Nanobsd version for vpn



  • I don't know much about hardware acceleration, but I was reading the pfsense website of an alix board that had an immense boost from a vpn1411.  If I just need openvpn & pfblocker, is a 500 mhz alix board better than a quad core full install system.  I have a dual core, 4gb system with no accelerator and i only get 23k with aes-128.  The pfsense post showed 22M with aes-128 on an old alix board.  Or would I get similar performance by just installing the vpn1411 in my quad core 8gb system with a PCI / Mini PCI adapter?  Thanks for the input.  I know jimp knows a lot about this topic.

    http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported



  • Acually, I'd like to know how these work as well, might want to try to retrofit one in my firebox.
    (or are there PCI-e ones that work?)



  • @newbieuser1234:

    I have a dual core, 4gb system with no accelerator and i only get 23k with aes-128.

    There must be something wrong with that setup.

    I used to have a VIA C7 cpu-based box (search this forum for Igel 4210 LX Winestra), which also has accelerator built-in, that one with olny 15-20% CPU usage was able to max out my 30Mbit WAN by transferring big files from Samba shares though OpenVPN.

    Now I use an Atom D525 CPU with no acceleration at all. I've never seen anything above 60% CPU usage either OpenVPN-ing fully at 30Mbit/sec…


  • Netgate Administrator

    What dual core CPU is that? You should be getting much better than 23kbps.
    I forget the exact numbers but the Alix, with the accelerator, will give you 30Mbps. An Atom will give around 50Mbps.

    Steve



  • Let me clarify. I don't see any CPU usage at all normally (1-2%). but when I run the command line test in pfsense

    openssl speed -evp aes-128-cbc -engine cryptodev

    I only get 27k. It seems low compared to what I see with other people's setups.  When I am connected to the VPN, i only get 5 up / 5 down on a 20MB connection at the router.  Whether I use UDP or TCP the speed is still the same.



  • i have an atom d525 i think. dual core 1.86 ghz with 4gb ram.  Maybe I am doing something wrong? Could it be a snort issue inspecting my traffic?



  • @newbieuser1234:

    Let me clarify. I don't see any CPU usage at all normally (1-2%). but when I run the command line test in pfsense

    openssl speed -evp aes-128-cbc

    I only get 27k. It seems low compared to what I see with other people's setups.  When I am connected to the VPN, i only get 5 up / 5 down on a 20MB connection at the router.  Whether I use UDP or TCP the speed is still the same.

    Remove  -engine cryptodev and try again.



  • no change.  it's still the same 23k.



  • This is running a magnetic 5400 rpm HD.  I did notice I put it on a quad core 8gb ram machine with a HD and I got about 400k.  Then I tried it on my junky neoware ca22 running nanobsd with 512ram and got 4MB.  Can anyone explain?  Is it because the nanobsd version is reading instructions from ram and not disk?