XG-7100 best practice OpenVPN and Hardware Crypto

  • LAYER 8 Rebel Alliance


    I'm still not 100% sure about the "best" Hardware Crypto settings for my XG-7100 in OpenVPN.
    System -> Advanced -> Misc -> Cryptographic Hardware is set to "AES-NI and BSD Crypto Device".
    At the Moment I got 7 OpenVPN Instances (2 RAS, 5 Site-to-Site, 45 more Site-to-Site Instances coming very soon) with Hardware Crypto set to "No Hardware Crypto Acceleration". Possible Settings are "BSD cryptodev engine" and "Intel RDRAND engine".
    Encryption Algorithm for most of my Sites is AES-256-GCM, few of them AES-256-CBC.
    Any advice and reasons? I know this is some "ask 3 doctors and get 5 different answers" stuff...but maybe anyone can get more specific when it comes to the XG-7100. :-)



  • LAYER 8 Rebel Alliance

    Seriously no opinion on this one? 😐


  • The XG-7100 has the Atom C3558 CPU in it, which means it support Intel AES-NI instructions. So, that is the best crypto setting in your case.

  • I'm curious about this also.

    The only options are "BSD cryptodev engine" and "Intel RDRAND engine".

    "Intel AES-NI" is not an option.

  • Do not select anything if CPU supports AES-NI.

Log in to reply