I have this doubt, we have some sites that the processor has the AES-NI feature available, we would like enable to test this feature.
To work, both pfsense boxes doing the vpn must have the feature available and enable?
No. One side can have the feature and the other side can have the feature absent.
But the one without it will probably be a bottleneck to throughput if an AES transform in use.
Them will tested, thanks for your help.