VPN and AES-NI



  • Hi All,

    TL;DR - If I'm planning on using my pfSense router to connect to a well-known commercial VPN company (for general privacy) - or even setup my own VPN, am I going to hit performance/security issues if my hardware does not support AES-NI (which it doesn't)?

    First time poster and new user to pfSense.

    Apologies, I'm sure this has been discussed previously (I have searched the forums but there are so many posts with the keywords of 'VPN' and 'AES-NI' and I'm a little lost) so I just wanted to clarify.

    Background:
    I've just built a pfSense box on a Fujitsu S900 Thin-Client and was googling something and came across the whole v2.5/AES-NI announcement/discussion. Without getting into the nature of that discussion - which seems to be fairly divisive -  one of the main points I kept reading was:

    (paraphrasing) "AES-NI was only previously discussed when talking about VPN" <prior to="" the="" v2.5="" announcement="">This is the bit I'm interested in, as one of the main reasons I'm switching to pfSense from a commercial router/modem is to use VPN with a well known VPN provider for the usual security/privacy stuff for my home devices and a couple of servers, and maybe setup my own VPN at some point in the future.

    Question: As the S900's CPU does not support AES-NI,  am I going to hit issues in either performance or security (or any other manner?) when connecting it to a VPN provider - or even setting up my own custom VPN?

    Really appreciate anyone taking the time to read/reply or for any info anyone can provide.

    Many Thanks :)</prior>



  • I can not give you any scientifically sound information on it (Steve probably can), yet, I am using VPN with a Celeron without AES-NI, to download usenet movies, and I have 150 Mbit down, so I think the lack of AES-NI is not a performance problem.