Feature Request - IPSec/WireGuard based RED tunnel

Hello SteppenWolf,

RED is a proprietary closed source L2 tunneling method that Sophos keeps to a high standard, moving to an alternative would be a step back, personally.

Frankly, the Sophos RED is dime for dime better than IPSEC in all ways except for standing start connection speeds. I have done migrations from IPSEC to RED and we generally saw an increase in performance in the 10s of percent better.

Where are you seeing performance problems, on RED box to XG or XG to XG RED?

Emile

We use XG-to-XG RED connections and in relation to IPSec we have found that the RED tunnel reaches only about a fifth of the performance of IPSec. In my opinion, IPSec is more efficient here.

IPSEC is definitely more efficient, on a site to site RED you can have around 4-8 tunnels of IPSEC versus 1 tunnel of RED due to CPU requirements.

However, if you are having less than a tenth of the performance, something else must be going on there. I'd be interested in seeing a comparative performance metric when you switch between the two.

Emile

IPSEC is definitely more efficient, on a site to site RED you can have around 4-8 tunnels of IPSEC versus 1 tunnel of RED due to CPU requirements.

However, if you are having less than a tenth of the performance, something else must be going on there. I'd be interested in seeing a comparative performance metric when you switch between the two.

Emile

I'll test this again here and give you more accurate data.

Much appreciated, looking forward to it. There may be an issue that needs investigating.

Emile

Can someone tell me the current encryption parameters of RED? Would like to compare as plausibly as possible.