Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Do I have to activate AES-NI manually in my pfsense firewall?

    Scheduled Pinned Locked Moved
    OpenVPN
    4
    7
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Elrick75
      last edited by

      Good morning, everyone,

      I use OpenVPN on pfSense and it works properly.
      I just found out that it was possible to set up hardware support for Cryptography.

      Currently is set at None, I thought the default setting was on the most optimized value by default to exploit my hardware but that doesn't seem to be the case.

      063b8098-0f27-48d0-8bc4-966f270141e2-image.png

      I think I need to change it manually given my hardware configuration?

      285d9a1e-2765-463e-a976-2055819b08a1-image.png

      Should I choose AES-NI Cpu-based acceleration or AES-NI and BSD Crypto Device?

      bdb101e9-6758-4626-94f1-17aa8c0fe092-image.png

      Thank you for your valuable advice.

      provelsP 1 Reply Last reply Reply Quote 0
      • provelsP
        provels @Elrick75
        last edited by

        @Elrick75 Yes.

        Peder

        MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
        BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

        1 Reply Last reply Reply Quote 0
        • E
          Elrick75
          last edited by

          Yes, but what choice? AES-NI Cpu-based acceleration or AES-NI and BSD Crypto Device?

          1 Reply Last reply Reply Quote 0
          • B
            bcruze
            last edited by

            For that intel processor aes-ni

            1 Reply Last reply Reply Quote 0
            • E
              Elrick75
              last edited by

              @Elrick75 said in Do I have to activate AES-NI manually in my pfsense firewall?:

              AES-NI Cpu-based acceleration

              Just to be clear, only AES-NI Cpu-based acceleration, right ?

              1 Reply Last reply Reply Quote 0
              • E
                Elrick75
                last edited by

                Thanks.

                1 Reply Last reply Reply Quote 0
                • N
                  nirmalts
                  last edited by nirmalts

                  The documentation seems to be pointing out that it doesnt really matter if it is chosen or not openVPN will automatically detect AES-NI and use it, if available, right?

                  Nothing needs selected for OpenVPN to utilize AES-NI. The OpenSSL engine has its own code for handling AES-NI that works well without using the BSD Cryptodev Engine.

                  https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerator-support.html

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post