Messages

1

General Discussion / Re: Enabling and verifying AES-NI

« on: February 14, 2021, 09:12:40 am »

The only reason i was going down the rabbit hole..., is because I was having some intermittent internet/pocket drops during zoom and Teams calls. i thought the issue was hardware/firmware issues. Not having the AES-NI option visible in GUI made me suspicious that maybe my hardware is not compatible with latest opnsense releases. 

2

General Discussion / Re: Enabling and verifying AES-NI

« on: February 14, 2021, 08:31:24 am »

 I finished testing/re-installation of different versions this weekend. i re-installed  21.1, 19.7 and 19.1.4. it is the same issue.

when I installed pfsense 2.4.5.p1, i get AES-NI in the dashboard, once i enabled the hardware acceleration in the cryptography settings (see attached picture). So there are no bios issue and my hardware is working correctly. so i suspect i firmware or a setting in GUI that is causing this issue.

One thing i noticed in the settings that is different than pfsense, is that opnsense appears to select AES-NI hardware acceleration in Cryptography settings automatically. after initial install, when go to setting to make change and enable it; i find it already selected. unfortunately, toggling it multiple time and restarting firewall didn't resolve the issue.

i think i spent enough time testing what i can. i will stay with a VM firewall, as i worry that my hardware is getting old or is not compatible with current firmware in opnsense. Hopefully there will be other updates that will fix this issue.

3

General Discussion / Re: Enabling and verifying AES-NI

« on: February 04, 2021, 05:26:46 pm »

### Update Feb 3, 2021
i was having some intermittent internet/pocket drops. i notice the issue mostly when using Teams/skype calls and also during Zoom calls.

i reset the modem/computers/firewalls and tried no filtering, but the issue (internet /pocket ) drops didn't go away.

i re-installed the opnsense OS a couple of time with no impact to AES-NI visibility in the GUI.

finally I installed pfsense and was able to get AES-NI configuration back in the GUI which leads me to think the issue maybe driver/hardware related.

right now i am running the firewall through a VM (i have a server with 4 NIC) and the issue appears to be resolved.  i am using the VM for now until i have time to set the Atom firewall with pfsense. or maybe i will just stay using VM as it is much easier to backup and start from fresh whenever i need.

while i am not a network engineer; i have been using opnsense for about 5 years and never had issues with it.  The internet drops appeared to be hardware/driver related and I only noticed it  sometimes after 17.xx update. which was about the same time i have noticed AES-NI functionality in Gui disappeared.

4

General Discussion / Enabling and verifying AES-NI

« on: November 04, 2020, 05:33:00 am »

I need help figuring out how to enable AES-NI. I used to have this setting enabled and visible in system information Dashboard but after I recently replaced my hard drive SSD and re-installed opnsense fresh I lost indications that AES-NI is enabled from Dashboard.

This is what I did so far:

1) I have verified that AES-NI is enabled in BIOS and enabled cryptography setting of AES-NI under System: Settings: Miscellaneous:hardware accretion.

2) I ssh to the console and run this command:

#sudo dmesg | grep -i aes
  Features2=0x43d8e3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,TSCDLT,AESNI,RDRAND>
aesni0: <AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS> on motherboard

3) I rebooted/restarted the system multiple time, enable and disable the setting multiple times.

4) I tried the system under OpenSSL and LibreSSL
 
my system information:
Versions:    OPNsense 20.7.4-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
OpenSSL 1.1.1h 22 Sep 2020
CPU Type: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz (4 cores)

Any input or suggestion would be appreciated.