Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AES-NI

    OpenVPN
    4
    7
    666
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chrysmon
      last edited by

      Hello,
      My CPU is E5-1650 v3 and according to all reports about it I found it supports AES acceleration. But pfSense detects the CPU without AES-NI (AES-NI CPU Crypto: No IPsec-MB Crypto: Yes (inactive) QAT Crypto: No)
      How can I be sure the next CPU will have the AES-NI enabled in pfSense? Of course the official specifications have it supported (like the actual CPU).

      T D S 3 Replies Last reply Reply Quote 0
      • T
        tedquade @chrysmon
        last edited by

        @chrysmon

        The following site probably will help with information:

        https://www.cpu-world.com/index.html

        Ted

        1 Reply Last reply Reply Quote 0
        • D
          dave.opc @chrysmon
          last edited by

          @chrysmon
          maybe you have something disabled in BIOS?

          1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @chrysmon
            last edited by

            @chrysmon IPSec-MB is “preferred” anyway if detected: https://docs.netgate.com/pfsense/en/latest/config/advanced-misc.html#cryptographic-thermal-hardware

            Do you have AES-NI enabled in pfSense?

            https://docs.netgate.com/pfsense/en/latest/hardware/cryptographic-accelerators.html#activating-the-hardware

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            C 1 Reply Last reply Reply Quote 0
            • C
              chrysmon @SteveITS
              last edited by

              @SteveITS Nothing in BIOS related and disabled. I can enable AES-NI but it is not working. The CPU information says AES-NI is not available so cannot be active. For some reason it's not detected or is not compatible. With the same installation/setting on older CPUs it's working. I'm a little concerned because I will buy a new system and want to have hardware crypto active.

              D 1 Reply Last reply Reply Quote 0
              • D
                dave.opc @chrysmon
                last edited by

                @chrysmon
                update bios?

                C 1 Reply Last reply Reply Quote 0
                • C
                  chrysmon @dave.opc
                  last edited by

                  @dave-opc I had the workstation as my work computer for a while and it had no updates, it's an old Fujitsu Celsius M740. I will check again, have to switch to the 2nd machine and put back the windows disk.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.