pfsense plus - crypto Accelerator Wireguard / OpenVPN / IPsec
-
I have an Atom system that has QAT extension (Intel Atom C3558) I've just acquired a Sophos XG330 Rev2 and it's go 10Gb SFP+ interfaces.
The CPU in the system is an Intel i5-6500, which will support AES and IIMB. If I recall QAT doesn't accelerate Wireguard?
I have Wireguard for mobiles, OpenVPN with DCO for a laptop and IPSec for S2S with Unifi devices (Unifi terrible for VPN speeds)....
I have a travel router too that is also configured for Wireguard and OpenVPN based on what restrictions might be in place.
-
@mikey_s said in pfsense plus - crypto Accelerator Wireguard / OpenVPN / IPsec:
If I recall QAT doesn't accelerate Wireguard?
That's correct. For the QAT in C3K (1.7) at least it doesn't support ChaCha-Poly used by Wireguard. Later QAT versions an though. If the FreeBSD driver supports them.
-
If the FreeBSD driver supports them.
We see what you did there.
-
Ok many thanks, I moved the plus license to the XG330 Rev2. Hopefully I didn’t make the wrong decision.
Just looking at Skylake CPUs with a view of swapping out the i5-6500. Looking at the t range with high clock speed. T range have on TDP values.
-
@tinfoilmatt said in pfsense plus - crypto Accelerator Wireguard / OpenVPN / IPsec:
If the FreeBSD driver supports them.We see what you did there.
Well there are some newer CPUs with QAT that are not yet supported at all by the driver shipped in pfSense. So YMMV!
