aes ni hardware acceleration inactive, whos fault is it and what can be done?



  • After finally successfully setting up open vpn with nord on pfsense I was expecting to see the hardware acceleration active. (especially since I enabled it in the client) upon contacting nord they claim their servers don't support aes-ni. they use aes-256gcm and aes-256cbc. I didn't even see a aes-ni as an option when setting up the client but I would assume hardware acceleration would be active on any aes protocol unless aes-ni is a protocol itself but I figured it was an instruction set on the processor?

    but if what the tech said is true, and theres no way to use hardware acceleration on nords servers, how do I go about finding a vpn service that does support it other than emailing them each one and asking? (googling vpns that support aes-ni didn't seem to help much) other requirements would be off shore, and somewhat reasonably priced, but since my list of demands is getting longer and longer im willing to pay more than $3
    a month.



  • What did you see that made you believe AES-NI is inactive? AES-NI is local hardware crypto acceleration, so whether it's active on your machine is not influenced at all by whether it's active on a remote server. Maybe NordVPN meant that not all of their servers have processors with AES-NI? It's not clear. But I would bet that if you're not seeing the speeds you'd like over a VPN, odds are much better that it's just server congestion than lack of AES-NI.



  • @thenarc thank you for replying. because every server I connect to (tried 5 last night) showed whats displayed in the screen shot and because without vpn I get about 12MBps and with usually 2-3MBps though if I try long enough I might find one with 5MPs and because of what the nord tech said.0_1548797512590_Screenshot (25).png



  • @calbha Check your setting in "System > Advanced > Miscellaneous" under "Cryptographic Hardware". Make sure it's set to "AES-NI CPU-based Acceleration". I believe that on the Dashboard, AES-NI should be reported as "active" even if it's not actually being used. In other words, the "Yes" means that it's available in the processor and "active" means that it's enabled by pfSense.



  • @thenarc 9MBPS that's not bad! you have a place to stay if youre ever in Arizona



  • @calbha Haha glad it worked! Also if you haven't used VPN providers before, it's common for maximum speeds to vary quite a bit among different servers, or even at different times on the same server.



  • @thenarc yeah I completely understand which is why I'm okay at 9 with a 12 connection cause it's still 3 times faster than 2-3 which is what I was getting before.



  • @thenarc is 48-54 degrees Celsius safe for long periods? what worries me even more is that I live in Arizona.....its winter.....summers get bad here and my bedroom can reach over 80 degrees f easily even with the ac on.



  • So the "maximum temperature allowed at the processor die" for that processor is 105C. (https://ark.intel.com/products/85212/Intel-Core-i5-5200U-Processor-3M-Cache-up-to-2-70-GHz-). Of course, you don't want to get too near that, but 54C is perfectly fine. I'd keep an eye on it in the summer for sure; I think as a rule of thumb it'd good to keep it at or below around 65C. I only say that because I think a lot of BIOSes use that as their default "thermal warning" value.


Log in to reply