Home » Mailing list archives » openbsd-misc » 2007 » November » 8

Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Todd T. Fries <openbsd@...>
To: Chris Bullock <cgbullock@...>
Cc: <misc@...>
Subject: Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA
Date: Wednesday, November 7, 2007 - 8:09 pm

isakmpd does not do the crypto processing of the actual IPSec tunnels, it

only does the ike negotiations.


Presuming you want to use aes-128, `openssl speed aes' shows that a 1ghz

system that is running 'vi' to type this message is capable of (at the

lowest end) 27mbyte per second.


I think you should do your own tests but it looks like you'd have to stoop

pretty low to not be able to handle 5mbit.


Thanks,

--

Todd Fries .. todd@fries.net


 _____________________________________________

|                                             \  1.636.410.0632 (voice)

| Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)

| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)

| "..in support of free software solutions."  \          250797 (FWD)

|                                             \

 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


              37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A

                        http://todd.fries.net/pgp.txt


Penned by Chris Bullock on 20071105 19:14.17, we have:

| Some say that isakmpd is resource intensive.  What is the recommended

| hardware for a 5mb full duplex optical Internet connection that is doing

| nothing but VPN.

| Regards,

| Chris

|

| On 11/4/07, Chris Bullock  wrote:

| >

| > We have been using OpenBSD my entire IT career, 5 1/2 years, I like the

| > way its easy to roll out, configure and the cost the most.

| >

| > I would like an honest opinion of the group.  We have customers that

| > maintain their own firewalls and VPNs and it appears to us that that those

| > sites seem to transmit data quicker than the sites that we maintain with

| > OpenBSD firewalls and VPNs, assuming identical bandwidth.  We have an

| > OpenBSD VPN/firewall at our main site, so realistically, all of our data

| > does transpose OpenBSD before it ultimately hits our network.

| >

| > My question is should I consider a non OpenBSD solutions, ie Cisco devs or

| > should I attempt to tweak my existing boxes?

| > Regards,

| > Chris
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
OpenBSD isakmpd and pf vs Cisco PIX or ASA, Chris Bullock, (Sun Nov 4, 8:09 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Karsten McMinn, (Wed Nov 7, 8:50 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Chris Bullock, (Mon Nov 5, 8:14 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Todd T. Fries, (Wed Nov 7, 8:09 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Cabillot Julien, (Sun Nov 4, 8:29 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Martin Toft, (Mon Nov 5, 2:23 am)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Brian A Seklecki (Mobile)..., (Mon Nov 5, 3:26 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Matthew Dempsky, (Thu Apr 10, 3:52 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Reyk Floeter, (Thu Apr 10, 6:27 am)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Rod Whitworth, (Thu Apr 10, 7:29 am)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Claudio Jeker, (Thu Apr 10, 7:04 am)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, Prabhu Gurumurthy, (Wed Nov 7, 9:34 pm)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, José Costa, (Fri Apr 11, 7:32 am)
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA, RW, (Mon Nov 5, 5:23 pm)