Hello misc@,
first of all I have to say ipsecctl with ipsec.conf is wonderful, never
was simpler to setup a VPN.
The problem is that the speed is REALLY slow when I use the default
cipher (aes) in "quick auth" mode in ipsec.conf (see below).
Throughput is good if I use other ciphers:
Cipher Speed
aes 0.6 Mb/s
3des 33.5 Mb/s
des 44 Mb/s
cast 47 Mb/s
blowfish 47.5 Mb/s
Iperf was used for all testing.
Am I mistaken or should the aes speed be much closer that of
other ciphers? Btw. I also tried without "quick auth" stuff.
Only option I changed for testing is the line "enc CIPHER" in both
ipsec.conf files and afterwards I reloaded with:
ipsecctl -F; ipsecctl -f /etc/ipsec.conf
#------------------------------- Machine1 -------------------------------------#
#cat /etc/ipsec.conf
ike esp from any to 10.0.0.1 quick auth hmac-sha2-256 \
enc aes \
psk foobarfoobar
#ipsecctl -s all
FLOWS:
flow esp in from 10.0.0.1 to 0.0.0.0/0 peer 10.0.0.1
flow esp out from 0.0.0.0/0 to 10.0.0.1 peer 10.0.0.1
SADB:
esp tunnel from 10.0.0.2 to 10.0.0.1 spi 0x9d948ddc enc aes auth hmac-sha2-256
esp tunnel from 10.0.0.1 to 10.0.0.2 spi 0xbf2f19c2 enc aes auth hmac-sha2-256
#netstat -rnf encap
Routing tables
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
10.0.0.1/32 0 0/0 0 0 10.0.0.1/50/use/in
0/0 0 10.0.0.1/32 0 0 10.0.0.1/50/require/out
#dmesg
OpenBSD 3.9-beta (GENERIC) #601: Sun Feb 12 21:39:52 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(TM) XP 2600+ ("AuthenticAMD" 686-class, 512KB L2 cache) 1.92
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
cpu0: AMD Powernow: TS
real mem = 1073307648 (1048152K)
avail mem = 972656640 (949860K)
using 4278 buffers containing 53768192 bytes (52508K) of memory
User Kernel Config
UKC> hg;a\^H \^H\^H \^H\^H \^H\^H \^Hdiable \^H \^H\^H \^H\^H \^H\^H \^H\^H
\^Hsable auvia*
70 auvia* disabled
UKC> quit
Continuing...
mainbus0 (root)
bios0 at mainbus0: AT/286+(2d) BIOS, date 09/02/04, BIOS32 rev. 0 @ 0xf1930
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf0000/0x2012
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1f10/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C586 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xf400 0xd0000/0x6000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8377 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8235 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "NVidia GeForce4 Ti 4400" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
rl0 at pci0 dev 11 function 0 "Realtek 8139" rev 0x10: irq 10, address
00:05:5d:2c:89:51
rlphy0 at rl0 phy 0: RTL internal PHY
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 3
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 3
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 3
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 3
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
viapm0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
iic0 at viapm0
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC WD600BB-00CAA1>
wd0: 16-sector PIO, LBA, 57241MB, 117231408 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <MATSHITA, DVD-ROM SR-8583A, 0Y01> SCSI0 5/cdrom
removable
atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0: <PLEXTOR, CD-R PX-W1210A, 1.10> SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:1:1): using PIO mode 4, DMA mode 2
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask fb6d netmask ff6d ttymask ffef
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
uhidev0 at uhub0 port 1 configuration 1 interface 0
uhidev0: Logitech USB-PS/2 Optical Mouse, rev 2.00/25.00, addr 2, iclass 3/1
ums0 at uhidev0: 4 buttons and Z dir.
wsmouse0 at ums0 mux 0
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
#------------------------------- Machine2 -------------------------------------#
#cat /etc/ipsec.conf
ike esp from any to 10.0.0.2 quick auth hmac-sha2-256 \
enc aes \
psk foobarfoobar
#ipsecctl -s all
FLOWS:
flow esp in from 0.0.0.0/0 to 10.0.0.1 peer 10.0.0.2
flow esp out from 10.0.0.1 to 0.0.0.0/0 peer 10.0.0.2
SADB:
esp tunnel from 10.0.0.1 to 10.0.0.2 spi 0xbf2f19c2 enc aes auth hmac-sha2-256
esp tunnel from 10.0.0.2 to 10.0.0.1 spi 0x9d948ddc enc aes auth hmac-sha2-256
#netstat -rnf encap
Routing tables
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
0/0 0 10.0.0.1/32 0 0 10.0.0.2/50/use/in
10.0.0.1/32 0 0/0 0 0 10.0.0.2/50/require/out
#dmesg
OpenBSD 3.9-beta (GENERIC) #601: Sun Feb 12 21:39:52 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2
cache) 2.21 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD Powernow: TS FID VID TTP TM STC
cpu0: AMD Cool`n'Quiet K8 available states (38700,69600)
real mem = 2145886208 (2095592K)
avail mem = 1951961088 (1906212K)
using 4278 buffers containing 107397120 bytes (104880K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(e5) BIOS, date 06/24/05, BIOS32 rev. 0 @ 0xf1e40
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf0000/0xdf84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde40/320 (18 entries)
pcibios0: PCI Exclusive IRQs: 3 5 11
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00)
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc0000/0xd000 0xd0000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA K8T890 Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA K8T890 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA K8T890 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA K8T890 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA K8T890 Host" rev 0x00
"VIA K8T890 IOAPIC" rev 0x00 at pci0 dev 0 function 5 not configured
pchb5 at pci0 dev 0 function 7 "VIA K8T890 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci0 dev 2 function 0 "VIA K8T890 PCI-PCI" rev 0x00
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 "ATI Radeon X600 (RV380)" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"ATI Radeon X600 (RV380) Sec" rev 0x00 at pci2 dev 0 function 1 not configured
ppb2 at pci0 dev 3 function 0 "VIA K8T890 PCI-PCI" rev 0x00
pci3 at ppb2 bus 3
ppb3 at pci0 dev 3 function 1 "VIA K8T890 PCI-PCI" rev 0x00
pci4 at ppb3 bus 4
ppb4 at pci0 dev 3 function 2 "VIA K8T890 PCI-PCI" rev 0x00
pci5 at ppb4 bus 5
skc0 at pci5 dev 0 function 0 "Marvell Yukon 88E8053" rev 0x15, Marvell Yukon-2
EC rev. A3 (0x2): irq 3
sk port A at skc0 not configured
ppb5 at pci0 dev 3 function 3 "VIA K8T890 PCI-PCI" rev 0x00
pci6 at ppb5 bus 6
fxp0 at pci0 dev 12 function 0 "Intel 8255x" rev 0x08, i82559: irq 5, address
00:90:27:8e:61:99
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
xl0 at pci0 dev 13 function 0 "3Com 3c900 10Mbps-Combo" rev 0x00: irq 11,
address 00:60:08:ab:c8:f9
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using irq 11 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0: <WDC WD800JB-00JJC0>
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd1 at pciide1 channel 0 drive 1: <WDC WD600BB-00CAA1>
wd1: 16-sector PIO, LBA, 57241MB, 117231408 sectors
wd0(pciide1:0:0): using PIO mode 4, DMA mode 2
wd1(pciide1:0:1): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide1 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <AOpen, DVD-1640 PRO, 1.24> SCSI0 5/cdrom
removable
atapiscsi1 at pciide1 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0: <HL-DT-ST, DVDRAM GSA-4082B, A209> SCSI0 5/cdrom
removable
cd0(pciide1:1:0): using PIO mode 4, DMA mode 2
cd1(pciide1:1:1): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x81: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x81: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x81: irq 5
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 "VIA VT83C572 USB" rev 0x81: irq 5
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 "VIA VT6202 USB" rev 0x86: irq 11
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
viapm0 at pci0 dev 17 function 0 "VIA VT8237 ISA" rev 0x00
iic0 at viapm0
lm1 at iic0 addr 0x2f: W83791SD
pchb6 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb7 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb8 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb9 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
lm0 at isa0 port 0x290/8: unknown Winbond chip (ID 0x88)
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ff65 netmask ff6d ttymask ffef
pctr: user-level cycle counter enabled
uhub5 at uhub4 port 3
uhub5: Standard Microsystems product 0xa700, rev 2.00/0.00, addr 2
uhub5: 3 ports with 3 removable, bus powered, multiple transaction translators
uhidev0 at uhub0 port 1 configuration 1 interface 0uaudio0 at uhub1 port 2
configuration 1 interface 0: Creative Technology Ltd SB Audigy 2 NX, rev
1.10/1.00, addr 2
uhidev0: Logitech USB-PS/2 Optical Mouse, rev 2.00/13.20, addr 2, iclass 3/1
ums0 at uhidev0: 4 buttons and Z dir.
wsmouse0 at ums0 mux 0
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: ignored audio interface with 2 endpoints
uaudio0: audio rev 1.00, 19 mixer controls
audio0 at uaudio0
uhub6 at uhub0 port 2
uhub6: Lite-On Technology USB 1.1 2port downstream low power hub, rev
1.10/1.00, addr 3
uhub6: 3 ports with 2 removable, bus powered
uhidev1 at uhub6 port 1 configuration 1 interface 0
uhidev1: Lite-On Technology USB Productivity Option Keyboard( has the hub in #
1 ), rev 1.10/1.00, addr 4, iclass 3/1
ukbd0 at uhidev1: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev2 at uhub6 port 1 configuration 1 interface 1
uhidev2: Lite-On Technology USB Productivity Option Keyboard( has the hub in #
1 ), rev 1.10/1.00, addr 4, iclass 3/0
uhidev2: 3 report ids
uhid0 at uhidev2 reportid 3: input=3, output=0, feature=0
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Hope somebody knows what the problem might be.
Regards,
ahb
