Netgate-3100 and Crypto Accelerator in OpenVPN?
-
Howdy. I just set up OpenVPN on my SG-3100 for my home/remote office. It works like a charm, as I expected. But, I don't know what the better setting in the OpenVPN server configuration panel for "Hardware Crypto" is. I have either "No hardware crypto acceleration" or "BSD cryptodev engine [...]". On the pfSense dashboard it shows the device has a "Crypto: Marvell Cryptographic Engine and Security Accelerator". The default is "No hardware crypto acceleration". What's the right choice?
-
If you pick a cipher supported by the BSD cryptodev engine (CBC) it automatically selects the BSD cryptodev engine, no matter which option you pick for Hardware Crypto.
-Rico
-
My SG-3100 numbers with OpenVPN (SHA256):
AES-256-CBC 91.4 Mbps AES-256-GCM 83.1 Mbps AES-128-CBC 98.5 Mbps AES-128-GCM 89.2 Mbps-Rico
-
@Rico Those are respectable numbers. I'm curious to know how that would scale with 2 simultaneous connections? I'm thinking it's not entirely CPU bound, so maybe 2 by 60 or 70 Mbps?
-
This post is deleted!
