Typically 3DES is the best choice for site to site
> between m0n0wall and some other IPsec device, for interoperability
> purposes. For software encryption (i.e. no hardware crypto card),
> Blowfish is by far the fastest. If you switched to 3DES, you'd see a
> marked decrease in throughput (and/or increase in CPU utilization).
I researched on this area for sometime. I have made some testing using
site-to-site tunnels, and for sure, blowfish is the best relation
between throughput and CPU utilization. Other things that is very
interesting is that with blowfish, no matter what the the key size is,
it works faster than other algorithims in software and in hardware(using
same specs hardware) with the same key size.
But people does not use it very much because it is not the NIST