Hi everyone,
I've been using OPNsense for a while and have set up VPN connections for remote workers. One thing I'm still trying to figure out is the best way to balance performance and security.
For example, when enabling stronger encryption (like AES-256-GCM), I notice a drop in throughput compared to lighter ciphers. On the other hand, I don't want to compromise security just for speed.
I'm curious—what are the best practices the community recommends for:
- Choosing encryption algorithms without losing too much performance
- Tweaking VPN settings to handle multiple users smoothly
- Hardware considerations that make the biggest impact on VPN performance
Any insights, real-world experiences, or recommended configurations would be greatly appreciated!
Agario (https://agargame.io)
Thanks in advance!
You can only choose between different ciphers with IPsec and OpenVPN, with Wireguard, ChaCha20 is always used.
Performance of such algorithms depends heavily on your hardware (for example, ChaCha20 is way faster than AES-256 for most low-power CPUs, but recent x64 CPUs often sport AES-NI support.
So for a practical approach, you can just measure how fast the relevant algorithms are for your setup (note that I say "setup", not "hardware", because it depends on the VPN partner, as well). You can use iperf3 for that.
After you have determined how fast the algorithms are, you can choose the one that you deem secure enough. There are plenty of comparisons out on the internet. I would say that both AES-256-GCM and ChaCha20 are good enough (tm).
That being said, of course, you may benefit from CPUs with AES-NI support for the AES-type variants of algorithms, and more generally with faster CPUs. For specific needs, there are hardware accelerators available (you can configure their use in OpnSense settings), but do you really want to spend that kind of money?
Quote from: meyergru on September 03, 2025, 09:57:06 AM[...]
but recent x64 CPUs often sport AES-NI support. [...]
SSE-era: Intel Westmere (2010), Silvermont (2013); AMD Bulldozer (2011). I don't know about the code-level support (parallelism and width: early devices had one 128 bit path, while later ones have up to two 256 bit paths).
Quote[...]there are hardware accelerators available[...]
Lots of discussion in the "Hardware and Performance" section, for Atoms with QuickAssist, mostly. There are few drivers available, and it seems like a faster CPU could wipe out any advantage from the accelerator.
Aside: I mostly worked with IPSEC ~20 years ago. Stuff's a bit faster now.