On 2015-09-02, Dot Yet <dot....@gmail.com> wrote: > Any idea if running an ipsec vpn or openvpn on the same machine will > benefit from the second core? working remotely over VPN is quite common > these days. so all the extra juice may help encryption etc. is it so?
Using a processor that supports AESNI (it shows up in the cpu attach lines in dmesg) and choosing ciphers that work with this (if you have the choice) will have a much bigger effect than multiple cores. > On Tue, Sep 1, 2015 at 8:59 PM, Quartz <qua...@sneakertech.com> wrote: > >> Maybe this webpage would help you make an informed choice? >>> >>> https://calomel.org/pf_config.html >>> >> >> That looks like a good reference for setting up pf and the right way to >> architect your pf.conf, but it doesn't appear to address any of the cpu >> threading issues I'm trying to figure out. Thanks though, I'll keep a copy >> of that in my files, it might help when we finally set this system up. That really isn't a great reference. A huge chunk (of a very long page) deals with things that almost nobody needs to touch, the things which actually help laying out pf.conf nicely (like tags) are only lightly dealt with, the "match log(matches)" which is indispensible when debugging more complex rulesets isn't mentioned at all.
