Differences

This shows you the differences between two versions of the page.

doc:howto:vpn.ipsec.basics [2013/10/28 08:28]
lorema
doc:howto:vpn.ipsec.basics [2014/03/23 07:07] (current)
jaf323
Line 283: Line 283:
===== Hardware performance ===== ===== Hardware performance =====
-In the times of broadband internet connections encryption and decryption speed of routers can limit throughput of VPN tunnels. CPU utilization maxes out at 100 percent and impacts other services of the device like a web server. If you really want to go with a self made IPsec VPN on a cheap router you should consider some facts+In the times of broadband internet connections encryption and decryption speed of SOME low-end routers can limit throughput of VPN tunnels. CPU utilization can max out at 100 percent and impacts other services of the device like a web server. FOR REFERENCE: Strongswan will run just FINE on a WNDR3700 (MIPS 680 Mhz, 64 Mb RAM). If your router is underpowered, here are some other options:
  * Older firewall devices with hardware accelerated VPN are sold for a few bucks on Ebay. Juniper Netscreen 5GT for example can easily reach a VPN throughput of 20 MBit/sec. Downside is that firmware updates are only possible with a Juniper support contract. So check twice for a bargain.   * Older firewall devices with hardware accelerated VPN are sold for a few bucks on Ebay. Juniper Netscreen 5GT for example can easily reach a VPN throughput of 20 MBit/sec. Downside is that firmware updates are only possible with a Juniper support contract. So check twice for a bargain.
Line 350: Line 350:
After the basic setup you should continue with the [[vpn.ipsec.firewall|firewall modifications]]. After the basic setup you should continue with the [[vpn.ipsec.firewall|firewall modifications]].
 +
 +===== Current Issues =====
 +The latest trunk includes Strongswan 5.1.1-1. It will compile if you remove curl, but will not run due to a module loading issue.
 +One workaround is to configure the charon.load string in strongswan.conf, which explicitly loads the modules you want/need.
 +
 +Example:
 +<code>
 +Charon {
 +  load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default updown attr farp dhcp
 +....
 +</code>
===== Tag ===== ===== Tag =====
{{tag>crypto}} {{tag>crypto}}
 +

Back to top

doc/howto/vpn.ipsec.basics.1382945336.txt.bz2 · Last modified: 2013/10/28 08:28 by lorema