Hardware Crypto device.
-
HI All,
The 2.0 is rocks, I decided to upgrade my vpn throughput.
I have two Broadcom BCM5825 that has no driver in 1.2X version,
So I decided to try the 2.0 Beta 4, which has the driver for this card.
The two Pfsenses are connected with 1Gb circuit and I'm unable to cross the 250Mb, I'm using AES-256 which supported by the card.
How can I verify that the hardware crypto is used? I have read that in 1.2X version it was written under the platform.Many Thanks
David, -
I've not used 2.0 yet with HW crypto, but it takes a lot of CPU power for 1 Gbit/s. What kind of hardware are you using (CPUs, RAM, NICs)?
-
I'm using an old hardware intel 5100 Server dual quad core xeon 1.6Ghs with 16Gb of ram with Intel NICS.
Without encryption I can transfer easily 700Mb, but with IPSEC I need more power and I hope to get it from the crypto card,
Thanks
David, -
I'm not familiar with what the hardware is supposed to push, but often times modern CPUs can do a better job in software. Also, check out the man page:
@FreeBSD:Broadcom BCM5823 A BCM5822 with AES capability.
Broadcom BCM5825 Faster version of the BCM5823.BUGS
The BCM5801 and BCM5802 have not actually been tested. The AES capabil-
ity of the BCM5823 is not yet supported; it is awaiting public disclosure
of programming information from Broadcom. -
Thank You,
So I should be able use 3DES or DES with it? Is there any simple test I can do like openssl speed to make sure?Thanks Again,,
-
Does the driver show up in dmesg?
We have to add code to show the crypto devices in the dashboard, and I'm not sure we've seen one of those yet.
You can try some of the openssl tests shown here:
http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported