DH Parameters size affects performance?



  • Hello,

    I am running pfSense 2.2.3 and I recently increased the size of my DH Parameters value in the OpenVPN server configuration from 1024 (the default) to 4096 (following instructions here) as mitigation against the Logjam vulnerability. I am passing SIP traffic over OpenVPN on this pfSense gateway, and after modifying this parameter my SIP clients noticed poor performance. Does increasing the size of the DH Parameters value increase latency or otherwise degrade performance of OpenVPN traffic?

    Thanks!



  • I hope I'm not wrong here but I think DH parameters are only used to setup a connection. It may take longer to establish a VPN connection. Other than that I don't think DH parameters affect the connection after it's established.


  • Rebel Alliance Developer Netgate

    They are used during key exchange, and mostly the CPU-intensive part is generating them not using them, though I suppose that would depend on the systems on either side. I wouldn't expect them to have an ongoing/persistent effect on the VPN speed, just portions including key exchange.