Here is a brief mention of IPSec related benchmarks, just so people can get an idea of what performance degradation you are likely to see (yes, you will get a loss in performance, although if you have sufficiently overspecced parts you might not notice :)).
The benchmarks posted from me are from two P3/600 machines connected via a 10Base-T hub. One is running Gentoo, the other Debian. I don't think the authentication method will make any difference, but at the moment I am using PSK (mainly since I just finished that page :)).
Transferring a 200MB file consisting entirely of zeroes (hi /dev/zero) from one machine to the other via FTP (proftpd 1.2.8, ncftp 3.1.5): |<Config | Transfer Rate | CPU | Load |<No IPSec |>863.65 kB/s |> 6% | 1.0 |<IPSec |>778.21 kB/s |>25% | 1.0 |<IPSec Compress |>1.92 MB/s |>35% | 1.0
I'm slightly at a loss as to why the load was so consistantly high but I guess that's the price you pay to have a process constantly wanting disk access.
You can see that enabling IP compression on the IPSec tunnel can lead to a dramatic speedup in transfer rates, at the cost of about 50% extra CPU cycles. Still - it was transferring at over twice what it would have been in clear text. This is probably almost entirely explained by the fact that the file I was transferring consisted entirely of zeroes. I will try with a more realistic file at some point.
More realistic file stats, transfering 3DMark2001SE_330.exe between the same hosts: |<Config |Transfer Rate|CPU|Load |<IPSec |>778.30 kB/s |>25% | 0.3 |<IPSec Compress |>766.67 kB/S |>30% | 0.3