On 2006/01/19 10:39, Simon Slaytor wrote: > Stuart Henderson wrote: > >On 2006/01/19 09:38, Simon Slaytor wrote: > > > >>When comparing the two vpn solutions for speed, subjectively the OpenVPN > >>feels slightly faster > > > >If you're using compression on OpenVPN but not on IPSEC, that would > >probably explain the speed difference. > > Agreed, any idea on how the cyphers compare i.e. 3DES v Blowfish in > regard to CPU overhead?
'openssl speed' will show you on your system, but Blowfish (and AES, at least at some block sizes) are something like twice as fast when implemented in software on a standard CPU. > I was not trying to suggest that this was a like for like comparison. I > was merely trying to get the point across that OpenVPN is a viable > alternative. There are strengths and weaknesses for each, overhead is only one factor (and not such an important one in smaller setups over relatively low-speed lines). I use OpenVPN and IPSEC in different situations (and will probably start using ssh tun-forwarding for a few places I'd use OpenVPN now - though, I'll have to investigate how tcp-wrapped-in-tcp works, since it would be most useful for me over wireless networks which have a lot of packet loss).
