Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
OpenVPN: No Hardware Crypto Acceleration
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN: No Hardware Crypto Acceleration (Read 8099 times)
TrustedComputer
Newbie
Posts: 19
Karma: 1
OpenVPN: No Hardware Crypto Acceleration
«
on:
May 01, 2019, 07:51:34 pm »
Deciso DEC600 A10 Dual Core
OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
Scratching my head on this one. What are the proper combination of settings to enable hardware assisted crypto in OpenVPN?
Is this help still valid under Miscellaneous: Settings: Cryptography settings: Hardware acceleration (Current setting: AES-NI CPU-based Acceleration (aesni))
"... OpenVPN should be set for AES-128-CBC and have cryptodev enabled for hardware acceleration."
VPN: OpenVPN: Servers: Hardware Crypto shows "No Hardware Crypto Acceleration" and no other options can be selected for that field.
From the hardware documentation:
"Hardware acceleration: SoC has integrated AESNI instructionset including support for GCM"
"Hardware Assisted Encryption: 600Mbps IPsec (AES256GCM16)"
«
Last Edit: May 01, 2019, 08:01:51 pm by TrustedComputer
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: OpenVPN: No Hardware Crypto Acceleration
«
Reply #1 on:
May 02, 2019, 06:53:40 am »
That's true for non-AESNI. However, AESNI is built into OpenSSL / LibreSSL so you don't have to set cryptodev because cryptodev is not for AESNI devices. Leaving it blank and using an AESNI-supported cipher is all that is required to automatically gain hardware acceleration.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
OpenVPN: No Hardware Crypto Acceleration
