Re: [strongSwan] OpenWRT. IPSec server
Hi, I am using OpenWrt + strongSwan + freeradius (password) peap auth on my home routers (DIR860 and WNDR3700). It all works quite nicely altough it took some time to set up freeradius correctly... smime.p7s Description: Kriptografski podpis S/MIME
Re: [strongSwan] Maximizing throughput / kernel bottlenecks
Hi, I believe you should achieve a full gbit throughput on any half decent x64 hardware. We've done some throughput tests using Spirent TestCenter packet generator and achieved 1750 mbit/s (full duplex) using IMIX traffic. The hw was i7-4790T CPU and Intel I350 NIC running custom x64 linux and using aes128gcm for esp. We've also ran some iperf tests using aes in cbc and ctr modes (and sha256), with and without pcrypt and also achieved full wire speed at (if I remember correctly) packets greater than 500 or so bytes. Regards Luka ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] failure with ike using sha2
Hi, I have just found out, that recent openssl 1.0.2 commit 929b0d70c19f60227f89fac63f22a21f21950823 breaks hmac when using openssl plugin for hmac functions (well, at least strongswan hmac & prf sha256 self tests fail). If I remove the lines (in openssl crypto/hmac/hmac.c) 110 if(!ctx->key_init && key == NULL) 111 return 0; and recompile all is well again. Kind regards Luka ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users