Have you done a measurement to see the difference between FTP over the
VPN link to the PH machine vs FTP over a non-encrypted link to the PH
machine? I'd be curious to see the difference in bandwidth and/or
transfer time for the same file(s). I realize your firewall rules may
not make this possible/easy, but it would be an informative test.
Also, is there any particular reason you are specifying that cipher (DES-EDE3-CBS [triple DES])? Both Blowfish (BF-CBC) and AES (AES-128-CBC) are faster on my machines and I believe AES is considered to be at least as strong as 3DES. I am currently using the default (BF-CBC). Changing the cipher to a faster (and perhaps even stronger) one such as AES may give you some improvement, but as I said in a previous post, for bandwidth purposes most lightly loaded modern machines can encrypt more than a T1s worth of bandwidth for any of the ciphers.
Timing output from "openssl speed bf-cbc; openssl speed des-ede3; openssl speed aes-128-cbc"
On a Linux 1.5GHz Athlon:
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
blowfish cbc 59300.37k 63400.60k 64507.90k 64683.35k 65505.86k (~64MBps)
des ede3 13048.64k 13385.79k 13474.56k 13499.73k 13503.15k (~13MBps)
aes-128 cbc 40891.83k 42565.99k 43319.30k 43471.19k 43442.18k (~42MBps)
On an OpenBSD 700MHz Celeron:
blowfish cbc 11652.74k 12198.84k 12371.33k 12526.30k 12685.55k (~12MBps)
des ede3 1628.31k 1642.45k 1649.12k 1646.98k 1648.55 (~1.6MBps)
aes-128 cbc 9850.36k 10237.38k 10309.71k 10336.80k 10364.35k (~10MBps)
Toby McMillan, RHCE wrote:
Hi Chris, everyone,
____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users