OpenVPN and CPU AES-NI
-
I already connected with my VPN provider using pfSense 2.3.3 and the openvpn client.
The VPN provided a client openvpn.opvn file (aes-256-cbc and sha512)I need to optimize my throughput on APU E1-2100 1Ghz mini-itx motherboard which supports cpu AES-NI
In pfSense, I have already enabled the crpto hardware that was detected.
Is there are anything else I need to do?
If I ssh, how do I check that everything is configured propelry?Thanks
-
In pfSense, I have already enabled the crpto hardware that was detected.
Uncheck that. OpenVPN/OpenSSL use hardware crypto by default, and it's rather hard to turn off. Checking the box runs the crypto through the kernel, which tends to be slower.
-
This is my current configuration. Is this correct?
Openvpn-> Clients-> No Hardware acceleration (Hardware Crypto)
System-> Advanced -> Miscellaneous-> AES-NI CPU based Acceleration (Cryptographic Hardware)
-
System-> Advanced -> Miscellaneous-> AES-NI CPU based Acceleration (Cryptographic Hardware)
That's the "make openvpn slower" option. If you're not using ipsec, leave that off.
-
Thanks will do. I am not using VPN-> iPsec but instead my client is in VPN->OpenVPN.