On 21.7.2021. 22:21, Alexander Bluhm wrote:
> Ahh, to many diffs in my tree. I have forgotten the cunk
> crp->crp_flags = ... | CRYPTO_F_NOQUEUE
>
> Try this. Still testing it myself, it looks a bit faster.
I'm combining this and last parallel diff and i can't see any drops in
traffic. Even sending at high rate, traffic through iked or isakmpd is
stable at 150Kpps, which is good ..
One funny thing is that with top -SHs1 crypto CPU usage is always at 0.00%
Could it be because of aes-ni?
r620-1# cat /etc/ipsec.conf
ike active esp from 192.168.232.0/24 to 192.168.123.0/24 \
local 192.168.42.1 peer 192.168.42.111 \
main auth hmac-sha1 enc aes group modp1024 \
quick enc aes-128-gcm group modp1024 \
psk "123"
r620-1# cat /etc/iked.conf
ikev2 active esp from 192.168.232.0/24 to 192.168.123.0/24 \
local 192.168.42.1 peer 192.168.42.111 \
ikesa enc aes-128-gcm group modp1024 prf hmac-sha1 \
childsa enc aes-128-gcm group modp1024 \
psk "123"
