G4400, aes ni not an option
-
Running /usr/bin/openssl engine -t -c
I get the output
[2.2.6-RELEASE][root@pfSense.localdomain]/root: /usr/bin/openssl engine -t -c (cryptodev) BSD cryptodev engine [RSA, DSA, DH] [ available ] (rsax) RSAX engine support [RSA] [ available ] (rdrand) Intel RDRAND engine [RAND] [ available ] (dynamic) Dynamic engine loading support [ unavailable ]
There is no aes-128 in the output, anyone have any idea?
[2.2.6-RELEASE][root@pfSense.localdomain]/root: openssl speed -evp aes-128-cbc -engine cryptodev engine "cryptodev" set. Doing aes-128-cbc for 3s on 16 size blocks: 207206376 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 64 size blocks: 56470392 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 256 size blocks: 14539010 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 3653627 aes-128-cbc's in 2.98s Doing aes-128-cbc for 3s on 8192 size blocks: 459608 aes-128-cbc's in 3.00s OpenSSL 1.0.1l-freebsd 15 Jan 2015 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-cbc 1105100.67k 1204701.70k 1240662.19k 1253634.03k 1255036.25k [2.2.6-RELEASE][root@pfSense.localdomain]/root: engine "cryptodev" set.
Actually just running
kldload aesni
Seems to make it work. I see aes-128-cbc in the openvpn section for the bsd acceleration now.
EDIT:
Oh… System > advanced setup > MiscYou can enable aes ni there