Bug #7174
closed
OpenVPN Server and Client not detecting Hardware Cryto
0%
Description
PC Engines APU2C4, AMD GX412TC SOC CPU.
Cryptographic Hardware AES-NI CPU-based Acceleration enabled.
Dashboard shows Hardware Crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
When configuring OpenVPN server or client the Hardware Crypto option only shows No Hardware Crypto Acceleration option.
PFSense 2.3 detects the Hardware Crypto Acceleration on the same hardware.
Updated by Kill Bill over 8 years ago
I'd hope that is intentional fix, since enabling HW crypto there actually makes performance significantly worse.
https://www.reddit.com/r/PFSENSE/comments/5lric3/aesni_not_selectable_in_24_beta/
https://forum.pfsense.org/index.php?topic=123915.msg686002#msg686002
Updated by James Williams over 8 years ago
Kill Bill wrote:
I'd hope that is intentional fix, since enabling HW crypto there actually makes performance significantly worse.
https://www.reddit.com/r/PFSENSE/comments/5lric3/aesni_not_selectable_in_24_beta/
https://forum.pfsense.org/index.php?topic=123915.msg686002#msg686002
According to the Reddit link above, not having hardware crypto slowed down the VPN; "from ~250Mbps to <100Mbps on the same server". However, Jim P replied they have not implemented that in 2.4.
According to the forum.pfsense.org link, it seems like some people claim the BSD crypto is faster, and others say disabling the AES-NI hardware crypto reduced the throughput on 2.3.
Jim P answered my question in the Reddit article that is simply not implemented yet.
Thanks.
Updated by Jim Pingle about 8 years ago
- Status changed from New to Duplicate
The only issue here is actually a duplicate of #5976 - closing.