Further to my recent query, it would seem on testing the RB433UAH that there is a major speed bottleneck when using SHA-1 authentication. This surprised me since I thought that this was a fairly minor part of the computation when running an IPSEC tunnel.
With SHA-1 I am only achieving ~5Mbps; move to MD5 (both with AES) and this figure improves dramatically to around 15Mbps. Both are decoding rates (sufficient; encoding speed isn't an issue because I'll be running the VPN across a bunch of ADSL lines). CPU load 100% in all cases.
This latter rate is spot-on for our requirements, and MD5 is probably sufficient for our needs, but I'm just curious as to the speed differential. The MD5 implementation is definitely a bottleneck; anyone know why this is?