OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: Bjur on December 13, 2019, 06:29:47 pm

Title: Is AES-NI supported in OpnSense:
Post by: Bjur on December 13, 2019, 06:29:47 pm

Hi I'm considering OpnSense. Have just upgraded my hardware to support AES-NI and want to use OpenVPN with AES-NI hardware acceleration. Will that be supported with OpnSense?

Title: Re: Is AES-NI supported in OpnSense:
Post by: mimugmail on December 13, 2019, 08:04:02 pm

OpenVPN runs im userspace, theres no real benefit here. Better use IPsec

Title: Re: Is AES-NI supported in OpnSense:
Post by: Bjur on December 13, 2019, 09:30:02 pm

Thanks is it the same in pfsense. I just want highest possible throughput in VPN

Title: Re: Is AES-NI supported in OpnSense:
Post by: mimugmail on December 13, 2019, 10:38:44 pm

The same, just use IPsec or WireGuard

Title: Re: Is AES-NI supported in OpnSense:
Post by: fabian on December 14, 2019, 08:21:01 am

AFAIK OpenSSL is compiled with AES-NI support and it is used, if it is there. The only problem is that it is not always usable.

Title: Re: Is AES-NI supported in OpnSense:
Post by: banym on December 15, 2019, 10:27:39 pm

What do you mean by not always usable?

Does the tunnel settings be configured in a specific way to make openssl use it?

Title: Re: Is AES-NI supported in OpnSense:
Post by: fabian on December 15, 2019, 10:38:33 pm

It depends of the mode in which OpenSSL is running. The high level functions can enable hardware acceleration automatically.

Here is some old GitHub ticket:
https://github.com/opnsense/core/issues/3551