Re: [m0n0wall] False sense of (IPsec)urity?

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] False sense of (IPsec)urity?
Date:	Mon, 7 Nov 2005 20:42:36 -0500

On 11/5/05, Dan MacMillan <danm at emerald dash associates dot com> wrote:
>
> Be amazed.  The tunneled download ran at an average speed of 526.71 kilobytes > per second, as
reported by the Windows XP command line FTP client.  The
> untunneled download ran at 614.48 kilobytes per second.  The tunneled
> download appeared to have been only 20% slower.  This just does not seem to
> be even close to the numbers I have seen in the archives on this list.  Is my
> connection really encrypted?
>

typically what you see is people using 3DES.  For whatever reason,
even for site to site connections between m0n0walls, most people seem
to use 3DES.  Typically 3DES is the best choice for site to site
between m0n0wall and some other IPsec device, for interoperability
purposes.  For software encryption (i.e. no hardware crypto card),
Blowfish is by far the fastest.  If you switched to 3DES, you'd see a
marked decrease in throughput (and/or increase in CPU utilization).

I have no doubt it's being encrypted, assuming the settings you posted
are correct.

-Chris