>From: Stuart Henderson <stu <at> spacehopper.org> >Subject: Re: openbsd / ipsec / hardware >Newsgroups: gmane.os.openbsd.misc >Date: 2012-03-31 21:39:14 GMT (1 day, 22 hours and 53 minutes ago) >On 2012-03-30, Dewey Hylton <dewey.hylton <at> gmail.com> wrote: >> i'm getting ready to implement a few new site-to-site vpns using >> openbsd, and am on the hunt for appropriate hardware. i have several >> alix (geode) and lanner (intel atom) boxes working wonderfully as >> firewalls and routers, but neither type are able to provide enough >> throughput when ipsec is added to their roles. >> >> the lanner boxes can't accept add-in cards. the alix can accept >> a minipci, and i know that soekris makes a crypto accelerator (hifn?) >> that may help - but i'm not sure that'll be enough oompf either. >> our site-to-site link will provide up to 20Mbps, but the lanner box >> is topping out at 3.3Mbps with ipsec and the alix is at 1.5Mbps. > >This seems a bit on the low side. How are you testing throughput?
i'm using a simple scp of a 100MB file. scp reports its transmission speed. and i'm comparing the same transmission of the same file between the same two hosts with and without vpn encryption. it may not be the best or most accurate measurement, but i believe it gives me the information i'm looking for.
