23.09.01 Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
-
In 23.09.01
-
It shows nothing for me, with
DOC enabled or disabled
encryption with removed chacha and enabled chacha
IPsec-MB enabled or disabled23.09.01 I can't get it to run
-
In 23.05.01:
Chip working
Chip listed
Listed the chip
increments on use now shows 80My device was purchased direct from Netgate and contains the chip.
What should I do???
-
OpenSSL no longer supports the BSD cryptodev device as an 'engine'. Selecting it there does nothing so it was removed.
SafeXcel should still be used for kernel mode crypto though so if you have DCO enabled.
Steve
-
@stephenw10 I do have it enabled, though VM stat still shows no increments Or any status for the Chip what can be done to correct that? Thanks for the reply. Have a good day.
Just for clarification the new 2100s ship without a cypher chip? My version was the more expensive 2100MAX it came with a SSD and the cypher chip. Is it possible the updates repos do not know difference between the older 2100? and the new 2100s?
Like a hypothetical model 2100A and 2100B ????
If so how can I get my chip to work the speed is drastically different on VPN use with it enabled.
-
Try disabling iimb. That will try to register against many of the same ciphers.
-
@stephenw10 I did that same results dang. Please let me know if you find a advanced option for customers like me.
-
Do you actually see a reduction in throughput though? Or an increase in CPU usage?
-
@stephenw10 yes with use on 22.05.01.
-
Like throughput is lower in 23.09.1 compared to 23.05.1?
-
@stephenw10 let me test again hold on I turned 23.09.01 on again.
Nope it’s 130kbs with dsl on 23.09.01
It’s 123kb in 23.05.01Just checked with my pdfs again.
-
Hmm, those seem very low numbers. I can't imagine you'd be able to see the difference at those rates.
-
@stephenw10 low bill too :) that ID error is why I think it has issues would ath0 cause this ?
-
No this is nothing to do with the ath card or newer 2100s without the crypto cert device. OpenSSL no longer supports BSD cryptodev as an engine so the option to select it was removed from OpenVPN for all hardware.
Which ID error are you referring to?
-
The id error shows on 23.09.01 every time does not show in 23.05.01
-
Ah OK. That seems unlikely to be related to the crypto hardware. If you disable safeXcel but keep DCO enabled does it still show?
-
@stephenw10 I have to swap boot environments when my wife goes to work after that I can check.
To confirm you want me to disable the chip on the advanced menu?
-
Yes, then boot so the safexcel module is not loaded. Then check the openvpn logs again. I expect that ID error to still be present.
-
@stephenw10 side note, can I do a boot environment and load 24 dev os or will that cause issues going back to 23.09?
-
Yes you can do that. There's no problem booting back to 23.09.1.
