Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VIA Padlock Hardware Crypto für IPSec

    Deutsch
    1
    1
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tpf
      last edited by

      Servus!

      Mein VIA C7-D hat ja VIA Padlock onboard, welches ich gerne für IPSec nutzen möchte. Anhand der CPU-Auslastung und des Durchsatzes vermute ich das Padlock nicht genutzt wird.

      Ich habe auch mal ne Runde getestet:

      [2.0-RELEASE][root@pfsense.localdomain]/boot/modules(31): openssl speed -elapsed -evp aes128 -engine cryptodev
      engine "cryptodev" set.
      You have chosen to measure elapsed time instead of user CPU time.
      To get the most accurate results, try to run this
      program when this computer is idle.
      Doing aes-128-cbc for 3s on 16 size blocks: 789674 aes-128-cbc's in 3.00s
      Doing aes-128-cbc for 3s on 64 size blocks: 986427 aes-128-cbc's in 3.01s
      Doing aes-128-cbc for 3s on 256 size blocks: 909672 aes-128-cbc's in 3.01s
      Doing aes-128-cbc for 3s on 1024 size blocks: 654516 aes-128-cbc's in 3.01s
      Doing aes-128-cbc for 3s on 8192 size blocks: 124498 aes-128-cbc's in 3.01s
      OpenSSL 0.9.8n 24 Mar 2010
      built on: date not available
      options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
      compiler: cc
      available timing options: USE_TOD HZ=128 [sysconf value]
      timing function used: gettimeofday
      The 'numbers' are in 1000s of bytes per second processed.
      type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
      aes-128-cbc       4205.63k    20976.12k    77370.13k   222675.38k   338788.64k

      [2.0-RELEASE][root@pfsense.localdomain]/boot/modules(51): openssl speed -elapsed -evp aes128 -engine padlock
      engine "padlock" set.
      You have chosen to measure elapsed time instead of user CPU time.
      To get the most accurate results, try to run this
      program when this computer is idle.
      Doing aes-128-cbc for 3s on 16 size blocks: 12252187 aes-128-cbc's in 3.01s
      Doing aes-128-cbc for 3s on 64 size blocks: 12904150 aes-128-cbc's in 3.01s
      Doing aes-128-cbc for 3s on 256 size blocks: 7637010 aes-128-cbc's in 3.01s
      Doing aes-128-cbc for 3s on 1024 size blocks: 2885193 aes-128-cbc's in 3.02s
      Doing aes-128-cbc for 3s on 8192 size blocks: 376539 aes-128-cbc's in 3.00s
      OpenSSL 0.9.8n 24 Mar 2010
      built on: date not available
      options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx)
      compiler: cc
      available timing options: USE_TOD HZ=128 [sysconf value]
      timing function used: gettimeofday
      The 'numbers' are in 1000s of bytes per second processed.
      type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
      aes-128-cbc      65180.92k   274383.34k   649544.77k   978813.40k  1027706.80k

      Somit ist Padlock da, läuft auch aber halt anscheinend nicht mit IPSec. Ich habe IPSec auf AES gestellt.

      Syslog vermeldet

      kernel: padlock0: <aes-cbc,sha1,sha256>on motherboard und kernel: VIA Padlock Features=0xffcc<rng,aes,aes-ctr,sha1,sha256,rsa></rng,aes,aes-ctr,sha1,sha256,rsa></aes-cbc,sha1,sha256>

      Kann mir de jemand helfen? Für OpenVPN kann man die Hardware-Crypt nämlich gezielt auswählen.

      Danke!

      10 years pfSense! 2006 - 2016

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.