Do you know if it's possible to have a precise measure of the time needed in order to bring up an IPSec tunnel?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
That's almost hard to predict. It's like predicting when the 1st drop of rain would fall
Why do you need or think you need precise time? You hve factors from latency, how manyhops, & then response time from the initiator or responder to contend with.
Ken
PCNSE
NSE
StrongSwan
I don't want to predict I'd like to "measure" a specific event during it occurs.
Than measure the time of the 1st IKE packet sent as a initiator and the time the phase2 SPI are set. That time would very for all of the variable I mention before.
Ideally, you could run tshark and look at timestamps of a flow of packets for the IKE1 and ESP data. if you are critical you could use IKEv2 to maybe shave a few hairs off in "ms" but this is not going to be very noticeable to the end user & then you have the variable in either the initiator or responder & the layer3 path.
All I can tell you, ipsec-vpns are short in overall setup times than ssl-vpns.
YMMV
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.