subject:"\[pfSense\] SG\-1000 and VPN"

Re: [pfSense] SG-1000 and VPN

2017-01-26 Thread Steve Yates

> It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because 
> there is no driver for the crypto core (yet).
> OpenVPN is slightly slower (19 Mbps).

Thanks.  That is probably sufficient for most applications since one or both 
ends is likely limited by Internet upload speed anyway.

--

Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Jim Thompson

Meant to include this:
https://github.com/freebsd/freebsd/commits/master?author=loos-br



On Thursday, January 26, 2017, Jim Thompson <j...@netgate.com> wrote:

>
> Adam,
>
> Given the 21Mbps figure I quoted, 100x (2.1Gbps) would be an unrealistic
> expectation.
>
> Based on the discussion here: https://groups.google.
> com/forum/m/#!msg/beagleboard/ZFrCs9ZHCP4/aCNFejgXpxYJ
> perhaps 3-4x at 1500 (1420) byte frame sizes, and (as a guess), closer to
> 3, given the PPs rates we see without the crypto offload, and the
> associated CPU loading.
>
> Most of the work lately has actually been on the Ethernet driver, which
> (good news), we can no longer make fall over at high frame rates.
>
> Jim
>
>
> On Thursday, January 26, 2017, Adam Thompson <athom...@athompso.net
> <javascript:_e(%7B%7D,'cvml','athom...@athompso.net');>> wrote:
>
>> Jim,
>> Asking you to speculate here...
>> Assuming someone *is* working on drivers for the chip's crypto
>> capabilities, when that finally happens, do you have any notion of how much
>> faster IPsec will get? Are we talking 2x or 100x?
>> -Adam
>>
>>
>> On January 25, 2017 7:45:49 PM CST, Jim Thompson <j...@netgate.com> wrote:
>>>
>>> Steve,
>>>
>>> It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because 
>>> there is no driver for the crypto core (yet).
>>>
>>> OpenVPN is slightly slower (19 Mbps).
>>>
>>> It's always strange to see your name on the list. The president of ADI 
>>> shares your name, so I tend to pay a lot more attention to what you post.
>>>
>>> Jim
>>>
>>>  On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote:
>>>>
>>>>  That's what I'm trying to ask, if the SG-1000 would work for that.
>>>>
>>>>  --
>>>>
>>>>  Steve Yates
>>>>  ITS, Inc.
>>>>
>>>>  -Original Message-
>>>>  From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan 
>>>> Rao
>>>>  Sent: Tuesday, January 24, 2017 11:41 PM
>>>>  To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
>>>>  Subject: Re: [pfSense] SG-1000 and VPN
>>>>
>>>>  better u can use site to site vpn is best solution.
>>>>
>>>>  On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote:
>>>>>
>>>>>  On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com> wrote:
>>>>>>
>>>>>> We have a client who wants to set up one remote user (in a
>>>>>>  fixed
>>>>>>  location) with a hardware VPN connection back to the office.  The
>>>>>>  office has about 5 active PCs at any given time.  This would be the
>>>>>>  only VPN
>>>>>>
>>>>>  user.
>>>>>
>>>>>>
>>>>>> Has anyone used one of the new micro SG-1000 units with a
>>>>>>  VPN yet?  Either as a remote site or as a SOHO router + VPN host?
>>>>>>  Just wondering how the ARM CPU would stack up.  The specs say 200k
>>>>>>  active
>>>>>>  (non-VPN) connections...
>>>>>>
>>>>>> --
>>>>
>>>>  pfSense mailing list
>>>>  https://lists.pfsense.org/mailman/listinfo/list
>>>>  Support the project with Gold! https://pfsense.org/gold
>>>>
>>> --
>>>
>>> pfSense mailing list
>>> https://lists.pfsense.org/mailman/listinfo/list
>>> Support the project with Gold! https://pfsense.org/gold
>>>
>>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Jim Thompson

Adam,

Given the 21Mbps figure I quoted, 100x (2.1Gbps) would be an unrealistic
expectation.

Based on the discussion here:
https://groups.google.com/forum/m/#!msg/beagleboard/ZFrCs9ZHCP4/aCNFejgXpxYJ

perhaps 3-4x at 1500 (1420) byte frame sizes, and (as a guess), closer to
3, given the PPs rates we see without the crypto offload, and the
associated CPU loading.

Most of the work lately has actually been on the Ethernet driver, which
(good news), we can no longer make fall over at high frame rates.

Jim


On Thursday, January 26, 2017, Adam Thompson <athom...@athompso.net> wrote:

> Jim,
> Asking you to speculate here...
> Assuming someone *is* working on drivers for the chip's crypto
> capabilities, when that finally happens, do you have any notion of how much
> faster IPsec will get? Are we talking 2x or 100x?
> -Adam
>
>
> On January 25, 2017 7:45:49 PM CST, Jim Thompson <j...@netgate.com
> <javascript:_e(%7B%7D,'cvml','j...@netgate.com');>> wrote:
>>
>> Steve,
>>
>> It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because 
>> there is no driver for the crypto core (yet).
>>
>> OpenVPN is slightly slower (19 Mbps).
>>
>> It's always strange to see your name on the list. The president of ADI 
>> shares your name, so I tend to pay a lot more attention to what you post.
>>
>> Jim
>>
>>  On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote:
>>>
>>>  That's what I'm trying to ask, if the SG-1000 would work for that.
>>>
>>>  --
>>>
>>>  Steve Yates
>>>  ITS, Inc.
>>>
>>>  -Original Message-
>>>  From: List [mailto:list-boun...@lists.pfsense.org 
>>> <javascript:_e(%7B%7D,'cvml','list-boun...@lists.pfsense.org');>] On Behalf 
>>> Of A Mohan Rao
>>>  Sent: Tuesday, January 24, 2017 11:41 PM
>>>  To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org 
>>> <javascript:_e(%7B%7D,'cvml','list@lists.pfsense.org');>>
>>>  Subject: Re: [pfSense] SG-1000 and VPN
>>>
>>>  better u can use site to site vpn is best solution.
>>>
>>>  On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com 
>>> <javascript:_e(%7B%7D,'cvml','webd...@gmail.com');>> wrote:
>>>>
>>>>  On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com 
>>>> <javascript:_e(%7B%7D,'cvml','st...@teamits.com');>> wrote:
>>>>>
>>>>> We have a client who wants to set up one remote user (in a
>>>>>  fixed
>>>>>  location) with a hardware VPN connection back to the office.  The
>>>>>  office has about 5 active PCs at any given time.  This would be the
>>>>>  only VPN
>>>>>
>>>>  user.
>>>>
>>>>>
>>>>> Has anyone used one of the new micro SG-1000 units with a
>>>>>  VPN yet?  Either as a remote site or as a SOHO router + VPN host?
>>>>>  Just wondering how the ARM CPU would stack up.  The specs say 200k
>>>>>  active
>>>>>  (non-VPN) connections...
>>>>>
>>>>> --
>>>
>>>  pfSense mailing list
>>>  https://lists.pfsense.org/mailman/listinfo/list
>>>  Support the project with Gold! https://pfsense.org/gold
>>>
>> --
>>
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Adam Thompson

Jim,
Asking you to speculate here...
Assuming someone *is* working on drivers for the chip's crypto capabilities, 
when that finally happens, do you have any notion of how much faster IPsec will 
get?  Are we talking 2x or 100x?
-Adam


On January 25, 2017 7:45:49 PM CST, Jim Thompson <j...@netgate.com> wrote:
>Steve,
>
>It currently does 21mbps IPsec (aes-gcm-128), in a lab environment,
>because there is no driver for the crypto core (yet).
>
>OpenVPN is slightly slower (19 Mbps).
>
>It's always strange to see your name on the list. The president of ADI
>shares your name, so I tend to pay a lot more attention to what you
>post. 
>
>Jim
>
>> On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote:
>> 
>> That's what I'm trying to ask, if the SG-1000 would work for that.
>> 
>> --
>> 
>> Steve Yates
>> ITS, Inc.
>> 
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A
>Mohan Rao
>> Sent: Tuesday, January 24, 2017 11:41 PM
>> To: pfSense Support and Discussion Mailing List
><list@lists.pfsense.org>
>> Subject: Re: [pfSense] SG-1000 and VPN
>> 
>> better u can use site to site vpn is best solution.
>> 
>>> On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote:
>>> 
>>>> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com>
>wrote:
>>>> 
>>>>We have a client who wants to set up one remote user (in a 
>>>> fixed
>>>> location) with a hardware VPN connection back to the office.  The 
>>>> office has about 5 active PCs at any given time.  This would be the
>
>>>> only VPN
>>> user.
>>>> 
>>>>Has anyone used one of the new micro SG-1000 units with a 
>>>> VPN yet?  Either as a remote site or as a SOHO router + VPN host?  
>>>> Just wondering how the ARM CPU would stack up.  The specs say 200k 
>>>> active
>>>> (non-VPN) connections...
>>>> 
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>___
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Jim Thompson

Steve,

It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because 
there is no driver for the crypto core (yet).

OpenVPN is slightly slower (19 Mbps).

It's always strange to see your name on the list. The president of ADI shares 
your name, so I tend to pay a lot more attention to what you post. 

Jim

> On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote:
> 
> That's what I'm trying to ask, if the SG-1000 would work for that.
> 
> --
> 
> Steve Yates
> ITS, Inc.
> 
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao
> Sent: Tuesday, January 24, 2017 11:41 PM
> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
> Subject: Re: [pfSense] SG-1000 and VPN
> 
> better u can use site to site vpn is best solution.
> 
>> On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote:
>> 
>>> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com> wrote:
>>> 
>>>We have a client who wants to set up one remote user (in a 
>>> fixed
>>> location) with a hardware VPN connection back to the office.  The 
>>> office has about 5 active PCs at any given time.  This would be the 
>>> only VPN
>> user.
>>> 
>>>Has anyone used one of the new micro SG-1000 units with a 
>>> VPN yet?  Either as a remote site or as a SOHO router + VPN host?  
>>> Just wondering how the ARM CPU would stack up.  The specs say 200k 
>>> active
>>> (non-VPN) connections...
>>> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Steve Yates

That's what I'm trying to ask, if the SG-1000 would work for that.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao
Sent: Tuesday, January 24, 2017 11:41 PM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense] SG-1000 and VPN

better u can use site to site vpn is best solution.

On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote:

> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com> wrote:
>
> > We have a client who wants to set up one remote user (in a 
> > fixed
> > location) with a hardware VPN connection back to the office.  The 
> > office has about 5 active PCs at any given time.  This would be the 
> > only VPN
> user.
> >
> > Has anyone used one of the new micro SG-1000 units with a 
> > VPN yet?  Either as a remote site or as a SOHO router + VPN host?  
> > Just wondering how the ARM CPU would stack up.  The specs say 200k 
> > active
> > (non-VPN) connections...
> >
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-24 Thread A Mohan Rao

better u can use site to site vpn is best solution.

On Wed, Jan 25, 2017 at 11:08 AM, WebDawg  wrote:

> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates  wrote:
>
> > We have a client who wants to set up one remote user (in a fixed
> > location) with a hardware VPN connection back to the office.  The office
> > has about 5 active PCs at any given time.  This would be the only VPN
> user.
> >
> > Has anyone used one of the new micro SG-1000 units with a VPN
> > yet?  Either as a remote site or as a SOHO router + VPN host?  Just
> > wondering how the ARM CPU would stack up.  The specs say 200k active
> > (non-VPN) connections...
> >
> > --
> >
> > Steve Yates
> > ITS, Inc.
> >
> > ___
> >
>
>
> I would also like to see some real world reports.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-24 Thread WebDawg

On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates  wrote:

> We have a client who wants to set up one remote user (in a fixed
> location) with a hardware VPN connection back to the office.  The office
> has about 5 active PCs at any given time.  This would be the only VPN user.
>
> Has anyone used one of the new micro SG-1000 units with a VPN
> yet?  Either as a remote site or as a SOHO router + VPN host?  Just
> wondering how the ARM CPU would stack up.  The specs say 200k active
> (non-VPN) connections...
>
> --
>
> Steve Yates
> ITS, Inc.
>
> ___
>

I would also like to see some real world reports.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] SG-1000 and VPN

2017-01-24 Thread Steve Yates

We have a client who wants to set up one remote user (in a fixed 
location) with a hardware VPN connection back to the office.  The office has 
about 5 active PCs at any given time.  This would be the only VPN user.

Has anyone used one of the new micro SG-1000 units with a VPN yet?  
Either as a remote site or as a SOHO router + VPN host?  Just wondering how the 
ARM CPU would stack up.  The specs say 200k active (non-VPN) connections...

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

Re: [pfSense] SG-1000 and VPN

Re: [pfSense] SG-1000 and VPN

Re: [pfSense] SG-1000 and VPN

Re: [pfSense] SG-1000 and VPN

Re: [pfSense] SG-1000 and VPN

Re: [pfSense] SG-1000 and VPN

Re: [pfSense] SG-1000 and VPN

[pfSense] SG-1000 and VPN

9 matches

Site Navigation

Mail list logo

Footer information