On Fri, 4 Oct 2019, Raees Khan wrote:
I am using Libreswan IPSec VPN in transport mode. (L2tpv3 over IPSec). We see a
lag in one of our applications running
between sites. Normally, it is 16 to 20 ms. however, every 7:45 it shows some
lag / delay in application upto 400ms.
We tested the performance of this connection. The communication delay (from end
device to end device). During these tests we
recognized a significant delay about every 7h 45min of 190 ms to 700 ms . After
checking router config and logs we assumed
the SA key exchange is responsible for the delay. The SA lifetime was
configured to 8h. After changing the lifetime to 1h the
delay occurred about every 45 min.
This could be the CPU or Libreswan could be optimized to avoid this issue ?
Any help would highly be appreciated.
You might see some speed improvements on libreswan 3.29 and (soon to be
rleeased) 3.30, as we did do some duplicate work with DH or authentication
in some cases.
Also check and see if you have AES-NI hardware acceleration and if so,
use aes_gcm and not aes-shaX.
You can also try pfs=no if not already set, but of course then you have
no perfect forward secrecy, but you willl do less DH calculations.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
