Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Sep 2019
    Posts
    14

    Default Use aesgcm16 instead of aes256?

    Hi guys -- Happy Untangle user here. When configuring a site-to-site tunnel, the only esp option is AES which is AES-CBC. The multithreaded and more efficient AES-GCM encryption algorithm is not an option.

    If I manually edit /etc/ipsec.conf and change:

    esp=aes256-sha1-modp2048!

    to

    esp=aes256gcm16-sha1-modp2048!

    Site-to-site throughput jumps 3x and CPU utilization drops.

    Of course when I reboot the config is lost. Any way I can get this change to be persistent? Or perhaps add an option for AES-GCM through the UI . Thank you!
    donhwyo and larzz like this.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,762

    Default

    Thanks for the post. We will look into it.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,762
    Jim.Alles, larzz, ensnare and 1 others like this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Sep 2019
    Posts
    14

    Default

    That's great, thanks. I also see a performance boost when I use the aesxcbc integrity algorithm, also AES-NI accelerated, as opposed to sha1.

    esp=aes256gcm16-aesxcbc-modp2048!

    Provides maximal site-to-site performance between our two sites.
    larzz likes this.

  5. #5
    Untangler
    Join Date
    Aug 2008
    Posts
    35

    Default

    Also interested in this option as well

  6. #6
    Newbie
    Join Date
    Sep 2019
    Posts
    14

    Default

    Tested & works in 16 beta. You guys are awesome.
    Jim.Alles and jcoffin like this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2