The pfSense Store

Author Topic: VPN Accelerator Cards  (Read 6493 times)

0 Members and 1 Guest are viewing this topic.

Offline eternal student

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
VPN Accelerator Cards
« on: September 23, 2011, 09:11:01 am »
I know that Soekris has VPN accelerator cards for PCI and mini-PCI slots, but what about the newer motherboards out there that have PCI-Express and mini-PCI Express? I have been searching Google for the past couple of days and I haven't been able to find any information about VPN accelerator cards for these new slots. Do they even exist or am I just typing in the wrong search string into Google (it wouldn't be the first time)?

Offline Jason Litka

  • Hero Member
  • *****
  • Posts: 951
  • Karma: +0/-0
    • View Profile
    • Utter Ramblings
Re: VPN Accelerator Cards
« Reply #1 on: September 23, 2011, 09:25:03 am »
The Exar (Hifn) 8200-series is the only one I'm aware of that is PCI-e, though I've not found any cards actually made with it (mini or full size), nor am I aware of whether or not it will work with pfSense.

EDIT:  Or maybe the Exar DX 1710 PCI-e card, that seems to be their pre-built card using the same 8201 chip, but I can't find that either.
« Last Edit: September 23, 2011, 09:41:55 am by Jason Litka »
I can break anything.

Offline josen

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #2 on: September 25, 2011, 12:37:58 pm »
Hey there,

my experience with VPN accelerators is quite limited (VPN1411 on Alix 2.D3), but maybe you can avoid making the same mistake as I did. This card decreased the cpu load (sys) on my Alix, but did nothing to improve maximum throughput. This comes from the fact, that operations need to go from the system to card and back. It can be seen from increasing interrupt load.

Maybe my setup was too simple (1 OpenVPN tunnel) and performance benefits can be seen, when using the card with multiple clients, but I would just stick some more oomph into the box :-)

Offline Honeybadger

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #3 on: October 26, 2011, 03:10:53 am »
Even if we find a supplier with DX1700s, does PFSense/FreeBSD support the 8201 chip?

Offline Jason Litka

  • Hero Member
  • *****
  • Posts: 951
  • Karma: +0/-0
    • View Profile
    • Utter Ramblings
Re: VPN Accelerator Cards
« Reply #4 on: October 26, 2011, 09:56:21 am »
Even if we find a supplier with DX1700s, does PFSense/FreeBSD support the 8201 chip?

I doubt it.  It's hard to support hardware you can't find.
I can break anything.

Offline Honeybadger

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #5 on: October 28, 2011, 10:54:28 am »
I found DX1710s, they are $300 bucks and are not driver compatible with the old 7955s (Soekris cards).

Is there any other VPN processing hardware that freeBSD/PFSense has drivers for, I can't find such info in the FAQs or Google searches.

Offline dotdash

  • Hero Member
  • *****
  • Posts: 1285
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #6 on: October 28, 2011, 02:28:41 pm »
The crypto manpage lists supported VPN accelerators- check the SEE ALSO section:
http://www.freebsd.org/cgi/man.cgi?query=crypto&sektion=4&apropos=0&manpath=FreeBSD+8.2-RELEASE

I think that Pfsense should have drivers for all FreeBSD supported cards. I could be wrong though. I've used hifn, glxsb, and ubsec.

Offline Honeybadger

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #7 on: October 28, 2011, 04:42:04 pm »
It is starting to look like there are no security accelleration cards available for PCI-E or mini PCI-E.
I've gotten some nibbles that some would be willing to produce such a card if there was a demand for it.

How much demand is there?

Offline ScottNJ

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #8 on: October 28, 2011, 07:25:02 pm »
Hey there,

my experience with VPN accelerators is quite limited (VPN1411 on Alix 2.D3), but maybe you can avoid making the same mistake as I did. This card decreased the cpu load (sys) on my Alix, but did nothing to improve maximum throughput. This comes from the fact, that operations need to go from the system to card and back. It can be seen from increasing interrupt load.

Maybe my setup was too simple (1 OpenVPN tunnel) and performance benefits can be seen, when using the card with multiple clients, but I would just stick some more oomph into the box :-)

OpenVPN uses SSL encryption which the VPN1411 doesn't support.

vpn14x1
"Encryption, 128/192/256 AES, DES, 3-DES and RC4 at 210 to 460 Mbps"

Offline koukobin

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #9 on: October 28, 2011, 11:12:46 pm »
Yes OpenVPN does SSL encryption but uses AES or 3DES algorithm. So Soerkris 1411 should work with OpenVPN. Correct me if i am wrong.

Offline Honeybadger

  • Jr. Member
  • **
  • Posts: 50
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #10 on: October 29, 2011, 09:02:14 am »
Yes OpenVPN does SSL encryption but uses AES or 3DES algorithm. So Soerkris 1411 should work with OpenVPN. Correct me if i am wrong.

I have a 5501 with a 1411 and it supports OpenVPN perfectly.

Offline althornin

  • Jr. Member
  • **
  • Posts: 57
  • Karma: +0/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #11 on: December 26, 2011, 02:41:50 pm »
Going back to the original question, why not use something like this:
http://www.amfeltec.com/products/flexible-minipcie-to-minipci-adapter.php
It converts mini pci-e to mini pci, allowing the use of well know soekris vpn 1411 cards, etc.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14990
  • Karma: +4/-0
    • View Profile
Re: VPN Accelerator Cards
« Reply #12 on: December 27, 2011, 10:53:37 am »
Going back to the original question, why not use something like this:
http://www.amfeltec.com/products/flexible-minipcie-to-minipci-adapter.php
It converts mini pci-e to mini pci, allowing the use of well know soekris vpn 1411 cards, etc.

On faster systems, you'd easily saturate the bus on those and probably get poorer performance with the card in than without the card.

Hopefully once we get FreeBSD 9 builds going we'll get AESNI included and see how that helps :-)
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline gonzopancho

  • Chief cook and bottle washer
  • Administrator
  • Hero Member
  • *****
  • Posts: 2496
  • Karma: +4/-4
    • View Profile
Re: VPN Accelerator Cards
« Reply #13 on: January 27, 2014, 01:24:26 pm »
The Exar (Hifn) 8200-series is the only one I'm aware of that is PCI-e, though I've not found any cards actually made with it (mini or full size), nor am I aware of whether or not it will work with pfSense.

EDIT:  Or maybe the Exar DX 1710 PCI-e card, that seems to be their pre-built card using the same 8201 chip, but I can't find that either.

I think you'll find that the Intel QuickAssist stuff is "aka Hifn 8200 series".

work proceeds.  :-)


Offline gonzopancho

  • Chief cook and bottle washer
  • Administrator
  • Hero Member
  • *****
  • Posts: 2496
  • Karma: +4/-4
    • View Profile
Re: VPN Accelerator Cards
« Reply #14 on: January 27, 2014, 01:25:13 pm »
Going back to the original question, why not use something like this:
http://www.amfeltec.com/products/flexible-minipcie-to-minipci-adapter.php
It converts mini pci-e to mini pci, allowing the use of well know soekris vpn 1411 cards, etc.

On faster systems, you'd easily saturate the bus on those and probably get poorer performance with the card in than without the card.

Hopefully once we get FreeBSD 9 builds going we'll get AESNI included and see how that helps :-)

AESNI needs a lot more work before it's going to help.  ;-)

Work proceeds.