How can I get OpenVPN to use QAT acceleration offload?
-
I'm running Pf+ 21.02.2-RELEASE and just uninstalled Wireguard (sad face), which I was using previously to connect to Private Internet Access. I have now resorted back to OpenVPN where single-threaded CPU utilization has jumped significantly and throughput tanked.
I have QAT offload enabled which works great for IPSec (AES-128 CBC and GCM). But when I set AES-128 CBC or GCM in OpenVPN, there appears to be no QAT acceleration. I can verify that by entering "vmstat -I" from a console and the counters do not increase.
Am I doing something wrong? Or, any other way to get OpenVPN to take advantage of QAT acceleration? Thanks
-
@ensnare My guess is it's related to this issue. There's no actual QAT acceleration of OpenSSL. I tried compiling it myself, but I can't manage to get a FreeBSD build environment up to Intel's standards. All pfsense needs to do is ship the built binary in /usr/lib/engines/ and it will work.
-
@johnnyfive Yeah this is the problem - what a shame. It would be really great to have full acceleration using QuickAssist!