search for: sptps_speed

...we've decided to test it. The results are quite surprising: * using the experimental protocol, throughput falls to around 380Mbit/s; both tincd are at or just above 100% CPU (the host has 8 cores) * not specificing ECDSA keys, throughput is around 600Mbit/s; both tincd are at around 90-95% CPU sptps_speed reports: Generating keys for 10 seconds: 5200.94 op/s ECDSA sign for 10 seconds: 3710.72 op/s ECDSA verify for 10 seconds: 1734.05 op/s ECDH for 10 seconds: 1449.40 op/s SPTPS/TCP authenticate for 10 seconds: 641.37 op/s SPTPS/TCP trans...

.../s. When I run an iperf test from node1 (client) to node2 (server) with default options, I have 300 Mbit/s MAX. The strange thing is that 300 Mbit/s was the limit with Tinc 1.0. I checked twice, both of nodes are now running tinc 1.1... Of course, when I do iperf without Tinc, I have 1 Gbit/s... sptps_speed report correct speeds (node1 is less powerfull than node2) : root at node1:~# sptps_speed Generating keys for 10 seconds: 597.41 op/s ECDSA sign for 10 seconds: 549.90 op/s ECDSA verify for 10 seconds: 470.60 op/s ECDH for 10 seconds:...

With pleasure we announce the release of tinc version 1.1pre10. Here is a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set. * Enable various comp...

With pleasure we announce the release of tinc version 1.1pre10. Here is a summary of the changes: * Added a benchmark tool (sptps_speed) for the new protocol. * Fixed a crash when using Name = $HOST while $HOST is not set. * Use AES-256-GCM for the new protocol. * Updated support for Solaris. * Allow running tincd without a private ECDSA key present when ExperimentalProtocol is not explicitly set. * Enable various comp...

Tinc newbie here so apologies if this is obvious or has been discussed already; I did search but couldn't find anything. I'm testing tinc 1.1pre10 between a Windows 7 client and Linux server. The Linux machine is on the internet and the Windows machine is on my home network behind NAT. I have successfully configured a Linux client on my home network to communicate with the server

I am looking to connect edge-routers in a VPN over the Internet, with requirement: - Mesh - NAT-traversing - 500 mbit throughput. I'm using Tinc 1.0.23 and it does this very nicely (I think I could also use 1.1, once it's considered stable) except for the througphut: the edgerouters cannot encrypt this fast. So I want to relieve the edge routers from this responsibility. If the end hosts

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)

In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)