Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shared Key to TLS -> performance issue

    OpenVPN
    2
    3
    257
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      d82k
      last edited by

      Dear all,

      I have 2 APU2C4 with pfSense (2.7.2) installed and a site-to-site VPN with OpenVPN (Peer to Peer ( Shared Key )) configured and is working great since years.

      I have tried to migrate to TLS following this guide which is very clear - Peer to Peer ( SSL/TLS ), 2048 bit TLS Key, SHA256 digest. It shows the connection is established but the overall system looks slow. As well when opening web pages on the other side of the VPN tunnel.

      Is this something which could be linked to the CPU/RAM of the devices I'm using (CPU: AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache. + DRAM: 4 GB DDR3-1333 DRAM)?

      Are there some tests I can run to confirm this or some improvements in the encryption algorithm?

      Kind regards,
      dk

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @d82k
        last edited by

        @d82k
        Which data encryption algorithm did you set?
        An AES-GCM should work fine with AES-NI.

        Also ensure, that hardware encryption acceleration is activated in the System settings.
        b2c2960b-e76d-42b2-832a-f8ec5c333dbd-grafik.png

        1 Reply Last reply Reply Quote 0
        • D
          d82k
          last edited by

          I have disabled the SSL/TLS VPN and re-activated the Shared Key. Traffic was slow (e.g. to open the web interface of the remote pfsense) - CPU usage was under 10%. I had to restore the configuration backed up before the SSL/TLS configuration added from the guide on both the devices and now it works again.
          I will try to reconfigure it later during the day, and see. I suspect there was some conflict with routing, but not sure.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.