Netgate SG-1000 microFirewall

Author Topic: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer  (Read 1317 times)

0 Members and 1 Guest are viewing this topic.

Offline luckman212

  • Hero Member
  • *****
  • Posts: 726
  • Karma: +59/-0
    • View Profile
    • @luckman212 - github
2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« on: October 20, 2017, 11:04:19 am »
Sorry if this has been rehashed before but the answer (if it exists) could use clarification and seems scattered about in various places (pfSense Docs, r/PFSENSE, and dozens of threads here, some of which are pretty ancient).

With the recent push of redmine#7810 - on systems that have AES-NI support (e.g. Netgate appliances) what are the optimal settings for OpenVPN to keep CPU usage low and speeds high?



« Last Edit: October 31, 2017, 09:19:21 am by luckman212 »

Offline perlenbacher

  • Newbie
  • *
  • Posts: 11
  • Karma: +1/-0
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #1 on: October 21, 2017, 07:47:08 am »
I have one more option:


Offline jwt

  • Administrator
  • Sr. Member
  • *****
  • Posts: 344
  • Karma: +101/-31
    • View Profile

Offline luckman212

  • Hero Member
  • *****
  • Posts: 726
  • Karma: +59/-0
    • View Profile
    • @luckman212 - github
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #3 on: October 22, 2017, 12:37:58 pm »
Yep I am on 2.4.2
I just didn't post a screenshot of that menu.
The picture I posted was from the ovpn client setup page.

Offline perlenbacher

  • Newbie
  • *
  • Posts: 11
  • Karma: +1/-0
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #4 on: October 22, 2017, 03:26:05 pm »
2.4.2-DEVELOPMENT (amd64)
built on Fri Oct 20 09:50:38 CDT 2017
FreeBSD 11.1-RELEASE-p2

Offline NineX

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +7/-0
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #5 on: October 22, 2017, 05:22:56 pm »
to spmply test:
login to your box over ssh:

kldunload cryptodev
kldunload aesni
openssl speed -evp aes-256-cbc

note ouptput

then
 
kldload aesni
openssl speed -evp aes-256-cbc

note otput

then

kldunload aesni
kldload cryptodev

openssl speed -evp aes-256-cbc

note output

then

kldload aesni
openssl speed -evp aes-256-cbc


if you compare outputs from all tuns you will see which combination of modules works for you (note that openvpn utilise openssl)

in my case the faster aes operations i am getting when aesni and cryptodev are laoded.
https://www.freebsd.org/cgi/man.cgi?query=aesni&sektion=4
Says:
Quote
The aesni driver registers   itself to accelerate AES operations for
     crypto(4).    Besides speed,   the advantage of using the aesni driver   is
     that the AESNI operation is data-independent, thus   eliminating some
     attack vectors based on measuring cache use and timings typically present
     in   table-driven implementations.
to access crypto from userspace (openssl/openvpn)
you need crypto driver loaded
https://www.freebsd.org/cgi/man.cgi?query=cryptodev&sektion=4
Quote
The crypto   driver gives user-mode applications access to hardware-accel-
     erated cryptographic transforms, as implemented by   the crypto(9) in-ker-
     nel interface.
« Last Edit: October 22, 2017, 05:31:01 pm by NineX »

Offline NineX

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +7/-0
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #6 on: October 22, 2017, 05:35:54 pm »
loading only aesni make sense when you wish to use ipsec only as ipsec tranforms are done in kernelspace.
otherwise keeping booth aesni + cryptodev is reasonable.

IMHO booth should be loaded by default cryptodev not cost tu much of memory at all.
only reason why those options are available is to make user allow unload those modules in case if there is incompatibility cpu vs module and/or bug in driver itself.

Offline belt9

  • Full Member
  • ***
  • Posts: 233
  • Karma: +24/-6
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #7 on: October 24, 2017, 05:47:27 pm »
For an ovpn client choose no hardware crypto acceleration. It will choose the correct tool on its own.

Of.you have AES-NI then choose an AES algorithm. AES-128-GCM for most CPUs is best. Some CPUs (goldmont) have SHA acceleration, for those choose AES-128-CBC and SHA224.

Honestly the difference from SHA224 to 256 is completely negligible, but 224 isn't cracked so why do anything more, the same applies to AES.

Dont use SHA1.

No LZO compression would in theory be easiest on your CPU but I seriously doubt you'll tell any difference at all regardless of what you choose here.

Offline fraglord

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +1/-0
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #8 on: October 26, 2017, 06:43:04 am »
For an ovpn client choose no hardware crypto acceleration. It will choose the correct tool on its own.

Where you found this information?
pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

Offline NineX

  • Jr. Member
  • **
  • Posts: 38
  • Karma: +7/-0
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #9 on: October 26, 2017, 07:00:38 am »
For an ovpn client choose no hardware crypto acceleration. It will choose the correct tool on its own.

Where you found this information?

In your CPU specification

Offline chrcoluk

  • Sr. Member
  • ****
  • Posts: 387
  • Karma: +20/-50
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #10 on: October 28, 2017, 11:03:11 pm »
For an ovpn client choose no hardware crypto acceleration. It will choose the correct tool on its own.

Of.you have AES-NI then choose an AES algorithm. AES-128-GCM for most CPUs is best. Some CPUs (goldmont) have SHA acceleration, for those choose AES-128-CBC and SHA224.

Honestly the difference from SHA224 to 256 is completely negligible, but 224 isn't cracked so why do anything more, the same applies to AES.

Dont use SHA1.

No LZO compression would in theory be easiest on your CPU but I seriously doubt you'll tell any difference at all regardless of what you choose here.

great advice, I dont understand people preferring CBC over GCM and aes128-gcm is perfectly fine, no need for aes256.
pfSense 2.4
Qotom Q355G4 or Braswell N3150 with Jetway mini pcie 2x intel i350 lan - 4 gig Kingston 1333 C11 DDR3L
 - 60 gig kingston ssdnow ssd - ISP Sky UK

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4950
  • Karma: +195/-40
  • Debugging...
    • View Profile
Re: 2.4.2 - AESNI + Cryptodev + OpenVPN - canonical answer
« Reply #11 on: October 29, 2017, 12:10:50 am »
GCM is not on every piece of client hardware out there.