Re: [pfSense] SG-1000 and VPN
> It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because > there is no driver for the crypto core (yet). > OpenVPN is slightly slower (19 Mbps). Thanks. That is probably sufficient for most applications since one or both ends is likely limited by Internet upload speed anyway. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SG-1000 and VPN
Meant to include this: https://github.com/freebsd/freebsd/commits/master?author=loos-br On Thursday, January 26, 2017, Jim Thompson <j...@netgate.com> wrote: > > Adam, > > Given the 21Mbps figure I quoted, 100x (2.1Gbps) would be an unrealistic > expectation. > > Based on the discussion here: https://groups.google. > com/forum/m/#!msg/beagleboard/ZFrCs9ZHCP4/aCNFejgXpxYJ > perhaps 3-4x at 1500 (1420) byte frame sizes, and (as a guess), closer to > 3, given the PPs rates we see without the crypto offload, and the > associated CPU loading. > > Most of the work lately has actually been on the Ethernet driver, which > (good news), we can no longer make fall over at high frame rates. > > Jim > > > On Thursday, January 26, 2017, Adam Thompson <athom...@athompso.net > <javascript:_e(%7B%7D,'cvml','athom...@athompso.net');>> wrote: > >> Jim, >> Asking you to speculate here... >> Assuming someone *is* working on drivers for the chip's crypto >> capabilities, when that finally happens, do you have any notion of how much >> faster IPsec will get? Are we talking 2x or 100x? >> -Adam >> >> >> On January 25, 2017 7:45:49 PM CST, Jim Thompson <j...@netgate.com> wrote: >>> >>> Steve, >>> >>> It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because >>> there is no driver for the crypto core (yet). >>> >>> OpenVPN is slightly slower (19 Mbps). >>> >>> It's always strange to see your name on the list. The president of ADI >>> shares your name, so I tend to pay a lot more attention to what you post. >>> >>> Jim >>> >>> On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote: >>>> >>>> That's what I'm trying to ask, if the SG-1000 would work for that. >>>> >>>> -- >>>> >>>> Steve Yates >>>> ITS, Inc. >>>> >>>> -Original Message- >>>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan >>>> Rao >>>> Sent: Tuesday, January 24, 2017 11:41 PM >>>> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> >>>> Subject: Re: [pfSense] SG-1000 and VPN >>>> >>>> better u can use site to site vpn is best solution. >>>> >>>> On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote: >>>>> >>>>> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com> wrote: >>>>>> >>>>>> We have a client who wants to set up one remote user (in a >>>>>> fixed >>>>>> location) with a hardware VPN connection back to the office. The >>>>>> office has about 5 active PCs at any given time. This would be the >>>>>> only VPN >>>>>> >>>>> user. >>>>> >>>>>> >>>>>> Has anyone used one of the new micro SG-1000 units with a >>>>>> VPN yet? Either as a remote site or as a SOHO router + VPN host? >>>>>> Just wondering how the ARM CPU would stack up. The specs say 200k >>>>>> active >>>>>> (non-VPN) connections... >>>>>> >>>>>> -- >>>> >>>> pfSense mailing list >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> Support the project with Gold! https://pfsense.org/gold >>>> >>> -- >>> >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >>> >>> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SG-1000 and VPN
Adam, Given the 21Mbps figure I quoted, 100x (2.1Gbps) would be an unrealistic expectation. Based on the discussion here: https://groups.google.com/forum/m/#!msg/beagleboard/ZFrCs9ZHCP4/aCNFejgXpxYJ perhaps 3-4x at 1500 (1420) byte frame sizes, and (as a guess), closer to 3, given the PPs rates we see without the crypto offload, and the associated CPU loading. Most of the work lately has actually been on the Ethernet driver, which (good news), we can no longer make fall over at high frame rates. Jim On Thursday, January 26, 2017, Adam Thompson <athom...@athompso.net> wrote: > Jim, > Asking you to speculate here... > Assuming someone *is* working on drivers for the chip's crypto > capabilities, when that finally happens, do you have any notion of how much > faster IPsec will get? Are we talking 2x or 100x? > -Adam > > > On January 25, 2017 7:45:49 PM CST, Jim Thompson <j...@netgate.com > <javascript:_e(%7B%7D,'cvml','j...@netgate.com');>> wrote: >> >> Steve, >> >> It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because >> there is no driver for the crypto core (yet). >> >> OpenVPN is slightly slower (19 Mbps). >> >> It's always strange to see your name on the list. The president of ADI >> shares your name, so I tend to pay a lot more attention to what you post. >> >> Jim >> >> On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote: >>> >>> That's what I'm trying to ask, if the SG-1000 would work for that. >>> >>> -- >>> >>> Steve Yates >>> ITS, Inc. >>> >>> -Original Message- >>> From: List [mailto:list-boun...@lists.pfsense.org >>> <javascript:_e(%7B%7D,'cvml','list-boun...@lists.pfsense.org');>] On Behalf >>> Of A Mohan Rao >>> Sent: Tuesday, January 24, 2017 11:41 PM >>> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org >>> <javascript:_e(%7B%7D,'cvml','list@lists.pfsense.org');>> >>> Subject: Re: [pfSense] SG-1000 and VPN >>> >>> better u can use site to site vpn is best solution. >>> >>> On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com >>> <javascript:_e(%7B%7D,'cvml','webd...@gmail.com');>> wrote: >>>> >>>> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com >>>> <javascript:_e(%7B%7D,'cvml','st...@teamits.com');>> wrote: >>>>> >>>>> We have a client who wants to set up one remote user (in a >>>>> fixed >>>>> location) with a hardware VPN connection back to the office. The >>>>> office has about 5 active PCs at any given time. This would be the >>>>> only VPN >>>>> >>>> user. >>>> >>>>> >>>>> Has anyone used one of the new micro SG-1000 units with a >>>>> VPN yet? Either as a remote site or as a SOHO router + VPN host? >>>>> Just wondering how the ARM CPU would stack up. The specs say 200k >>>>> active >>>>> (non-VPN) connections... >>>>> >>>>> -- >>> >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >>> >> -- >> >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SG-1000 and VPN
Jim, Asking you to speculate here... Assuming someone *is* working on drivers for the chip's crypto capabilities, when that finally happens, do you have any notion of how much faster IPsec will get? Are we talking 2x or 100x? -Adam On January 25, 2017 7:45:49 PM CST, Jim Thompson <j...@netgate.com> wrote: >Steve, > >It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, >because there is no driver for the crypto core (yet). > >OpenVPN is slightly slower (19 Mbps). > >It's always strange to see your name on the list. The president of ADI >shares your name, so I tend to pay a lot more attention to what you >post. > >Jim > >> On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote: >> >> That's what I'm trying to ask, if the SG-1000 would work for that. >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A >Mohan Rao >> Sent: Tuesday, January 24, 2017 11:41 PM >> To: pfSense Support and Discussion Mailing List ><list@lists.pfsense.org> >> Subject: Re: [pfSense] SG-1000 and VPN >> >> better u can use site to site vpn is best solution. >> >>> On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote: >>> >>>> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com> >wrote: >>>> >>>>We have a client who wants to set up one remote user (in a >>>> fixed >>>> location) with a hardware VPN connection back to the office. The >>>> office has about 5 active PCs at any given time. This would be the > >>>> only VPN >>> user. >>>> >>>>Has anyone used one of the new micro SG-1000 units with a >>>> VPN yet? Either as a remote site or as a SOHO router + VPN host? >>>> Just wondering how the ARM CPU would stack up. The specs say 200k >>>> active >>>> (non-VPN) connections... >>>> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >___ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SG-1000 and VPN
Steve, It currently does 21mbps IPsec (aes-gcm-128), in a lab environment, because there is no driver for the crypto core (yet). OpenVPN is slightly slower (19 Mbps). It's always strange to see your name on the list. The president of ADI shares your name, so I tend to pay a lot more attention to what you post. Jim > On Jan 25, 2017, at 6:15 PM, Steve Yates <st...@teamits.com> wrote: > > That's what I'm trying to ask, if the SG-1000 would work for that. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao > Sent: Tuesday, January 24, 2017 11:41 PM > To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> > Subject: Re: [pfSense] SG-1000 and VPN > > better u can use site to site vpn is best solution. > >> On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote: >> >>> On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com> wrote: >>> >>>We have a client who wants to set up one remote user (in a >>> fixed >>> location) with a hardware VPN connection back to the office. The >>> office has about 5 active PCs at any given time. This would be the >>> only VPN >> user. >>> >>>Has anyone used one of the new micro SG-1000 units with a >>> VPN yet? Either as a remote site or as a SOHO router + VPN host? >>> Just wondering how the ARM CPU would stack up. The specs say 200k >>> active >>> (non-VPN) connections... >>> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SG-1000 and VPN
That's what I'm trying to ask, if the SG-1000 would work for that. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao Sent: Tuesday, January 24, 2017 11:41 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] SG-1000 and VPN better u can use site to site vpn is best solution. On Wed, Jan 25, 2017 at 11:08 AM, WebDawg <webd...@gmail.com> wrote: > On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates <st...@teamits.com> wrote: > > > We have a client who wants to set up one remote user (in a > > fixed > > location) with a hardware VPN connection back to the office. The > > office has about 5 active PCs at any given time. This would be the > > only VPN > user. > > > > Has anyone used one of the new micro SG-1000 units with a > > VPN yet? Either as a remote site or as a SOHO router + VPN host? > > Just wondering how the ARM CPU would stack up. The specs say 200k > > active > > (non-VPN) connections... > > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SG-1000 and VPN
better u can use site to site vpn is best solution. On Wed, Jan 25, 2017 at 11:08 AM, WebDawgwrote: > On Tue, Jan 17, 2017 at 10:16 AM, Steve Yates wrote: > > > We have a client who wants to set up one remote user (in a fixed > > location) with a hardware VPN connection back to the office. The office > > has about 5 active PCs at any given time. This would be the only VPN > user. > > > > Has anyone used one of the new micro SG-1000 units with a VPN > > yet? Either as a remote site or as a SOHO router + VPN host? Just > > wondering how the ARM CPU would stack up. The specs say 200k active > > (non-VPN) connections... > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > ___ > > > > > I would also like to see some real world reports. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] SG-1000 and VPN
On Tue, Jan 17, 2017 at 10:16 AM, Steve Yateswrote: > We have a client who wants to set up one remote user (in a fixed > location) with a hardware VPN connection back to the office. The office > has about 5 active PCs at any given time. This would be the only VPN user. > > Has anyone used one of the new micro SG-1000 units with a VPN > yet? Either as a remote site or as a SOHO router + VPN host? Just > wondering how the ARM CPU would stack up. The specs say 200k active > (non-VPN) connections... > > -- > > Steve Yates > ITS, Inc. > > ___ > I would also like to see some real world reports. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] SG-1000 and VPN
We have a client who wants to set up one remote user (in a fixed location) with a hardware VPN connection back to the office. The office has about 5 active PCs at any given time. This would be the only VPN user. Has anyone used one of the new micro SG-1000 units with a VPN yet? Either as a remote site or as a SOHO router + VPN host? Just wondering how the ARM CPU would stack up. The specs say 200k active (non-VPN) connections... -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold