Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-1100 Crypto Hardware

    Scheduled Pinned Locked Moved Official NetgateĀ® Hardware
    55 Posts 21 Posters 17.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rdsmith24R
      rdsmith24
      last edited by

      I recently purchased one of these goodies and I coming from "big iron" Intel box down to this baby so its taking a little getting used to on the relatively less horsepower and memory. So far so good just trying to get the optimal rule sets loaded for Suricata sorted out with so much less memory.

      Questions:

      1. The Dashboard indicates no cryptographic hardware even after toggling the Intel or the BSD options under (Advanced) I think. Does this device in fact have the ability to do hardware crypto?

      2. Is there the ability to do any hardware offloading by the NIC's? I haven't change anything in the configuration yet...

      Thanks

      Wallace_n_GromitW 1 Reply Last reply Reply Quote 0
      • chrismacmahonC
        chrismacmahon
        last edited by

        The Dashboard indicates no cryptographic hardware even after toggling the Intel or the BSD options under (Advanced) I think. Does this device in fact have the ability to do hardware crypto?

        We are still working on the hardware crypto driver. If the concern is "will this be supported in the future?" Yes we will support this for it's entire product life cycle.

        Need help fast? Our support is available 24/7 https://www.netgate.com/support/

        Do Not PM For Help!

        1 Reply Last reply Reply Quote 0
        • T
          Taz79
          last edited by

          I tried to find documentation how to activate this in the correct way. But i was not able too. Is there support for this now? In that case is there some documentation what setting should be active?

          5ca4b929-424b-4964-8044-3acf230c3901-image.png

          1 Reply Last reply Reply Quote 0
          • T
            Taz79
            last edited by

            Is it this setting i have to change? What should i choose?

            ec382c0e-893e-43cf-bac6-b88c3230d42d-image.png

            1 Reply Last reply Reply Quote 0
            • chrismacmahonC
              chrismacmahon
              last edited by

              We are still aggressively working on the driver for the SG-1100; there is no setting you need to change to enable it.

              Need help fast? Our support is available 24/7 https://www.netgate.com/support/

              Do Not PM For Help!

              T K D 3 Replies Last reply Reply Quote 2
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Yes, there is no way to enable it right now but you will want 'BSD crypto device' selected there to use the driver when it is included.

                Steve

                1 Reply Last reply Reply Quote 2
                • T
                  Taz79 @chrismacmahon
                  last edited by

                  @chrismacmahon said in SG-1100 Crypto Hardware:

                  We are still aggressively working on the driver for the SG-1100; there is no setting you need to change to enable it.

                  AH! Ok. Good. That was on my "to-do list".. One less point to worry about for me then ;) .. No rush for my sake! :)

                  1 Reply Last reply Reply Quote 0
                  • K
                    kejianshi @chrismacmahon
                    last edited by kejianshi

                    @chrismacmahon So, what is the openvpn performance of this machine with no hardware crypto acceleration? (Which by the way is something that should have been in big bold red letters in the advertisements and specifications. I have an expectation that all new pfsense hardware will have WORKING hardware crypto acceleration. I do not like my first hint that it might not work yet being me getting the unit, turning it on and seeing "Crypto: (Inactive)". I do not trust "The check is in the mail" with no timeframes mentioned. If I built a pfsense of course unsupported features are not your problem, but when I buy direct from Netgate I have an expectation of a product with primary features that work. Crypto acceleration is a primary feature. If I didn't need/want it I could use a computer that is 2 decades old.

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      Taz79 @kejianshi
                      last edited by

                      @kejianshi i have done tests with my 100Mbit line and VPN works great with top speed. I have 2 tunnels running and i think i have not seen any cpu usage above 50%.. I think i read somewhere that it can do 900Mbit but dont quote me on that.

                      K 1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi @Taz79
                        last edited by

                        @Taz79 I hope you are right. I don't need to max out gigabit ethernet or anything. Just run a few tunnels with relatively low bandwidth requirement. 10 - 30 MB/s. I just don't like being surprised (-;
                        Thanks for your reply. Its encouraging. I just got this thing hooked up from about 8700 miles away and I'm really hoping its as stable as the box its replacing. I do like the low power, small form factor etc etc. I will configure the VPN and let you know how it performs long-haul.

                        T 1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          I have seen ~150Mbps OpenVPN in local iperf3 testing here. Latency and packet size variation etc will impact that though.

                          Steve

                          K 1 Reply Last reply Reply Quote 1
                          • T
                            Taz79 @kejianshi
                            last edited by

                            @kejianshi the 900Mbit i saw must have been the performance of the routing. Not the VPN speed when i think about it. But i have tested with 117Mbit/s that is my max speed of my connection and it works great. My box were up for 65 days before i needed to shut it down to move it :)

                            1 Reply Last reply Reply Quote 1
                            • K
                              kejianshi @stephenw10
                              last edited by

                              @stephenw10 Thanks old timer. Still at it huh? This tiny box is replacing a AMD X2 3800... I got a LOT of miles out of that box!

                              1 Reply Last reply Reply Quote 0
                              • stephenw10S
                                stephenw10 Netgate Administrator
                                last edited by

                                Yup, still here. šŸ˜€

                                1 Reply Last reply Reply Quote 0
                                • P
                                  PhlMike
                                  last edited by PhlMike

                                  Any ballpark estimates on the gains that will be seen by even supporting the hardware cryptography?
                                  I'm assuming in daily operation it won't matter so much but only on ipsec and openvpn.

                                  I bought a few of these, I might put one in place of my current home FW which is a 3rd gen Intel Core i5 on an Intel DQ77MK mobo. I have 500mbps internet and three ipsec vpn tunnels, and 2 vlans.

                                  1 Reply Last reply Reply Quote 0
                                  • chrismacmahonC
                                    chrismacmahon
                                    last edited by

                                    We are doing the work on our own on this, we do expect gains but to put out firm numbers would be a disservice to all involved.

                                    Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                                    Do Not PM For Help!

                                    B 1 Reply Last reply Reply Quote 1
                                    • B
                                      bigsy @chrismacmahon
                                      last edited by

                                      @chrismacmahon
                                      Will there be any support for the crypto hardware on the SG-1000 (now EoS)?

                                      1 Reply Last reply Reply Quote 0
                                      • chrismacmahonC
                                        chrismacmahon
                                        last edited by

                                        That's a good question. Let me get back to you on that.

                                        Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                                        Do Not PM For Help!

                                        1 Reply Last reply Reply Quote 0
                                        • chrismacmahonC
                                          chrismacmahon
                                          last edited by

                                          @bigsy We don't think the work will be impacting the SG-1000.

                                          Need help fast? Our support is available 24/7 https://www.netgate.com/support/

                                          Do Not PM For Help!

                                          1 Reply Last reply Reply Quote 1
                                          • D
                                            dhw @chrismacmahon
                                            last edited by

                                            @chrismacmahon Thanks for all your hard work! What would be the best way to keep tabs on the development of this driver?

                                            1 Reply Last reply Reply Quote 2
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.