Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AES-NI, is it supported yet?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      diablo266
      last edited by

      I've only been able to find old threads on this topic. I'm looking into building a 1U with an E3-1230v3 in the hopes of utilizing aes-ni to push openvpn aes-256 traffic to at least 300Mbit/s. Is anyone successfully using aes-ni in pfsense? Even better, anyone using it in a VM with esxi or KVM (proxmox)?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • B
        biggsy
        last edited by

        Yes, in ESXi 5.1u1 on an E3-1265L v2.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          It can help, somewhat, for OpenVPN 2.1 if you do not load the AES-NI kernel module. Counter-intuitive, but that's what the data shows so far. OpenSSL's AES-NI support seems to be better than FreeBSD's cryptodev support for AES-NI at this time. That will hopefully improve when it comes to FreeBSD 10. From what I hear there is work planned for it.

          See the recent thread on the pfSense mailing list about it. There was a lengthy discussion about the status.

          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • B
            biggsy
            last edited by

            @jimp:

            It can help, somewhat, for OpenVPN 2.1 if you do not load the AES-NI kernel module.

            Thanks for that info, jimp.

            Is that achieved simply by leaving the Crypto Hardware Acceleration set to "none" under System>Advanced Misc?

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              That is correct. And if it was selected before, you will most likely need to reboot to make sure the module is unloaded properly.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.