R: [leaf-user] Wrap and openvpn with TLS. PLZ HELP me!
I think you have right!! After some minutes(!) and a lot of failing handshakes, connection was established! The problems is now performance. I need a crypto tunnel with a speed higher than 14.400 Mbits/s end not 5-6 Mbits/s (max I achieved). Probably this can be obtained with an HW crypto engine, but at this point costs are similar to a custom pentium celeron PC. Do you know some other alternatives?? Many, many thanks Ciao Gianni > -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Per conto di Erich Titl > Inviato: giovedì 14 ottobre 2004 17.17 > A: Mailing Lists; [EMAIL PROTECTED] > Oggetto: Re: [leaf-user] Wrap and openvpn with TLS. PLZ HELP me! > > Gianni > > At 15:33 14.10.2004 +0200, Mailing Lists wrote: > >Hi, I'm trying to build an openvpn tunnel with TLS encryption on my > >pcengines WRAP.1D > > > >I follow instructions found on examples on openvpn site. > >Now, example 1 (tunnel without encryption) works, example 2 (tunnel > >with static key encryption) works too, but example 3 (tunnel > with TLS > >encryption) do not!! There was a TLS error on handshake! > > > >If I put my compact-flash card into an old PII 64Mb pc the > tunnel goes > >up without any problem! > > > >I DO NOT CHANGE ANY BIT on the CF!! > > Timing maybe, the wrap is not that fast when it comes to > crypto stuff. Do you have any debugging info from openvpn? > > cheers > Erich > > THINK > Püntenstrasse 39 > 8143 Stallikon > mailto:[EMAIL PROTECTED] > PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 > > > > > --- > This SF.net email is sponsored by: IT Product Guide on > ITManagersJournal Use IT products in your business? Tell us > what you think of them. Give us Your Opinions, Get Free > ThinkGeek Gift Certificates! Click to find out more > http://productguide.itmanagersjournal.com/guidepromo.tmpl > -- > -- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: R: [leaf-user] Wrap and openvpn with TLS. PLZ HELP me!
At 13:32 18.10.2004 +0200, you wrote: >I think you have right!! >After some minutes(!) and a lot of failing handshakes, M why does it fail? >connection was >established! > >The problems is now performance. I need a crypto tunnel with a speed higher >than 14.400 Mbits/s end not 5-6 Mbits/s (max I achieved). > >Probably this can be obtained with an HW crypto engine, but at this point >costs are similar to a custom pentium celeron PC. > >Do you know some other alternatives?? I am surprised it takes so much time, I am building IPSEC tunnels all the time with the WRAP board (using a derivative of Bering 1.2) and never have delays. I would check the handshake and see if you have packet loss. Else it may be possible that the crypto stuff used by openvpn is not as well suited as the IPSEC implementation. Using AES should allow you to come close to 100Mb I believe the crypto board is around USD 100.- I never tested it, my tunnels go through the internet, so I never have sufficient bandwidth to saturate the WRAP. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
R: R: [leaf-user] Wrap and openvpn with TLS. PLZ HELP me!
> M why does it fail? > > should allow you to come close to 100Mb > 100Mb??? I connected wrap to a celeron pc with a cross cable. Then I set up these boards as routers for two different nets. Here is what i obtain with a ftp tarnsfer between two pc conncted to this routers: A = pc behind wrap B = pc behind celeron Putting a file (100Mb) from A to B (i.e. traffic flow A->B) 540 Kbytes/sec with TLS tunnel, 926 Kbytes/sec with a tunnel without encryption, 6300 Kbytes/sec (50Mbits/sec )with "route only" (no tunnel). Getting the same file from A to B (i.e. traffic flow B->A) 825 Kbytes/sec with TLS tunnel, 1700 Kbytes/sec with tunnel without encription, 6200 Kbytes/sec pure routing. The differences between putting and getting are probably(?) due to the fact that encrypting is harder than decrypting, so celeron works better than geode. Exchanging wrap board with a P4 do the same work in 8500Kbytes/sec10900Kbytes/sec10900Kbytes/sec (put) and 4300Kbytes/sec10900Kbytes/sec10900Kbytes/sec (get) An epia (Sis550) test board is slower than wrap, but there are no problems in TLS negotiation. Gianni --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
R: R: R: [leaf-user] Wrap and openvpn with TLS. PLZ HELP me!
The only thing I can tell you is that openvpn uses openssl libraries Ciao Gianni > -Messaggio originale- > Da: Erich Titl [mailto:[EMAIL PROTECTED] > Inviato: lunedì 18 ottobre 2004 16.08 > A: Mailing Lists > Oggetto: Re: R: R: [leaf-user] Wrap and openvpn with TLS. PLZ HELP me! > > At 15:01 18.10.2004 +0200, you wrote: > > > >> M why does it fail? > > > >> > >> should allow you to come close to 100Mb > >> > >100Mb??? > >I connected wrap to a celeron pc with a cross cable. Then I set up > >these boards as routers for two different nets. > >Here is what i obtain with a ftp tarnsfer between two pc conncted to > >this > >routers: > > > >A = pc behind wrap > >B = pc behind celeron > > > >Putting a file (100Mb) from A to B (i.e. traffic flow A->B) 540 > >Kbytes/sec with TLS tunnel, 926 Kbytes/sec with a tunnel without > >encryption, 6300 Kbytes/sec (50Mbits/sec )with "route only" > (no tunnel). > > > >Getting the same file from A to B (i.e. traffic flow B->A) 825 > >Kbytes/sec with TLS tunnel, 1700 Kbytes/sec with tunnel without > >encription, 6200 Kbytes/sec pure routing. > > OK one would guess this is the crypto overhead. What crypto > algorithm is used? > > > THINK > Püntenstrasse 39 > 8143 Stallikon > mailto:[EMAIL PROTECTED] > PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 > > > --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: R: R: R: [leaf-user] Wrap and openvpn with TLS. PLZ HELP me!
At 17:07 18.10.2004 +0200, you wrote: >The only thing I can tell you is that openvpn uses openssl libraries According to the openvpn docs the default cipher is blowfish which, according to its author, Bruce Schneier, does 8MB/s on a Pentium 150. The routing capabilities of both machines in routing only set up are comparable, e.g. the ipstack behaves in a comparable way. I doubt the computing capacity of the Geode would be that low though. There must be some overhead elsewhere. I browsed the net and found this: http://mail.nl.linux.org/tinc-devel/2003-11/msg4.html Ciao Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing? - the Last Chapter (STH)DSL line-quality info
> The replacement for the suspect FlowPoint 2200 DSL router > arrived today > from the ISP (an Efficient Networks 5851). I plugged it into the > network sans the "crutch" switch between the two routers, and > it worked > like a charm. Hypothesis becomes history. Glad its working!! But let's go back to your ifconfig: eth0 Link encap:Ethernet HWaddr 00:10:4B:2C:90:9C inet addr:64.113.213.14 Bcast:64.113.213.15 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1800 errors:0 dropped:0 overruns:0 frame:0 TX packets:2184 errors:0 dropped:0 overruns:0 carrier:341 Collisions:0 Interrupt:9 Base address:0xff00 See the carrier errors (15.6%)? For future use, carrier errors indicate cable fault or low-layer problem related to that interface.FYI the dumpfile looks normal. Regards, P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
