OpenVPN and CPU AES-NI



  • I already connected with my VPN provider using pfSense 2.3.3 and the openvpn client.
    The VPN provided a client openvpn.opvn file (aes-256-cbc and sha512)

    I need to optimize my throughput on APU E1-2100 1Ghz mini-itx motherboard which supports cpu AES-NI

    In pfSense, I have already enabled the crpto hardware that was detected.
    Is there are anything else I need to do?
    If I ssh, how do I check that everything is configured propelry?

    Thanks



  • @patrick0525:

    In pfSense, I have already enabled the crpto hardware that was detected.

    Uncheck that. OpenVPN/OpenSSL use hardware crypto by default, and it's rather hard to turn off. Checking the box runs the crypto through the kernel, which tends to be slower.



  • This is my current configuration. Is this correct?

    Openvpn-> Clients-> No Hardware acceleration (Hardware Crypto)

    System-> Advanced -> Miscellaneous-> AES-NI CPU based Acceleration (Cryptographic Hardware)



  • @patrick0525:

    System-> Advanced -> Miscellaneous-> AES-NI CPU based Acceleration (Cryptographic Hardware)

    That's the "make openvpn slower" option. If you're not using ipsec, leave that off.



  • Thanks will do.  I am not using VPN-> iPsec but instead my client is in VPN->OpenVPN.