XG-7100 best practice OpenVPN and Hardware Crypto
I'm still not 100% sure about the "best" Hardware Crypto settings for my XG-7100 in OpenVPN.
System -> Advanced -> Misc -> Cryptographic Hardware is set to "AES-NI and BSD Crypto Device".
At the Moment I got 7 OpenVPN Instances (2 RAS, 5 Site-to-Site, 45 more Site-to-Site Instances coming very soon) with Hardware Crypto set to "No Hardware Crypto Acceleration". Possible Settings are "BSD cryptodev engine" and "Intel RDRAND engine".
Encryption Algorithm for most of my Sites is AES-256-GCM, few of them AES-256-CBC.
Any advice and reasons? I know this is some "ask 3 doctors and get 5 different answers" stuff...but maybe anyone can get more specific when it comes to the XG-7100. :-)
Seriously no opinion on this one?
msf2000 last edited by
The XG-7100 has the Atom C3558 CPU in it, which means it support Intel AES-NI instructions. So, that is the best crypto setting in your case.
coreybrett last edited by
I'm curious about this also.
The only options are "BSD cryptodev engine" and "Intel RDRAND engine".
"Intel AES-NI" is not an option.
Pippin last edited by
Do not select anything if CPU supports AES-NI.