This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding Phase1/Phase 2 GCM Encryption Support For IKEv2 Tunnels

Hi Sophos XG Team . Many newer devices and cloud providers now are starting to default to GCM for *MUCH* better ipsec performance.By a factor of 5-10 in some of our use cases.

I had a look in /_conf/ipsec/strongswan.d/charon on one of our boxes but it doesn't look like the gcm plugin is available from what I can gather.

Could you look into the following as this seems to what most of the cloud providers are starting to default to.

AES-GCM-128-8, AES-GCM-192-8, AES-GCM-256-8
AES-GCM-128-12, AES-GCM-192-12, AES-GCM-256-12
AES-GCM-128-16, AES-GCM-192-16, AES-GCM-256-16

This thread was automatically locked due to age.

Parents

0 EdmundSackbauer over 6 years ago

+1

Also it is not clear to me if CPU's AES-NI instructions are used, with my UTM they are used in GCM ciphers.

I expect a not so good performance compared to UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 EdmundSackbauer over 6 years ago

+1

Also it is not clear to me if CPU's AES-NI instructions are used, with my UTM they are used in GCM ciphers.

I expect a not so good performance compared to UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data