invalid peer ID returned by kernel
-
Is there anyway to increase the buffer manually without updating ?
No
I can not update and the next update removes the Safexcel support it no longer lists it
SafeXcel Crypto support has not been removed.
-
@kprovost What’s weird is the interrupt counters don’t run anymore in the newer version which is on the 2100 so I assume that it’s not functional
-
@JonathanLee I've just checked on my 2100 and it's happily using the safexcel0 device:
[24.11-BETA][root@pfSense.jupiter.sigsegv.be]/root: vmstat -i interrupt total rate gic0,p14:-ic_timer0 14103892 179 gic0,s2: iichb1 400 0 gic0,s11: uart0 4934 0 gic0,s20: safexcel0 622626 8 gic0,s21: safexcel0 454201 6 ...What does the 'CPU Type' on the 'System Information' widget show?
For example, you may have selected IIMB as your cryptographic accelerator rather than SafeXcel.Mine shows:
IPsec-MB Crypto: Yes (inactive) SafeXcel Crypto: Yes (active) -
@kprovost I use the command line info. vmstat -i | grep safexcel This shows no change or increase with the updated software vs the older version.
-
@kprovost I have both selected in the widget is that ok for VPN ?
-
Should they both not be enabled ?
-
@JonathanLee I mean, you can't use both at the same time. The data's only ever going to be processed by one of them. I'd have to go dig deep in the code to tell you how the selection is made if both are enabled, but it looks like in this case it ends up using IIMB.
IIMB is fine, but probably not quite as fast as SafeXcel. You're getting crypto acceleration either way, just in a different way.
-
@kprovost I marked the other one inactive
-
@kprovost do you enable max mss clamping ?
-
@kprovost thanks for your help I went from 18kbs-200 up to 580kbs that was significant with mss clamping max enabled
