[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Soekris net4801 + vpn1411 combo
 Date:  Fri, 14 Oct 2005 12:04:52 -0400
On 10/14/05, James W. McKeand <james at mckeand dot biz> wrote:
> Have the throughput issues with the net4801 and vpn1411 been resolved?
> The issues were reported in a throughput test done by Manuel over a year
> ago (I think). Would this be a viable, good performance combination? I
> maybe expanding a VPN for a client (currently using Linksys gear)

If they're currently using *Linksys* gear, do you really need a crypto
accelerator, especially on a 4801?

Assuming you're talking about VPN over the Internet, a 4801 without a
crypto card tested at (in Mbps):

3DES-MD5:               3.85 / 3.76
3DES-SHA1:              3.19 / 3.17
Blowfish-MD5:           7.74 / 7.90
Blowfish-SHA1:          5.65 / 5.71
CAST128-MD5:            7.65 / 7.63
CAST128-SHA1:           5.61 / 5.56
AES128-MD5:             7.11 / 7.26
AES128-SHA1:            5.26 / 5.33

The vpn1411 tested slower than that on 3DES (only thing supported by
the card).

Especially if you have VPN client software that supports AES or
Blowfish, you can likely do without, unless we're talking about a big
fat Internet pipe.

Sorry I can't answer your original question at the moment (though I do
have a vpn1411 and a 4801 I could test, and will be doing so
eventually, I don't have the time right now).

-Chris