AES-NI Active But No Significant Increase In Speed Test
-
I have AES-NI showing active but I see no significant speed increase over inactive. Without VPN running I get approx. 820.83 Down and 939.14 Up. With VPN and AES-NI I only get approx. 361.92 Down and 174.86 Up.
Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
QAT Crypto: NoNord VPN server protocol file says:
client
dev tun
proto udp
remote 185.247.70.187 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
verify-x509-name CN=us8118.nordvpn.comremote-cert-tls server
auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512Custom Options:
tls-client;
remote-random;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1450;
persist-key;
persist-tun;
reneg-sec 0;
remote-cert-tls server;Are there any other changes needed to take advantage of the AES-NI or any other tuning required?
Thanks
-
@Poindexter I recall a thread discussing this topic in recent months but can't seem to find it. Perhaps not in this subforum? I believe it was stated that OpenVPN will use AES-NI regardless of the setting in pfSense.
OpenVPN uses only one core so check
topand see if one core is pegged. -
This post is deleted! -
Nothing real obvious during a speed test through the VPN:
last pid: 36473; load averages: 0.37, 0.25, 0.20 up 0+07:26:08 15:02:54
57 processes: 2 running, 55 sleeping
CPU 0: 12.5% user, 0.0% nice, 12.5% system, 0.0% interrupt, 74.9% idle
CPU 1: 0.0% user, 0.0% nice, 3.9% system, 0.0% interrupt, 96.1% idle
CPU 2: 15.3% user, 0.0% nice, 12.5% system, 0.0% interrupt, 72.2% idle
CPU 3: 0.0% user, 0.0% nice, 3.1% system, 0.0% interrupt, 96.9% idle
Mem: 49M Active, 117M Inact, 489M Wired, 15G Free
ARC: 190M Total, 32M MFU, 155M MRU, 32K Anon, 693K Header, 2956K Other
54M Compressed, 138M Uncompressed, 2.55:1 Ratio
Swap: 1024M Total, 1024M Free -
Install the official client and check some servers if they are able to provide more speed.
-
@Bob-Dig I am using the same server to test before and after VPN. The difference is massive and enabling AES-NI made no significant difference. Maybe I am overlooking your point.
When I ran the official client the speed did look better but it showed my real IP rather than my VPN IP. I am not sure if the official client is avoiding the VPN somehow.
-
@Poindexter If you're testing through the third party VPN to the Internet then you're at the mercy of their inbound and outbound connections, and how busy they are. Did they tell you to expect 1 Gbps? I would guess at 4 am it would be faster...
-
@Poindexter said in AES-NI Active But No Significant Increase In Speed Test:
I have AES-NI showing active but I see no significant speed increase over inactive. Without VPN running I get approx. 820.83 Down and 939.14 Up. With VPN and AES-NI I only get approx. 361.92 Down and 174.86 Up.
You could try out to use AES-GCM-128 instead
of the AES-CBC. -
I wasn't sure if I could change the encryption since the available options were provided by Nord:
Nord VPN server protocol file says:
client
dev tun
proto udp
remote 185.247.70.187 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
verify-x509-name CN=us8118.nordvpn.com
remote-cert-tls server
auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512 -
@Poindexter said in AES-NI Active But No Significant Increase In Speed Test:
I wasn't sure if I could change the encryption since the available options were provided by Nord:
Oh I was not really knowing that. I thought you
were creating an account and choose there the
method and algorithm. -
@Dobby_ I tried AES-128-GCM and it is faster!
AES-128-GCM 651.97 Down 234.10 Up
vs.
AES-256-CBC 361.92 Down and 174.86 UpThere is a pretty good difference in usage between the cores but I am still uncertain if AES-NI is working. Thoughts?
last pid: 93570; load averages: 0.35, 0.27, 0.18 up 0+09:20:49 16:57:35
58 processes: 2 running, 56 sleeping
CPU 0: 1.5% user, 0.0% nice, 6.9% system, 0.4% interrupt, 91.2% idle
CPU 1: 0.4% user, 0.0% nice, 1.9% system, 0.0% interrupt, 97.7% idle
CPU 2: 8.8% user, 0.0% nice, 30.8% system, 0.0% interrupt, 60.4% idle
CPU 3: 0.0% user, 0.0% nice, 5.8% system, 0.0% interrupt, 94.2% idle
Mem: 56M Active, 119M Inact, 534M Wired, 15G Free -
There is a pretty good difference in usage between the cores but I am still uncertain if AES-NI is working. Thoughts?
The most peoples will be sitting in a thinking trap.
AES-NI is speeding up the entire software and it
will be used by and not your entire task such VPN.But, the AES-GCM is benefitting too from the
AES-NI directly like you can see by your numbers. -
