Re: Re: Free S/wan over satellite

[Dave Piscitello <dave () corecom com>]

You really haven't given much information here.

First, I'd crack out ethereal and sniff the IKE and IPsec
security association establishment is what you expect.
Since you say performance degraded, I imagine you've
convinced yourself that the SA's actually establish, and
that there's no NAT interference?

Then I'd look at packet latencies.

Then I'd change some security association parameters
to see whether my system was a performance bottleneck.

I'd ask "Are you using 3DES? If you change the policy to DES,
does the performance improve? If you just use
message integrity and not message encryption, does
the performance improve?" If yes to any of these, maybe
it's CPU on one end or the other? If no to any of these, then
you've eliminated crypto processing. I'd look for something else.

At 12:26 PM 5/24/2002 -0500, Ben Swanner wrote:
> Set up on Linux over vsat connection and speed dropped by a factor of ten.
> Any ideas?
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards


David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
843.689.5595
www.corecom.com
hhi.corecom.com/~yodave/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards