Activating IPsec-MB Crypto
-
The link below states OpenVPN benefits from IPSec-MB and AES-NI is an alterntive
https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html#openvpnMy Hardware shows it supports IPSec-MB however it is inactive.
In System => Advanced => Misc I do not have an option to activate IPSec-MB
I see the Option for QAT here even through the hardware shows it is not available.
What is my best option to select here?
-
@McMurphy IIMB is the checkbox in your screenshot. :)
There is a write up in this section:
https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#cryptographic-thermal-hardware
“Best” depends on a few things for instance algorithm. -
@SteveITS said in Activating IPsec-MB Crypto:
IIMB is the checkbox in your screenshot. :)
oh, that's a bit embarrassing :)
Few more qns pls:
- Now I have IPSec-MB enabled what should be selected for crypto hardware?
- Should QAT be listed here if it is not an option for my hardware?
- When I enabled IPSec-MB do I need to restart pfSense for this to take effect?
I am trying to improves the speeds to a site-site OVPN link. IPSec runs at approx 95Mbps whereas the best I can get form OVPN+DCO is 30Mbps
-
@McMurphy On https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html#supported-devices it says
"QAT is ideal for use with IPsec and OpenVPN DCO. It is currently the fastest acceleration option for the algorithms it supports."
Is this a Netgate model or your own hardware?
I want to say if you enable QAT it might not say No anymore...I don't have one I can easily toggle though. I think it wouldn't be in the dropdown if it wasn't supported on the hardware.
-
My own hardware.
I did select QAT but it still shows as "No" on the dashboard so I guess it is not available.