3. XG-7100 best practice OpenVPN and Hardware Crypto

XG-7100 best practice OpenVPN and Hardware Crypto

  • LAYER 8 Rebel Alliance

    Hi,

    I'm still not 100% sure about the "best" Hardware Crypto settings for my XG-7100 in OpenVPN.
    System -> Advanced -> Misc -> Cryptographic Hardware is set to "AES-NI and BSD Crypto Device".
    At the Moment I got 7 OpenVPN Instances (2 RAS, 5 Site-to-Site, 45 more Site-to-Site Instances coming very soon) with Hardware Crypto set to "No Hardware Crypto Acceleration". Possible Settings are "BSD cryptodev engine" and "Intel RDRAND engine".
    Encryption Algorithm for most of my Sites is AES-256-GCM, few of them AES-256-CBC.
    Any advice and reasons? I know this is some "ask 3 doctors and get 5 different answers" stuff...but maybe anyone can get more specific when it comes to the XG-7100. :-)

    Thanks!

    -Rico

    0
  • LAYER 8 Rebel Alliance

    Seriously no opinion on this one? 😐

    -Rico

    0
  • M

    The XG-7100 has the Atom C3558 CPU in it, which means it support Intel AES-NI instructions. So, that is the best crypto setting in your case.

    0
  • C

    I'm curious about this also.

    The only options are "BSD cryptodev engine" and "Intel RDRAND engine".

    "Intel AES-NI" is not an option.

    0

  • Do not select anything if CPU supports AES-NI.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy