racoon.
Maybe Andrey Elsukov knows better. :)
Michael
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
