Project

General

Profile

Actions
Copy link

Bug #15020

closed

pfSense 2.7.1 No Hardware Crypto Acceleration in OpenVPN

Added by I Ivanov 5 months ago. Updated 5 months ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.1
Affected Architecture:
amd64

Description

After update to pfSense 2.7.1 only "No Hardware Crypto Acceleration" available in OpenVPN on all my instances (usually Intel Xeon E5). pfSense running in VM (esxi 6.7U3).
In settings (Advanced-Miscellaneous-Cryptographic Hardware) is "AES-NI and BSD Crypto Device (aesni, cryptodev)" selected.
Dashboard says:
CPU Type Intel(R) Xeon(R) CPU E5-2670 0 @ 2.60GHz
AES-NI CPU Crypto: Yes (active)
QAT Crypto: No
Hardware crypto AES-CBC, AES-CCM, AES-GCM, AES-ICM, AES-XTS

Actions
Copy link
 #1

Updated by I Ivanov 5 months ago

Same thing after a clean install

Actions
Copy link
 #2

Updated by Jim Pingle 5 months ago

  • Status changed from New to Not a Bug

The "Hardware Crypto" option hasn't done much of anything in OpenVPN in a long time. OpenVPN/OpenSSL will use what it can detect and operate automatically, there is no need to manually select anything.

Actions
Copy link
 #3

Updated by I Ivanov 5 months ago

Perhaps it is worth removing this option completely so as not to be misleading?
Even better - display OpenVPN hardware encryption usage status

Actions
Copy link

Also available in: Atom PDF