Encryption hardware
-
We have a firewall based on this:
https://www.supermicro.nl/products/system/1U/5018/SYS-5018A-FTN4.cfm
As far as I know, there should be a chip that can assist with encryption on this board. How do we enable this? Where in pfSense 2.3.1 can we set it up?
-
I guess you are talking about AES-NI feature of the CPU?
-
support for quickassist is not yet baked into pfsense (coming soon)
-
I believe there's an option in System > Advanced on one of the tabs to enable AES-NI support. Then you'll want to use the AES-GCM encryption algorithm for IPSEC to take advantage of the hardware acceleration. OpenVPN doesn't (yet?) support AES-GCM, so you won't see any performance increase due to AES-NI for OpenVPN.
It is starting to sound like FreeBSD QuickAssist support might not show up for Rangeley processors.
https://forum.pfsense.org/index.php?topic=108255.0 (posts on page 2 and 3 specifically)
https://www.reddit.com/r/PFSENSE/comments/4earbc/intel_quickassist_availability/ -
As far as I know, there should be a chip that can assist with encryption on this board.
There is not a really extra chip for it, but more a CPU or SoC register that offers AES-NI and over that
it would be able to speed up the IPSec performance if the AES-GCM mode will be chosen.How do we enable this? Where in pfSense 2.3.1 can we set it up?
I think in the version 2.3.1 it is an issue about that and so I personally would be more looking
to go with the version 2.2.6 (64Bit) instead of the version 2.3.1.
