Deciso DEC600 A10 Dual Core
OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
Scratching my head on this one. What are the proper combination of settings to enable hardware assisted crypto in OpenVPN?
Is this help still valid under Miscellaneous: Settings: Cryptography settings: Hardware acceleration (Current setting: AES-NI CPU-based Acceleration (aesni))
"... OpenVPN should be set for AES-128-CBC and have cryptodev enabled for hardware acceleration."
VPN: OpenVPN: Servers: Hardware Crypto shows "No Hardware Crypto Acceleration" and no other options can be selected for that field.
From the hardware documentation:
"Hardware acceleration: SoC has integrated AESNI instructionset including support for GCM"
"Hardware Assisted Encryption: 600Mbps IPsec (AES256GCM16)"
That's true for non-AESNI. However, AESNI is built into OpenSSL / LibreSSL so you don't have to set cryptodev because cryptodev is not for AESNI devices. Leaving it blank and using an AESNI-supported cipher is all that is required to automatically gain hardware acceleration.
Cheers,
Franco