[SLL] WRT54GL --> wireless to wired repeater?
Derek Simkowiak
dereks at realloc.net
Thu Dec 25 11:17:52 PST 2008
/Could it be that you guys are using different ciphers?/
OpenVPN uses SSL to handle encryption. It uses either a TAP or TUN
driver (depending on whether you want bridged mode or routed mode).
vpnc (which I think is what Jeremy was using) is the Cisco VPN
Concentrator client, and it works in a very similar fashion. Like
OpenVPN, it is a userspace application that uses the TAP driver to
establish the VPN.
The two big differences between the two apps is that (a) vpnc does
not use SSL as the protocol, and (b) OpenVPN uses the OpenSSL library
(a.k.a. libssl) but vpnc uses the GNUTLS library (a.k.a. libgcrypt).
I found one mail list post from March suggesting that GNUTLS is only
50%-75% as fast as OpenSSL:
http://www.nabble.com/benchmarking-mod_gnutls-vs-mod_ssl-td15854796.html
That might explain some of the speed difference. But that was
benchmarking SSL through Apache, so it's not a direct 1:1 comparison of
the two cipher libraries.
It could have been the cipher that was causing the difference. The
WRT54GL numbers I gave were using the default OpenVPN cipher, which is
Blowfish with a 128-bit key.
--Derek
P.S. For reference, here is the full list of ciphers supported by OpenVPN:
DES-CFB 64 bit default key (fixed)
DES-CBC 64 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
RC2-CFB 128 bit default key (variable)
RC2-OFB 128 bit default key (variable)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DES-OFB 64 bit default key (fixed)
DES-EDE-CFB 128 bit default key (fixed)
DES-EDE3-CFB 192 bit default key (fixed)
DES-EDE-OFB 128 bit default key (fixed)
DES-EDE3-OFB 192 bit default key (fixed)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
BF-CFB 128 bit default key (variable)
BF-OFB 128 bit default key (variable)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
CAST5-CFB 128 bit default key (variable)
CAST5-OFB 128 bit default key (variable)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-128-OFB 128 bit default key (fixed)
AES-128-CFB 128 bit default key (fixed)
AES-192-CBC 192 bit default key (fixed)
AES-192-OFB 192 bit default key (fixed)
AES-192-CFB 192 bit default key (fixed)
AES-256-CBC 256 bit default key (fixed)
AES-256-OFB 256 bit default key (fixed)
AES-256-CFB 256 bit default key (fixed)
AES-128-CFB1 128 bit default key (fixed)
AES-192-CFB1 192 bit default key (fixed)
AES-256-CFB1 256 bit default key (fixed)
AES-128-CFB8 128 bit default key (fixed)
AES-192-CFB8 192 bit default key (fixed)
AES-256-CFB8 256 bit default key (fixed)
DES-CFB1 64 bit default key (fixed)
DES-CFB8 64 bit default key (fixed)
Francois Caen wrote:
> On Wed, Dec 24, 2008 at 9:35 PM, Derek Simkowiak <dereks at realloc.net> wrote:
>
>> I don't know what's up with Jarod's setup, but with OpenVPN I get 8x
>> faster that him
>>
>
> Could it be that you guys are using different ciphers? That's what
> really makes a difference in ipsec performance. To get such high
> performance from such slow hardware, are you using a very weak cipher?
>
More information about the linux-list
mailing list