Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-10 Thread Eero Volotinen
well. Just thinking site to site ipsec :) anyway. not happy with meraki aes speed, but that might be problem on meraki device.. Eero 10.12.2017 19.06 "Vick Khera" kirjoitti: > If you're going to use IPSec mobile client with an iPhone, it does not seem > to propose the GCM

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-10 Thread Vick Khera
If you're going to use IPSec mobile client with an iPhone, it does not seem to propose the GCM variants of AES, only the CBC ones with SHA2. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold!

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Jim Thompson
> On Dec 9, 2017, at 6:36 PM, Erik Anderson wrote: > > On Sat, Dec 9, 2017 at 2:56 PM, Chris L wrote: >> AES-GCM with all hashes disabled in the ESP/Phase 2. > > I'm curious why you recommend this. I'm not being contrary, just > curious. I've always had

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Erik Anderson
On Sat, Dec 9, 2017 at 2:56 PM, Chris L wrote: > AES-GCM with all hashes disabled in the ESP/Phase 2. I'm curious why you recommend this. I'm not being contrary, just curious. I've always had hashing enabled for both P1 and P2s. Is this something unique to AES-GCM? -ea

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Adam Thompson
I had found an older thread saying that the "XCBC" hashes were OK, since they were effectively "free" as long as you used one of the AES-GCM ciphers. Same thread (can't find it now, sorry) also indicated that the GCM mode ciphers were more, uh, completely??/rapidly?? accelerated than CBC. Can't

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Chris L
AES-GCM with all hashes disabled in the ESP/Phase 2. > On Dec 9, 2017, at 12:03 PM, Karl Fife wrote: > > You might try... > > (Wait for it) > > ...AES. > > > On 12/9/2017 4:02 AM, Eero Volotinen wrote: >> Hi, >> >> What is the best ipsec ciphers for aes-ni ipsec

Re: [pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Karl Fife
You might try... (Wait for it) ...AES. On 12/9/2017 4:02 AM, Eero Volotinen wrote: Hi, What is the best ipsec ciphers for aes-ni ipsec acceleration? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project

[pfSense] best ipsec cipher for aes-ni on sg-8860

2017-12-09 Thread Eero Volotinen
Hi, What is the best ipsec ciphers for aes-ni ipsec acceleration? Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold