4. DH Parameters size affects performance?

DH Parameters size affects performance?

  • A

    Hello,

    I am running pfSense 2.2.3 and I recently increased the size of my DH Parameters value in the OpenVPN server configuration from 1024 (the default) to 4096 (following instructions here) as mitigation against the Logjam vulnerability. I am passing SIP traffic over OpenVPN on this pfSense gateway, and after modifying this parameter my SIP clients noticed poor performance. Does increasing the size of the DH Parameters value increase latency or otherwise degrade performance of OpenVPN traffic?

    Thanks!

    0
  • D

    I hope I'm not wrong here but I think DH parameters are only used to setup a connection. It may take longer to establish a VPN connection. Other than that I don't think DH parameters affect the connection after it's established.

    0
  • Rebel Alliance Developer Netgate

    They are used during key exchange, and mostly the CPU-intensive part is generating them not using them, though I suppose that would depend on the systems on either side. I wouldn't expect them to have an ongoing/persistent effect on the VPN speed, just portions including key exchange.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy