SG-5100 encryption acceleration settings?



  • I just bought a Netgate SG-5100, which advertises its AES-NI improvements. I couldn't find any specific tips on how to configure pfSense to benefit from that.

    On the Dashboard's "CPU Type" box, it says:
    AES-NI CPU Crypto: Yes (inactive)

    My current OpenVPN Server settings:
    Encryption Algorithm = AES-256-GCM
    NCP Algorithms = AES-256-GCM and AES-128-GCM
    Auth digest algorithm = SHA256

    What should I select for OpenVPN > Servers > MyServer > "Hardware Crypto"? I currently have "No hardware crypto acceleration" selected.

    What should I select for System > Advanced > Miscellaneous > Cryptographic Hardware?



  • Don't know if you've seen it yet, but here's the appropriate page out of the docs:

    https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerator-support.html

    Jeff



  • @akuma1x
    Thanks for posting that for context. I read it before and there's a section in there that isn't very clear so I hope it can also be improved to include clear answers to those questions:

    To take advantage of acceleration in OpenVPN, choose a supported cipher such as aes-128-cbc on each end of a given tunnel, then select BSD Cryptodev Engine for Hardware Crypto.
    

    It's not super clear, but it looks like we should choose a "CBC" mode if we want to use BSD Crypto Acceleration. I assume BSD is not as good as AES-NI, so this isn't want I want.

    Nothing needs selected for OpenVPN to utilize AES-NI. The OpenSSL engine has its own code for handling AES-NI that works well without using the BSD Cryptodev Engine.
    

    This doesn't mention whether a certain mode, such as "GCM", needs to be selected for AES-NI to work with OpenVPN. Also, it says "Nothing needs selected." Does that mean I should choose "None" or does that mean I can choose any option I want and OpenVPN will ignore my selection and automatically use AES-NI? If that setting doesn't matter, maybe they should remove that setting or at least put in the notes below it something like "This setting has no effect on OpenVPN"?

    Also, that page doesn't appear to mention the "Hardware Crypto" setting on the OpenVPN > Servers > Edit page.


  • Netgate Administrator

    Yeah for OpenVPN you don't have to do anything to take advantage of AES-NI. OpenSSL will detect the CPU supports it and use it anyway. The one thing you should avoid is selecting aes-ni and the bsd crypto framwork as that can end up using the aes-ni module through the framework which is slower than using it directly.
    Using AES-GCM and no hash (since it's not needed for an AEAD algorithm) will be fastest/use least CPU.
    Do not select hardware crypto in the OpenVPN settings.

    You would still need to select aes-ni to enable it for IPSec if you're using that as well.

    Steve



  • I want to make sure we're not confusing the "Hardware Crypto" setting with the "Cryptographic Hardware" setting.

    @stephenw10 said in SG-5100 encryption acceleration settings?:

    Yeah for OpenVPN you don't have to do anything to take advantage of AES-NI. OpenSSL will detect the CPU supports it and use it anyway.

    On the referenced Netgate doc page in the section titled "OpenVPN", the first two sentences specify the OpenVPN Server setting called "Hardware Crypto" but the third sentence that says "nothing needs selected for OpenVPN to utilize AES-NI" doesn't specify which setting it's referring to.

    1. When it says "Nothing needs selected," is that still referring to the "Hardware Crypto" setting or the "Cryptographic Hardware" setting?

    2. If it's referring to the "Hardware Crypto" setting, then what about the "Cryptographic Hardware" setting?

    3. Does "Nothing needs selected" mean OpenVPN will work the same (use AES-NI directly) regardless of which option I select on either of those settings, or does it mean I MUST select the option called "None" on both/either settings?

    The one thing you should avoid is selecting aes-ni and the bsd crypto framwork as that can end up using the aes-ni module through the framework which is slower than using it directly.

    See, now you're talking about the other setting, "Cryptographic Hardware" right after talking about the "Hardware Crypto" setting.

    1. Do I understand you correctly: setting "Cryptographic Hardware" to "None" or "AES-NI CPU-based Acceleration" will use the CPU for AES-NI directly, but selecting "AES-NI and BSD Crypto Device" will use it indirectly and is never recommended?

    2. Since OpenVPN detects and uses AES-NI automatically, why does my dashboard say "AES-NI CPU Crypto: Yes (inactive)" while I have several OpenVPN connections running?

    3. Since OpenVPN detects and uses AES-NI automatically, what all is affected by the "Cryptographic Hardware" setting? I think you said IPsec VPNs is one thing.

    Using AES-GCM and no hash (since it's not needed for an AEAD algorithm) will be fastest/use least CPU.

    I think by "hash," you're referring to the setting called "Auth digest algorithm".

    1. In pfSense, there's a note below that setting that says "When an AEAD Encryption Algorithm mode is used, such as AES-GCM, this digest is used for the control channel only, not the data channel." That note seems to say that selecting SHA256 here actually does improve security of the control channel, so does your recommendation to set this to "None" for the performance gain also take into account the reduction in security?

    Do not select hardware crypto in the OpenVPN settings.

    1. Ok, but what is that setting for?

    2. It's sounding like the "No Hardware Crypto Acceleration" option should definitely be renamed to "AES-NI if available, otherwise none." Should I make a redmine ticket for this?

    3. I think the doc should be improved because it contradicts itself. The 1st sentence says "To take advantage of acceleration in OpenVPN ... select BSD Cryptodev Engine for Hardware Crypto" and the 3rd sentence implies that nothing needs to be selected for AES-NI, which is a type of acceleration.


  • Netgate Administrator

    Which document are you referring to here exactly?
    This I assume? https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerator-support.html

    "nothing needs selected for OpenVPN to utilize AES-NI" applies to both the system setting and the OpenVPN server setting. Both can be left set as None and OpenSSL will use the instructions if the CPU supports it.

    If you select BSD Cryptodev Engine in OpenVPN and you select AES-NI and BSD Crypto Device in the system setting you may end up with and the crypto calls going via cryptodev which is far more cpu cycles that using aes-ni directly so don't do that. It's been a while since I tested it though, there may be code to prevent that now.

    You don't have to select 'None' on both. If you were also using IPSec you would want to select AES-NI as the system setting.

    Yes, you're right about the auth algorithm, I was conflating that info with IPSec. It should not make any difference since the vast majority of the traffic is data and selecting AES-GCM will automatically stop authenticating data channel traffic separately.

    My advice there was for the SG-5100 specifically. Other hardware with different encryption accelerators would need to select BSD Cryptodev Engine in the OpenVPN server. The SG-3100 does for example.
    AES-NI is odd because it is not "Cryptographic Hardware" in the traditional sense. It is simply additional instructions supported by the CPU. If code has been written and compiled to take advantage of those instructions it will.
    What that system setting is actually doing it choosing which kernel modules to load: aesni.ko or cryptodev.ko or both.
    As I understand it the AES-NI module allows code that was not written to take advantage of the new instructions directly to use it via the BSD crypto framework.

    The the SG-5100 in the vast majority of use cases you will want to set "Cryptographic Hardware" to AES-NI and leave any OpenVPN instances set as None for Hardware crypto.

    Steve


  • Rebel Alliance Developer Netgate

    The OpenVPN option text should probably be renamed. The engine command in OpenVPN isn't required. When it's unset then it automatically selects a device which supports accelerating whatever cipher it's trying to use.

    When it's set to a specific engine, it's supposed to prefer that engine but I don't believe it's restricted to only using that engine. Since most things only have 0-1 available usable engine types, that's not so easy to test.

    So really the No Hardware Crypto Acceleration line should be Use any available cryptographic hardware device or something along those lines.



  • This post is deleted!