4. AES-NI, is it supported yet?

AES-NI, is it supported yet?

  • D

    I've only been able to find old threads on this topic. I'm looking into building a 1U with an E3-1230v3 in the hopes of utilizing aes-ni to push openvpn aes-256 traffic to at least 300Mbit/s. Is anyone successfully using aes-ni in pfsense? Even better, anyone using it in a VM with esxi or KVM (proxmox)?

    Thanks!

    0
  • B

    Yes, in ESXi 5.1u1 on an E3-1265L v2.

    0
  • Rebel Alliance Developer Netgate

    It can help, somewhat, for OpenVPN 2.1 if you do not load the AES-NI kernel module. Counter-intuitive, but that's what the data shows so far. OpenSSL's AES-NI support seems to be better than FreeBSD's cryptodev support for AES-NI at this time. That will hopefully improve when it comes to FreeBSD 10. From what I hear there is work planned for it.

    See the recent thread on the pfSense mailing list about it. There was a lengthy discussion about the status.

    0
  • B

    @jimp:

    It can help, somewhat, for OpenVPN 2.1 if you do not load the AES-NI kernel module.

    Thanks for that info, jimp.

    Is that achieved simply by leaving the Crypto Hardware Acceleration set to "none" under System>Advanced Misc?

    0
  • Rebel Alliance Developer Netgate

    That is correct. And if it was selected before, you will most likely need to reboot to make sure the module is unloaded properly.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy