SG-1000 Crypto Engine?
-
Hello,
Hello,
I recently acquired an SG-1000, and am wondering if anyone has has any luck getting the crypto accelerator working with OpenVPN or IPSec? I did try OpenSSL benchmarking, and it seems to perform as expected WITHOUT acceleration. Is a matter of it just not being ready yet, or is there some trick I am missing?
Thanks in advance!
-Bill -
No driver yet…
https://forum.pfsense.org/index.php?topic=123013.msg679567#msg679567
-
Not ready yet. The plan is to get it working for pfSense 2.5.
-
Not ready yet. The plan is to get it working for pfSense 2.5.
Pretty significant piece of information to be omitted from the product page. Especially being that a pfSense 2.5 release date has not been set. Even pfSense 2.4 hasn't been released yet. So how many years out is pfSense 2.5 release? Selling hardware without drivers for years. Awesome!
-
Not ready yet. The plan is to get it working for pfSense 2.5.
Pretty significant piece of information to be omitted from the product page. Especially being that a pfSense 2.5 release date has not been set. Even pfSense 2.4 hasn't been released yet. So how many years out is pfSense 2.5 release? Selling hardware without drivers for years. Awesome!
https://www.netgate.com/products/sg-1000.html
CPU: TI AM3352 ARM Cortex-A8 600 MHz, including crypto accelerator
The product page says it includes the crypto accelerator.
AES-NI blog post mentions SG-1000 crypto accelerator as well:
On ARM-based systems, the additional load from AES operations will be offloaded to on-die cryptographic accelerators, such as the one found on our SG-1000. ARM v8 CPUs include instructions like AES-NI that can be used to increase performance of the AES algorithm on these platforms.
https://www.netgate.com/blog/pfsense-2-5-and-aes-ni.html
What did we omit? It's clear that the device has crypto accelerator. 2.5 development is in very early stages. What are we supposed to point out on the product page? A version which is not yet released will support that built-in cypto accelerator?
Selling hardware without drivers for years. Awesome!
What did you want to say with this? It's bad to sell SG-1000 because 2.3 and 2.4 don't use the on-board crypto accelerator? We outlined our plans, 2.5 will support the SG-1000 crypto accelerator (and crypto accelerators from other ARM models we release by then). What do we have to point out on our product page??
-
The product page tech specs tout "crypto accelerator" but nowhere does it mention that it is not supported. It is misleading. People typically expect things that are included in tech specs to be supported and usable when they buy something.
If I had purchased one of those expecting to use the "crypto accelerator" I'd be really ticked off and demanding refund. And rightfully so.
pfSense 2.5 doesn't even have a release date and is probably a year or more out. So by the time SG-1000 has usable "crypto accelerator" support it will be over a year old. In a year or more there may be other devices that are more appealing.
Very bad and distasteful business practice in my opinion.
-
Not ready yet. The plan is to get it working for pfSense 2.5.
Pretty significant piece of information to be omitted from the product page. Especially being that a pfSense 2.5 release date has not been set. Even pfSense 2.4 hasn't been released yet. So how many years out is pfSense 2.5 release? Selling hardware without drivers for years. Awesome!
We'll need to get it ready sometime during the 2.4 series, and we've been pretty open about it.
Patches welcome.
-
The product page tech specs tout "crypto accelerator" but nowhere does it mention that it is not supported. It is misleading. People typically expect things that are included in tech specs to be supported and usable when they buy something.
What exactly is misleading? We wrote CPU has a crypto accelerator. Where is the misleading part? Perhaps if we point out that crypto accelerator is present and can be or is used for VPN acceleration that would be misleading. But we did not do that. We wrote CPU has crypto accelerator. In AES-NI announcement blog post we said 2.5 will be able to use SG-1000's crypto accelerator. That isn't bad, that's is great. When 2.5 is out, over a year old model will get a speed update. And you view this as misleading and bad.
If I had purchased one of those expecting to use the "crypto accelerator" I'd be really ticked off and demanding refund. And rightfully so.
You would not get a refund because there was no reason for you to believe the crypto accelerator is used by pfSense (we did not say it). I really do not like these kinds of talks with a lot of if's. You didn't buy this router and here you are complaining about something.
pfSense 2.5 doesn't even have a release date and is probably a year or more out. So by the time SG-1000 has usable "crypto accelerator" support it will be over a year old. In a year or more there may be other devices that are more appealing.
Why is that bad? How is it bad that a device older than a year or more gets a speed upgrade? Shouldn't that be good?
Very bad and distasteful business practice in my opinion.
Thousands of SG-1000 were sold but thanks for your thoughts.
-
If I had purchased one of those expecting to use the "crypto accelerator" I'd be really ticked off and demanding refund.
But you didn't, and you're salty. Why?
Because you can be semi-anonymous on the Internet, Mr. None Of Your Business?
You have no cause of complaint.
-
Yes I do have cause for complaint. Regardless of whether I've purchased the product or not. The complaint is re: misleading advertisement/representation. When such is practiced people can not rely on the information they are presented with. Including me.
NOYB is not about being anonymous. I've mentioned that before in these pfSense forums. It really doesn't provide anymore anonymity that an abbreviated name. But that is an of topic subject. Nice deflection attempt though.
-
I have to agree. After all, the main reason for buying official hardware is the expectation that its 100% supported by pfSense, otherwise why bother?
There have been consumer routers released claiming support for DD-WRT or OpenWRT but which were not supported at launch. They too rightly got flack for misinformation.
If a device is being sold as officially supported it should be made absolutely clear of an advertised feature of it is NOT actually supported at that time.
-
Yes I do have cause for complaint. Regardless of whether I've purchased the product or not. The complaint is re: misleading advertisement/representation. When such is practiced people can not rely on the information they are presented with. Including me.
Your cause for complaint is false. It's not a misleading advertisement/representation. Under CPU specification we have listed it has crypto accelerator. We did not mention crypto accelerator anywhere else on the page. I suggest you stop with your witch hunt.
-
I have to agree. After all, the main reason for buying official hardware is the expectation that its 100% supported by pfSense, otherwise why bother?
There have been consumer routers released claiming support for DD-WRT or OpenWRT but which were not supported at launch. They too rightly got flack for misinformation.
If a device is being sold as officially supported it should be made absolutely clear of an advertised feature of it is NOT actually supported at that time.
The device is fully supported by pfSense. The device was made for pfSense. Future pfSense versions will support the CPU built-in crypto accelerator. The SG-1000 device was released before 2.5 work even began. Crypto accelerator is part of the CPU and it was listed under CPU specification. That's not misinformation or did we anywhere imply this feature is being used by pfSense at the moment. We listed what CPU it has, that is all. We did not mention crypto accelerator in product description or it's potential usage.
Lastly, SG-1000 is a 100% open source hardware that runs 100% open source software. Don't imply we are hiding anything here because we are being completely transparent.
I am locking this very dumb discussion.
