There are various standards and recommendations that dictate the required cipher suite for different applications that is beyond the scope of this article. For example, the cipher DH-RSA-AES256-SHA256 indicates: Diffie-Hellman (DH) Key Exchange using a Rivest, Shamir, Adelman key (RSA) withĪdvanced Encryption Standard 256 bit (AES256) encryptionĪnd Secure Hash Algorithm 256 bit (SHA256) message authentication. The cipher suite is described by combining the methods together into a single string. The list of ciphers supported can be displayed with the command “openssl ciphers –v”. OpenSSL, which is an open source software library, provides a large number of ciphers. An operating system or IPsec implementation will typically support multiple ciphers for each of Key Exchange, Encryption, and Message Authentication that can be combined to form many different cipher suites. The configuration must be identical at each end of the tunnel in order to make a connection.
The parameters consist of a Key Exchange method, an Encryption method and a Message Authentication method. The set of parameters is known as a “cipher suite”. When configuring IPsec tunnels (and other secure connections) multiple parameters must be configured. An IPsec “tunnel” encrypts the entire packet, not just the payload, and is commonly used to create Virtual Private Networks (VPN). IPsec is a set of protocols that is used to authenticate and encrypt/decrypt packets to provide secure transport of packets through the network. One of the Ubuntu computers is running iperf3 as a server, the other is running iperf3 as a client. The test network consists of 2 computers running Ubuntu 20.04.1 version of Linux and 2 Vaults running pfSense® CE version 2.4.5_1. For a 1 Gbps ethernet interface, the actual data throughput is ~940 Mbps due to overhead in an IP packet. In a basic setup, The Vault is capable of routing packets at wire speed on all ports for all models.
This article aims to provide a baseline of IPSec performance for several different Vaults, as tested in a lab environment, so the customer can make an informed decision as to what products best suit their needs. Frequently, it is useful for a customer to know the performance characteristics of specific hardware before making a decision to purchase. Depending on individual use cases, different hardware firewalls may be useful for different types of network applications and as such, Protectli offers different hardware with varying capabilities.
0 kommentar(er)
