[Soekris] Elan performance for ipsec without hifn chip
Francisco Perez Botella
paco.perez at securitydata.es
Fri Sep 13 11:50:58 UTC 2002
El Vie 13 Sep 2002 04:55, bars at code.qc.ca escribió:
> Sorry if this has been discussed before. I've read some of the archives and
> haven't found an answer.
> Does the Elan has enough power to drive say 4-5 ipsec tunnels under
> frees/wan? Max bandwidth would be 2mbps.
Well It depends the services you will run on the board. The main reason we
developed drivers for VPN1201/VPN1211 was to offload the cpu resources, get
more trhougthput too. The cost of the cards is aceptable anyway. So, if you
try to run a DNScache, proxy/content filter, and for example Snort, in a Lan
environment of let's say 40 fury users, you better bet on crypto card, you
will get more power on your board
> Do I absolutely need a hifn adapter? Has anybody successfully integrated
> the new hifn support code with frees/wan?
Yes we has. results on bandwith were as expected, but the more happy results
were with CPU load
> ( I know that openbsd has great support for the hifn adapters, but I am
> more familiar with linux, freeswan, iptables, qos et al than with openbsd.
> I wish I had more time to learn...)
> I was also considering one of those fanless via eden mini-itx boards, but I
> thought they were a bit of an overkill, unless you need a printer port,
> naturally ;-)
Just a note. I've seen no changes on Soekris web page to reflect the new
driver, and a lot of old news.
Soren !! I think you definitely need a web-master ;-)
Francisco Perez Botella Director Ingenieria
Security Data S.L.
Elche Parque Industrial Ramon y Cajal, 5
03220 TORRELLANO (ELX) ALICANTE-SPAIN
Tel: +34 902 195 837 : Fax: +34 902 195 835
Email: paco.perez at securitydata.es
More information about the Soekris-tech