Actions
New Content #8773
closedAdd VPN Throughput Tuning info
Start date:
08/09/2018
Due date:
% Done:
0%
Estimated time:
Description
Need to add a page to the docs about VPN throughput tuning
Example info that needs to go on the page:- Use AES-NI capable hardware, load the AES-NI module
- Use AES-GCM (explain its efficiency and about not using a hash and so on)
- Impact of Kernel PTI on/off
- For IPsec, set async crypto,
net.inet.ipsec.async_crypto=1
( See #8772 and https://reviews.freebsd.org/D10680 ) - For OpenVPN, suggest UDP fast i/o, 512k buffer, or switch to IPsec due to slowness of context switching inherent to OpenVPN
- For extreme performance requirements, mention/link to TNSR since FreeBSD kernel IPsec can't reach near those speeds
Add in some performance data as we get it as well.
Actions