isakmpd does not do the crypto processing of the actual IPSec tunnels, it
only does the ike negotiations.
Presuming you want to use aes-128, `openssl speed aes' shows that a 1ghz
system that is running 'vi' to type this message is capable of (at the
lowest end) 27mbyte per second.
I think you should do your own tests but it looks like you'd have to stoop
pretty low to not be able to handle 5mbit.
Thanks,
--
Todd Fries .. todd@fries.net
_____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| "..in support of free software solutions." \ 250797 (FWD)
| \
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
Penned by Chris Bullock on 20071105 19:14.17, we have:
| Some say that isakmpd is resource intensive. What is the recommended
| hardware for a 5mb full duplex optical Internet connection that is doing
| nothing but VPN.
| Regards,
| Chris
|
| On 11/4/07, Chris Bullock <cgbullock@gmail.com> wrote:
| >
| > We have been using OpenBSD my entire IT career, 5 1/2 years, I like the
| > way its easy to roll out, configure and the cost the most.
| >
| > I would like an honest opinion of the group. We have customers that
| > maintain their own firewalls and VPNs and it appears to us that that those
| > sites seem to transmit data quicker than the sites that we maintain with
| > OpenBSD firewalls and VPNs, assuming identical bandwidth. We have an
| > OpenBSD VPN/firewall at our main site, so realistically, all of our data
| > does transpose OpenBSD before it ultimately hits our network.
| >
| > My question is should I consider a non OpenBSD solutions, ie Cisco devs or
| > should I attempt to tweak my existing boxes?
| > Regards,
| > Chris
