Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    New pfsense router - setup openvpn which encryption for AES-NI

    OpenVPN
    4
    8
    743
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stevetoza last edited by

      Hi all,

      I'm just setting up a new pfSense router for our office, which we will be using OpenVPN for staff, so they can connect inbound. The CPU has AES-NI, I was wondering what was the best option in terms of

      Encryption Algorithm
      NCP Algorithms
      Auth digest algorithm

      The speed etc. I've searched the forums theres so much information around this.

      Many Thanks
      Steve

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        I would just try with the defaults and then start looking for solutions if you have an actual problem with performance.

        1 Reply Last reply Reply Quote 0
        • S
          stevetoza last edited by

          @KOM - thanks for the reply, what defaults would you choose?

          JKnott 1 Reply Last reply Reply Quote 0
          • JKnott
            JKnott @stevetoza last edited by

            @stevetoza said in New pfsense router - setup openvpn which encryption for AES-NI:

            @KOM - thanks for the reply, what defaults would you choose?

            The default ones. 😉

            1 Reply Last reply Reply Quote 1
            • Rico
              Rico LAYER 8 Rebel Alliance last edited by

              Personally I suggest AES-256-GCM or AES-128-GCM depending on horse power.

              -Rico

              S 1 Reply Last reply Reply Quote 0
              • S
                stevetoza @Rico last edited by

                @rico Thanks, its a
                Intel(R) Atom(TM) CPU E3845 @ 1.91GHz
                4 CPUs: 1 package(s) x 4 core(s)
                AES-NI CPU Crypto: Yes (active)

                What would you choose for the below settings

                Encryption Algorithm
                NCP Algorithms
                Auth digest algorithm

                1 Reply Last reply Reply Quote 0
                • Rico
                  Rico LAYER 8 Rebel Alliance last edited by

                  My OpenVPN RAS Settings:
                  0_1544517892506_ras_setup.png

                  I don't use/like NCP. ;-)

                  -Rico

                  S 1 Reply Last reply Reply Quote 1
                  • S
                    stevetoza @Rico last edited by

                    @rico Thanks for sharing

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy