Even though the card is detected, I'm not seeing any boost in IPsec performance.
I'm getting 10Mb/s using 3des. The raw speed (no ipsec) of the link is around 25Mb/s. This measured with netstrain. Here's what dmesg says - hifn0 at pci0 dev 13 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 12 I know in FreeBSD/DragonFly I have a couple of tools to check to see if it's being engaged - hifnstats and cryptostats (in /usr/src/tools/tools/crypto), but I'm not sure if the equivalent exists for OpenBSD. I was looking at sysctl oids for ipsec - net.inet.ip.ipsec-expire-acquire=30 net.inet.ip.ipsec-invalid-life=60 net.inet.ip.ipsec-pfs=1 net.inet.ip.ipsec-soft-allocs=0 net.inet.ip.ipsec-allocs=0 net.inet.ip.ipsec-soft-bytes=0 net.inet.ip.ipsec-bytes=0 net.inet.ip.ipsec-timeout=86400 net.inet.ip.ipsec-soft-timeout=80000 net.inet.ip.ipsec-soft-firstuse=3600 net.inet.ip.ipsec-firstuse=7200 net.inet.ip.ipsec-enc-alg=aes net.inet.ip.ipsec-auth-alg=hmac-sha1 # ipsecadm show -esp sadb_dump: satype esp vers 2 len 22 seq 0 pid 0 errno 191: Unknown error: 191 sa: spi 0x00001001 auth hmac-sha1 enc aes state larval replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1129153280 first 0 address_src: 47.x.x.x address_dst: 47.y.y.y key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 key_encrypt: bits 192: d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5 sadb_dump: satype esp vers 2 len 22 seq 0 pid 0 errno 191: Unknown error: 191 sa: spi 0x00001000 auth hmac-sha1 enc aes state larval replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1129153280 first 0 address_src: 47.y.y.y address_dst: 47.x.x.x key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 key_encrypt: bits 192: d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5 Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :) Cheers, Andrew.