Hi Peter,
A is the strongSwan peer with a static and public IP address.
B is a Bintec VPN25 router with a dynamic address published via DynDNS.
[...]
A tries to bring the tunnel up. However, A fails since it tries to connect
to the OLD IP address. A ping from A to B shows that name
Peter Daum wrote:
B is a Bintec VPN25 router with a dynamic address published via DynDNS.
A tries to bring the tunnel up. However, A fails since it tries to connect to
the OLD IP address. A ping from A to B shows that name resolution works
perfectly. So A seems to cache the old IP address
Hi All,
I have a query regarding dpd's:-
1. When does ikev2 stack start sending dpd's?
2. When does it know that its time to close the IPSEC SA or IKE SA?
3. Can you tell me where is the handling for closing the IPSEC SA or
IKE SA in case of no response to the dpd's?
Thanks in advance.
Hi Daniel,
Btw, can you recommend Bintec's VPN25 router? Does it support NAT-T (NAT
traversal), DPD and certificate based authentication?
We tried Bintecs and the results were mixed. At first everything seems to be
ok, DPD and certificates work. I haven't tried it behind NAT but I think I saw
Hi all,
Just re-reading the performace-thread from some-while ago.
Are there any numbers available on what somebody might expect to see
(given a certain hardware configuration)
Obviously, if one put a 10Gb card into an old 386-system, one can not
expect the line complete saturated with
Hi,
What is needed (cpu) to get 10Mbps
Not tested, but maybe a Pentium class processor?
100Mbps,
Pentium 3/4?
1Gbps,
A recent multi-core processor should be capable of doing 1Gbps, but
requires parallel crypto patches, see [1].
10Gbps
Not without hardware acceleration. Maybe the
Hi all,
Even with the most efficient software and kernel implementation, you
cannot exceed 1Gbps of small packets. Martin has sent a reminder of some
benchmarks.
I would advice that you check (sorry if it is commercial !, so please
avoid the troll on the list) the 6WINDGate SDS architecture which