Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.5 will only work with AES-NI capable CPUs

    Scheduled Pinned Locked Moved General pfSense Questions
    169 Posts 46 Posters 88.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ivorI
      ivor
      last edited by

      @athurdent:

      Right, I have not noticed. Because when someone does not respond, you usually don't know their reasons.

      Then you should not make assumptions like: "No answer is also an answer."

      @athurdent:

      Especially not in a public forum. But you seem to have your own views of forums. I.e. I have never seen a moderator delete something in this forum before, but then again I sure have not read the whole forum either. :)
      Anyway, thank you for taking the time to respond.

      There's no need for passive-aggressive remarks. Thanks.

      Need help fast? Our support is available 24/7 https://www.netgate.com/support/

      1 Reply Last reply Reply Quote 0
      • A
        ashes00
        last edited by

        @athurdent:

        @ivor:

        Perhaps you haven’t noticed, I stopped responding on this thread because of many off-topic questions and solid amount of assumptions.

        Right, I have not noticed. Because when someone does not respond, you usually don't know their reasons. Especially not in a public forum. But you seem to have your own views of forums. I.e. I have never seen a moderator delete something in this forum before, but then again I sure have not read the whole forum either. :)
        Anyway, thank you for taking the time to respond.

        I too find Ivor's an interesting moderator.  I will leave it at that!

        1 Reply Last reply Reply Quote 0
        • ivorI
          ivor
          last edited by

          @ashes00:

          @athurdent:

          @ivor:

          Perhaps you haven’t noticed, I stopped responding on this thread because of many off-topic questions and solid amount of assumptions.

          Right, I have not noticed. Because when someone does not respond, you usually don't know their reasons. Especially not in a public forum. But you seem to have your own views of forums. I.e. I have never seen a moderator delete something in this forum before, but then again I sure have not read the whole forum either. :)
          Anyway, thank you for taking the time to respond.

          I too find Ivor's an interesting moderator.  I will leave it at that!

          I don't see what the problem is. Thread went off-topic, it's still here and you're welcome to discuss further. Just don't demand or try to force me to respond to your off-topic questions.

          Need help fast? Our support is available 24/7 https://www.netgate.com/support/

          1 Reply Last reply Reply Quote 0
          • R
            reggie14
            last edited by

            @ivor:

            Perhaps you haven’t noticed, I stopped responding on this thread because of many off-topic questions and solid amount of assumptions. We will be providing more development progress updates. I suggest you be more patient.

            Are you willing or able to comment on what the developers have decided was unacceptable with Mike Hamburg's constant-time (and cache-timing-resistant) AES implementation already in OpenSSL?

            That question seems directly applicable to the original post.

            1 Reply Last reply Reply Quote 0
            • ivorI
              ivor
              last edited by

              @reggie14:

              @ivor:

              Perhaps you haven’t noticed, I stopped responding on this thread because of many off-topic questions and solid amount of assumptions. We will be providing more development progress updates. I suggest you be more patient.

              Are you willing or able to comment on what the developers have decided was unacceptable with Mike Hamburg's constant-time (and cache-timing-resistant) AES implementation already in OpenSSL?

              That question seems directly applicable to the original post.

              Our developers have not made such decision. I suggest you read the blog posts again. It appears you have missed this part:

              Perhaps you haven’t noticed, I stopped responding on this thread because of many off-topic questions and solid amount of assumptions. We will be providing more development progress updates. I suggest you be more patient.

              It's worth to point out that you've made a lot of assumptions on this thread.

              Thanks.

              Need help fast? Our support is available 24/7 https://www.netgate.com/support/

              1 Reply Last reply Reply Quote 0
              • R
                reggie14
                last edited by

                @ivor:

                @reggie14:

                @ivor:

                Perhaps you haven’t noticed, I stopped responding on this thread because of many off-topic questions and solid amount of assumptions. We will be providing more development progress updates. I suggest you be more patient.

                Are you willing or able to comment on what the developers have decided was unacceptable with Mike Hamburg's constant-time (and cache-timing-resistant) AES implementation already in OpenSSL?

                That question seems directly applicable to the original post.

                Our developers have not made such decision. I suggest you read the blog posts again. It appears you have missed this part:

                Perhaps you haven’t noticed, I stopped responding on this thread because of many off-topic questions and solid amount of assumptions. We will be providing more development progress updates. I suggest you be more patient.

                It's worth to point out that you've made a lot of assumptions on this thread.

                Thanks.

                I'm confused.  Are you saying now that the Netgate team hasn't decided to require AES-NI now, and are still considering whether to include bit-sliced software implementations?  That seems to contradict the blog posts.

                The first blog post specifically said AES-NI (or other hardware accelerators) would be required:

                pfSense Community Edition version 2.5 will include a requirement that the CPU supports AES-NI.

                The second blog post reiterated this, seemingly further emphasizing that AES-NI would be required, and rejecting bit-sliced implementations:

                With AES you either design, test, and verify a bitslice software implementation, (giving up a lot of performance in the process), leverage hardware offloads, or leave the resulting system open to several known attacks. We have selected the “leverage hardware offloads” path. The other two options are either unthinkable, or involve a lot of effort for diminishing returns.

                So to me, it definitely sounds like you've already decided to require AES-NI, and for some reason you don't like the existing bit-sliced implementation in the crypto library you already use.

                If I've made any incorrect or unfounded assumptions, I've love to know what they were.

                1 Reply Last reply Reply Quote 0
                • ivorI
                  ivor
                  last edited by

                  @reggie14:

                  I'm confused.

                  Yes, you appear to be confused. I think I was very clear I cannot provide more comments or details other than what was revealed in the blog posts.

                  Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                  1 Reply Last reply Reply Quote 0
                  • R
                    reggie14
                    last edited by

                    @ivor:

                    @reggie14:

                    I'm confused.

                    Yes, you appear to be confused. I think I was very clear I cannot provide more comments or details other than what was revealed in the blog posts.

                    I'm not trying to be difficult here.  And I'll even understand if there are certain things that you're not at liberty to say.  But now I'm trying to understand what you meant when you said:

                    @ivor:

                    Our developers have not made such decision. I suggest you read the blog posts again.

                    The blog posts said AES-NI would be required in pfSense 2.5.  Your post from earlier today said that the developers have not decided that the VPAES implementation is unacceptable.  Does that mean they're considering to to allow the use of the VPAES implementation (which does not use AES-NI) in pfSense 2.5?  Are you suggesting that there may not be a requirement for AES-NI after all?

                    1 Reply Last reply Reply Quote 0
                    • ivorI
                      ivor
                      last edited by

                      @reggie14:

                      @ivor:

                      @reggie14:

                      I'm confused.

                      Yes, you appear to be confused. I think I was very clear I cannot provide more comments or details other than what was revealed in the blog posts.

                      I'm not trying to be difficult here.  And I'll even understand if there are certain things that you're not at liberty to say.  But now I'm trying to understand what you meant when you said:

                      @ivor:

                      Our developers have not made such decision. I suggest you read the blog posts again.

                      The blog posts said AES-NI would be required in pfSense 2.5.  Your post from earlier today said that the developers have not decided that the VPAES implementation is unacceptable.  Does that mean they're considering to to allow the use of the VPAES implementation (which does not use AES-NI) in pfSense 2.5?

                      AES-NI is required for pfSense 2.5. I think you misunderstood my post from earlier today.

                      Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                      1 Reply Last reply Reply Quote 0
                      • R
                        reggie14
                        last edited by

                        @ivor:

                        It's worth to point out that you've made a lot of assumptions on this thread.

                        Seriously, I’d really like to know where I’ve run off with unfounded assumptions.  I looked through my earlier posts in this threads, and it seems like everything is based closely on statements in the blog posts with limited inferences based on other material.

                        I’ll try to summarize the major points in my posts and I’d honestly appreciate feedback on items that are incorrect.

                        • AES-NI (or other hardware accelerations) will be REQUIRED in pfSense 2.5. (reference)

                        • Netgate is motivated by concerns over cache-timing attacks on AES. (reference)

                        • Future versions of pfSense will use a RESTCONF API for management between a cloud or local hosted webGUI and the pfSense router.  This will use TLS with an AES-GCM cipher suite. (reference)

                        • I deduce that Netgate is worried about cache-timing attacks allowing recovery of the AES-GCM key used in RESTCONF sessions (seemingly clear from above).

                        • Cache-timing attacks are a legitimate threat, but are can be difficult to mount under realistic attack scenarios (reference)  An attack scenario involving the RESTCONF interface hasn’t been laid out by anyone yet.

                        • pfSense developers are not implementing their own crypto, but are instead using  OpenSSL (reference)

                        • OpenSSL already includes a constant-time, cache-timing-resistant AES implementation (reference: VPAES). While obviously not as fast as AES-NI, it still offers strong performance for a software implementation (reference).

                        • OpenSSL v1.0.1s (which is running on my pfSense v2.3.3 box) and OpenSSL v1.0.2j (which I see referenced in the source tree) both include VPAES.

                        • When referring to concerns over cache timing attacks on AES (reference), Netgate pointed to an NYU class project that would have disabled VPAES by disabling use of SSE3. (reference, page 5)

                        • A requirement for AES-NI logically implies that the VPAES implementation was deemed unacceptable (or that its existence was unknown, or that it wasn't considered at all).

                        1 Reply Last reply Reply Quote 0
                        • ivorI
                          ivor
                          last edited by

                          @reggie14:

                          @ivor:

                          It's worth to point out that you've made a lot of assumptions on this thread.

                          Seriously, I’d really like to know where I’ve run off with unfounded assumptions.  I looked through my earlier posts in this threads, and it seems like everything is based closely on statements in the blog posts with limited inferences based on other material.

                          I’ll try to summarize the major points in my posts and I’d honestly appreciate feedback on items that are incorrect.

                          • AES-NI (or other hardware accelerations) will be REQUIRED in pfSense 2.5. (reference)

                          • Netgate is motivated by concerns over cache-timing attacks on AES. (reference)

                          • Future versions of pfSense will use a RESTCONF API for management between a cloud or local hosted webGUI and the pfSense router.  This will use TLS with an AES-GCM cipher suite. (reference)

                          • I deduce that Netgate is worried about cache-timing attacks allowing recovery of the AES-GCM key used in RESTCONF sessions (seemingly clear from above).

                          • Cache-timing attacks are a legitimate threat, but are can be difficult to mount under realistic attack scenarios (reference)  An attack scenario involving the RESTCONF interface hasn’t been laid out by anyone yet.

                          • pfSense developers are not implementing their own crypto, but are instead using  OpenSSL (reference)

                          • OpenSSL already includes a constant-time, cache-timing-resistant AES implementation (reference: VPAES). While obviously not as fast as AES-NI, it still offers strong performance for a software implementation (reference).

                          • OpenSSL v1.0.1s (which is running on my pfSense v2.3.3 box) and OpenSSL v1.0.2j (which I see referenced in the source tree) both include VPAES.

                          • When referring to concerns over cache timing attacks on AES (reference), Netgate pointed to an NYU class project that would have disabled VPAES by disabling use of SSE3. (reference, page 5)

                          • A requirement for AES-NI logically implies that the VPAES implementation was deemed unacceptable (or that its existence was unknown, or that it wasn't considered at all).

                          I will quote myself:

                          I think I was very clear I cannot provide more comments or details other than what was revealed in the blog posts.

                          Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                          1 Reply Last reply Reply Quote 0
                          • C
                            coffeecup25
                            last edited by

                            Everyone who is upset with the pending change … chill. I WAS upset but came back to Earth after some investigation and thinking. In reality, 2.5 won't be out for years and 2.4 will be supported for a year beyond that date. 2.4 will still work afterward, it just won't update. Given the pfSense rate of change, this is several years down the road.

                            After this time has passed, nice hardware from today will be considered surplus by then and will support AES-NI. Junk and surplus hardware in use today will look ridiculous as a router by then.

                            I  have an old laptop with a couple of spare usb lan adapters. The old laptop supports AES-NI. It WILL work as a router today with pfSense. I tried it a couple of days ago and it supported my entire house.

                            My custom J1900 based router will work for several years. Then, at that time, I'll look into different circumstances. Maybe. Even if I don't my router will still work.

                            I tried a few router distributions on the above mentioned laptop. One had an installer defect. Others were decent routers but none were as concise and/or complete as pfSense with regard to my needs (IPS/IDS, geoblocking with misc list blocking, openvpn with multiple servers and users with individual certificates, and a little more. One was close but it required a licence renewal every three years. I didn't want to indirectly put others in that position.).

                            Note to pfSense ... look into SoftEther with or instead of openvpn ... on the surface it's amazing.

                            1 Reply Last reply Reply Quote 0
                            • ivorI
                              ivor
                              last edited by

                              @coffeecup25:

                              Everyone who is upset with the pending change … chill. I WAS upset but came back to Earth after some investigation and thinking. In reality, 2.5 won't be out for years and 2.4 will be supported for a year beyond that date. 2.4 will still work afterward, it just won't update. Given the pfSense rate of change, this is several years down the road.

                              After this time has passed, nice hardware from today will be considered surplus by then and will support AES-NI. Junk and surplus hardware in use today will look ridiculous as a router by then.

                              I  have an old laptop with a couple of spare usb lan adapters. The old laptop supports AES-NI. It WILL work as a router today with pfSense. I tried it a couple of days ago and it supported my entire house.

                              My custom J1900 based router will work for several years. Then, at that time, I'll look into different circumstances. Maybe. Even if I don't my router will still work.

                              I tried a few router distributions on the above mentioned laptop. One had an installer defect. Others were decent routers but none were as concise and/or complete as pfSense with regard to my needs (IPS/IDS, geoblocking with misc list blocking, openvpn with multiple servers and users with individual certificates, and a little more).

                              Note to pfSense ... look into SoftEther with or instead on openvpn ... on the surface it's amazing.

                              Glad to have you back! Regarding SoftEther, if there is someone willing to contribute the package let us know! We currently do not have enough of development resources for it.

                              Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                              1 Reply Last reply Reply Quote 0
                              • R
                                reggie14
                                last edited by

                                @coffeecup25:

                                Everyone who is upset with the pending change … chill. I WAS upset but came back to Earth after some investigation and thinking. In reality, 2.5 won't be out for years and 2.4 will be supported for a year beyond that date. 2.4 will still work afterward, it just won't update. Given the pfSense rate of change, this is several years down the road.

                                I don't care about new features (well, not as much, but I understand new features may require new hardware).  I care about security patches- both for pfSense itself and for packages.  If patching (as an major element support security) isn't important to you, then I'm at a loss why you'd be using something like pfSense.

                                As you said, what we're heard is that is pfSense 2.5 is likely about a year away, and they'll probably support it for about a year beyond that.  At face value, that means two year notice that you won't be able to receive security patches if you're running something that lacks AES-NI.

                                It might be better than that- realistically I don't expect pfSense 2.5-final in a year, for instance.  But it also might be worse.  What's going to happen to pfSense v2.4 packages after v2.5 is out?  How many of them will still receive updates- particularly the ones developed by people in the community outside of Netgate?  I think many of them will stop being patched well before pfSense v2.4 falls out of support.

                                @coffeecup25:

                                After this time has passed, nice hardware from today will be considered surplus by then and will support AES-NI. Junk and surplus hardware in use today will look ridiculous as a router by then.

                                I think it's more complicated than that.  Most home users don't need a powerful box to run pfSense.  The Celeron/Atom systems in use today are popular because they're small, cheap, and low-power.  Yes, a lot of people might end up with spare hardware between now and then, but do you really want to replace a 10W J1900 mini-ITX system with a 65W Core i5 ATX system?

                                1 Reply Last reply Reply Quote 0
                                • P
                                  pfBasic Banned
                                  last edited by

                                  Why in the world would anyonehave to replace a j1900 with an if ATX system?

                                  I'm pretty sure every single CPU in the Apollo lake lineup supports AES-NI all the way down to the n series Celerons.

                                  Apollo lake SoC are already cheap  (~$55), in a few years you'll be able to pick them up for like $20 or less on eBay.

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    NOYB
                                    last edited by

                                    So you, ivor, don't respond to direct and yes relevant questions and then chastise people for making assumptions about those questions and what silence says.

                                    Whatever.

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      paftdunk
                                      last edited by

                                      @NOYB:

                                      So you, ivor, don't respond to direct and yes relevant questions and then chastise people for making assumptions about those questions and what silence says.

                                      Whatever.

                                      Open source projects are a mixed blessing. The people doing the work are constantly getting bitched at by users they often see as technically inept free-loaders. Users get confused by poorly thought out public messages that throw into doubt what they thought they knew about the project. Raw attitudes and antagonistic cultures are just about inevitable. Unfortunately pfSense is no exception.

                                      1 Reply Last reply Reply Quote 0
                                      • ivorI
                                        ivor
                                        last edited by

                                        @NOYB:

                                        So you, ivor, don't respond to direct and yes relevant questions and then chastise people for making assumptions about those questions and what silence says.

                                        Whatever.

                                        I have no idea what you are talking about. I suggest you cool down.

                                        Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                                        1 Reply Last reply Reply Quote 0
                                        • ivorI
                                          ivor
                                          last edited by

                                          @paftdunk:

                                          @NOYB:

                                          So you, ivor, don't respond to direct and yes relevant questions and then chastise people for making assumptions about those questions and what silence says.

                                          Whatever.

                                          Open source projects are a mixed blessing. The people doing the work are constantly getting bitched at by users they often see as technically inept free-loaders. Users get confused by poorly thought out public messages that throw into doubt what they thought they knew about the project. Raw attitudes and antagonistic cultures are just about inevitable. Unfortunately pfSense is no exception.

                                          pfSense is free, we don't see our users like that. I had to respond to a couple of assumptions or it would end up as a "drama". I cannot respond to every comment. Some are refusing to comprehend that I'm not allowed to share more information and they continue to demand answers by dragging me into further discussion. I can't do much if NOYB doesn't see that.

                                          Let's stay on topic.

                                          Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            jpns
                                            last edited by

                                            This is going to hurt me.

                                            I manage about 40 sites which are mainly using re-purposed Dell small form factor desktops and APU devices with the AMD G-T40E CPU. None of them use VPN (except me to log in to them remotely) and I have no interest in using cloud management either. Even my home firewall is running on a Dell Optiplex 780 with Intel Core 2 Duo E7500 which does not have AES-NI but is plenty powerful for what I use it for. There are no socket 775 CPU's with AES-NI so a complete hardware upgrade will be required.

                                            I can understand the need to have good encryption between the cloud service and remote firewalls, but I imagine the vast majority of "home" users will not ever use the cloud service.

                                            Can't you consider some other options, such as only making AES-NI a requirement IF you want to use the cloud service? Or perhaps consider ChaCha20, which has higher performance than AES on devices without AES-NI? It works well enough for Wikipedia and Cloudflare.

                                            My business is primarily providing low cost networking to SOHO environments. I'm sure you can understand how pfSense and older/cheaper hardware plays a part in this. Things will be much more difficult from 2.5 onward because I won't simply be able to use $50 refurbished hardware, and will instead need to spend 5x as much on Netgate stuff.

                                            I appreciate the long advance warning, but please consider my points above.

                                            Thank you, and keep up the great work.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.