23.09.01 Hardware Crypto showing No Hardware Crypto Acceleration for system with crypto chip installed
-
@stephenw10 I do have it enabled, though VM stat still shows no increments Or any status for the Chip what can be done to correct that? Thanks for the reply. Have a good day.
Just for clarification the new 2100s ship without a cypher chip? My version was the more expensive 2100MAX it came with a SSD and the cypher chip. Is it possible the updates repos do not know difference between the older 2100? and the new 2100s?
Like a hypothetical model 2100A and 2100B ????
If so how can I get my chip to work the speed is drastically different on VPN use with it enabled.
-
Try disabling iimb. That will try to register against many of the same ciphers.
-
@stephenw10 I did that same results dang. Please let me know if you find a advanced option for customers like me.
-
Do you actually see a reduction in throughput though? Or an increase in CPU usage?
-
@stephenw10 yes with use on 22.05.01.
-
Like throughput is lower in 23.09.1 compared to 23.05.1?
-
@stephenw10 let me test again hold on I turned 23.09.01 on again.
Nope it’s 130kbs with dsl on 23.09.01
It’s 123kb in 23.05.01Just checked with my pdfs again.
-
Hmm, those seem very low numbers. I can't imagine you'd be able to see the difference at those rates.
-
@stephenw10 low bill too :) that ID error is why I think it has issues would ath0 cause this ?
-
No this is nothing to do with the ath card or newer 2100s without the crypto cert device. OpenSSL no longer supports BSD cryptodev as an engine so the option to select it was removed from OpenVPN for all hardware.
Which ID error are you referring to?
-
The id error shows on 23.09.01 every time does not show in 23.05.01
-
Ah OK. That seems unlikely to be related to the crypto hardware. If you disable safeXcel but keep DCO enabled does it still show?
-
@stephenw10 I have to swap boot environments when my wife goes to work after that I can check.
To confirm you want me to disable the chip on the advanced menu?
-
Yes, then boot so the safexcel module is not loaded. Then check the openvpn logs again. I expect that ID error to still be present.
-
@stephenw10 side note, can I do a boot environment and load 24 dev os or will that cause issues going back to 23.09?
-
Yes you can do that. There's no problem booting back to 23.09.1.
-
Yes this is as you expected. It still occurs with the hardware disabled.
-
Ok digging into that. I can only see one other reference to that kind of ID error.
Is that process an OpenVPN server?
How are the clients defined?
-
I also see this id error in my 23.05.01 ssd on connects. I didn’t notice it until today
-
I see no error in the logs posted above but that aside.....
The message
dco_update_peer_stat: invalid peer ID 0 returned by kernelis not related to the issue described.
This can happen if userland has already forgotten a peer and kernel sends "post-disconnect stats" which seems to be the caseopenvpn server 'ovpns1' user 'LeeFamilyVPN'address 'x.x.x.x' disconnectedright after the message.
