Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AES-NI and OpenVPN?

    Scheduled Pinned Locked Moved
    Hardware
    5
    45
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RobbieTTR
      RobbieTT @Dobby_
      last edited by

      @dobby_ said in AES-NI and OpenVPN?:

      @robbiett

      please have a look at the Intel QAT, because this is loaded instead of the AES-NI!!!! You can use AES-NI or Intel QAT
      but not both!

      Err, I did.

      I literally stated my assumption that QAT was preferred over AES-NI and the graphic showing QAT (active) & AES-NI (inactive) is my own (!!!!...?).

      1 Reply Last reply Reply Quote 0
      • J
        JimBob Indiana @Dobby_
        last edited by

        @dobby_ I have no idea why mine said Inactive and now says Active. All I did was mess with the vpn stuff just to see what is required.

        Dobby_D 1 Reply Last reply Reply Quote 0
        • Dobby_D
          Dobby_ @JimBob Indiana
          last edited by

          @jimbob-indiana said in AES-NI and OpenVPN?:

          @dobby_ I have no idea why mine said Inactive and now says Active. All I did was mess with the vpn stuff just to see what is required.

          I was only changing the settings in the filed shown below
          in the picture (red arrow), after that the AES-NI was shown
          permanent as "active" and this also with no configured VPN! I was choosing both entries from the menue:
          AES-NI & CryptoDev

          So I think since that, the CryptoDev is taking contact to the
          AES-NI and there fore it will be announced as "active".

          AES_NI Cryptodev.jpg

          #~. @Dobby

          Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
          PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
          PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            The active/inactive label only indicates whether or not the module is loaded. Not whether it's actually in use.

            Technically you could load both modules but since both would attempt to register for the same crypto algorithms the result would be confusing. So the webgui only offers the choice to load one of them.

            RobbieTTR 1 Reply Last reply Reply Quote 2
            • RobbieTTR
              RobbieTT @stephenw10
              last edited by

              @stephenw10 Hey, an assumption turned out right! My journey into full pfSense nirvana continues. 😇

              1 Reply Last reply Reply Quote 1
              • First post
                Last post