Hi, It depends a little on the hardware you're using, but yes, downgrading from sha512/aes256 to sha256/aes128 will have minimal impact on performance. The TLS channel parameters have hardly any impact on actual tunnel (data channel ) performance. I'm curious what speed you're getting - can you post some iperf numbers?
HTH, JJK joh...@fastmail.com wrote: >I'm reading up on performance for different encryption types. > >On my systems I can see the differences in speed you get with running > > openssl speed ... > >In the initial OpenVpn config that I was given for the Server I'm using there's > > auth RSA-SHA512 > auth-nocache > cipher AES-256-CBC > ecdh-curve secp521r1 > tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 > >So I set my client to start with the same config. > >Everything works. > >As a simple test to increase the speed of downloads across the vpn, I dialed >down the security a little by switching both ends to > > auth RSA-SHA256 > auth-nocache > cipher AES-128-CBC > ecdh-curve secp521r1 > tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 > >But when I do a comparison of throughput, just by downloading big files over >the VPN link, I can't measure any real difference. > >Did I misunderstand how to improve performance by using lighter, smaller >crypto? Maybe missed some other settings? > >Or is it just that crypto size isn't my bottleneck? > >- John > >------------------------------------------------------------------------------ >_______________________________________________ >Openvpn-users mailing list >Openvpn-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/openvpn-users ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
