On Wed, Nov 6, 2013 at 12:53 AM, Thinker Rix <thinke...@rocketmail.com>wrote:
> Would pfSense use this CPU instructions so to hardware-encrypt/decrypt all > VPN traffic (openVPN)? > Woud pfSense benefit from this in any other way, too? > pfSense lists the AES-NI as a supported option for crypto acceleration. pfSense will use it for OpenVPN and IPsec if you tell it to. There's a config setting for it. As to your question of is it worth the cost, that depends on how much VPN traffic you have. The Xeon will handle a damn lot of traffic all on its own. If you are pushing more than 40Mbps on the VPN, then perhaps consider the extra cost. If it is low, like under 5 or 10Mbps, then I'd probably suggest that it is not worth the cost. As a reference, between my data center and my primary office, I have an IPsec tunnel. The office runs on an old Intel 32-bit Pentium 4 2.4GHz dual core server. The data center runs on Intel Xeon E31220L @ 2.20GHz quad-core. Neither one has any built-in cryptodev supported devices. The IPsec tunnel maxes out at about 20Mbps during large file backups. I don't think it would go any faster with hardware acceleration, and the load on these boxes hovers around 0 still. The data center firewall is also busy pushing over 100Mpbs of regular traffic to hundreds of clients as well.
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list