AES-GCM
-
Re: Hardware Crypto Support Missing AES-GCM?
Has anyone else used this patch back in 23.05.01?
Is this of concern
/* duplicates are ignored because keys must be unique */ -
@JonathanLee This should be fixed in 23.09:
https://docs.netgate.com/pfsense/en/latest/releases/23-09.html#dashboardIf you're on 23.05 I'd consider upgrading...?
-
@SteveITS I would loose access to my Safexcel accelerator, and the new version also does not work with my mpcie to nvme adapter the update disabled the use of the nvme driver on install (I am told I am the only user that uses a NVME in a 2100) and it also disables my Squid status pages. It would really depreciated my system a lot, not to mention OpenVPN DOC will not work after upgrade. I am stuck until I get a new system. I cannot let it depreciate my system that much in one upgrade, it's more like a depreciation update for my system. It makes me sad. I am going to get a new system 4200 soon to get the faster speeds. Right now I am just stuck.
That 4200 has a massive boost in speed and a built in NVMe plus it has an accelerator chip right? So I should be good again. I just got to have Squid work to jump over to it.
-
@JonathanLee Not sure I understand the part about SafeXcel, I have:
IPsec-MB Crypto: Yes (active)
SafeXcel Crypto: Yes (active)
Hardware crypto AES-CBC, AES-CCM, AES-GCM, AES-ICM, AES-XTS, ChaCha20-Poly1305, SHA1, SHA256, SHA384, SHA512But yeah the 4200 is a huge step up.
-
@SteveITS On the 2100 safexcel no longer works with OpenVPN after 23.05.01.
https://redmine.pfsense.org/issues/15103
-
@JonathanLee said in AES-GCM:
On the 2100 safexcel no longer works with OpenVPN after 23.05.01.
Another option would be to use IPsec road warrior.
-
Or wireguard. Or OpenVPN DCO.
