Gigabit OpenVPN, whats needed?

bofr

Hi.
I tried searching for a good answer but found nothing definitive.
Has anyone actually managed to get a box up to about gigabit speeds over openvpn aes-256-cbc?
Right now the most speed I can get is about 550Mbps down, and thats using an FX-6300.
Before I shell out loads of cash for a new machine I thought I would get some community input.

It would be nice if this was achievable with some kind of low powered small formfactor but I kind of doubt it.

Thanks.

ericnix

Does Intel AES hardware crypto help?

I have mine enabled, but unfortunately I only have a gig down (40 Mbps up) with my Comcast cable modem.

Derelict

OpenVPN spends so much time context switching that AES-NI can help a little but not a lot. Single-thread CPU performance helps the most.

bofr

This is a lot more difficult than I thought.
My current processor gets about 1400 points in single thread according to passmark.
So I would need something with about twice that.
https://www.cpubenchmark.net/singleThread.html
Currently the only processor with that kind of oomph is the 8086 which otherwise seems waaay overpowered for a simple router.
I think I will go with one of the pentium golds. About 1000 points more than now and under $100.

bofr

$400 later and I now have a router based on a G5400.
The other end of the vpn is currently under heavy load so I can't get a good measure but running at 300 mbps gives a cpu usage of about 30%, 100mbit about 10%.
Extrapolating from that..this might actually work.
Will report back later when I get some better speeds.

VAMike

switch to aes-128-gcm