4. DH Parameters size affects performance?

DH Parameters size affects performance?

  • A

    Hello,

    I am running pfSense 2.2.3 and I recently increased the size of my DH Parameters value in the OpenVPN server configuration from 1024 (the default) to 4096 (following instructions here) as mitigation against the Logjam vulnerability. I am passing SIP traffic over OpenVPN on this pfSense gateway, and after modifying this parameter my SIP clients noticed poor performance. Does increasing the size of the DH Parameters value increase latency or otherwise degrade performance of OpenVPN traffic?

    Thanks!

    0
  • D

    I hope I'm not wrong here but I think DH parameters are only used to setup a connection. It may take longer to establish a VPN connection. Other than that I don't think DH parameters affect the connection after it's established.

    0
  • Rebel Alliance Developer Netgate

    They are used during key exchange, and mostly the CPU-intensive part is generating them not using them, though I suppose that would depend on the systems on either side. I wouldn't expect them to have an ongoing/persistent effect on the VPN speed, just portions including key exchange.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy