> There is a longstanding bug there that causes the ikeds to lose > synchronization. Is this bug fixed or not in 6.5?
On Wed, 9 Nov 2016 15:19:49 +0000 (UTC) Christian Weisgerber <na...@mips.inka.de> wrote: > On 2016-11-09, "Comète" <com...@daknet.org> wrote: > > > I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C > > boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get > > a > > maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, > > very > > low for an AES-NI enabled processor. > > Well, it still is a slow processor. For best performance, I'd add > "childsa enc aes-128-gcm" to the iked configuration. The default > cipher is aes-256-cbc with hmac-sha2-256, and the latter has a > noticeable performance impact. > > > And about 30 seconds after the test is > > started, I don't know why, the connection is lost and I have restart IKED > > daemon on the "passive" host. > > Every half gigabyte of transferred data, iked rekeys. There is a > longstanding bug there that causes the ikeds to lose synchronization. > They will eventually resync on their own, but it takes several > minutes. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de > -- Radek
