We tested the performance of this method of creating a VPN to better give everyone an idea of the performance degradation caused by the various encryption methods of SSH, as well as the PPP connection. We used two 133 MHz Pentium systems (slow by today’s standards, but we’re looking only for relative values) each with 10Base-T (10 Mbps) Ethernet cards. The two systems were on the same switched-Ethernet backplane.

In our test, we transferred a 7 MB compressed binary file using the FTP protocol. We first did it ten times with just straight FTP to get a baseline. Next, we set up the VPN and did it with no encryption for ten trials. Finally, we performed ten trials each on three different ciphers: IDEA, Blowfish, and 3DES. The highest and lowest numbers were thrown out for each type of transfer, and an average was taken. We didn’t test DES or arcfour, since they’re disabled by default and aren’t recommended by SSH’s authors.

Table 8-1 shows the results of the test in the average amount of kilobytes per second transferred and the average percent efficiency versus plain FTP. The fourth column is the percent efficiency versus a VPN with no encryption. The term “VPN” just describes the PPP connection through SSH, with the type of encryption used in parentheses.