[Openvpn-users] Fw: Re: OpenVPN-2.4.8 running on new hardware, but is it using the CPU based hardware crypto?

Thu, 07 Nov 2019 12:02:16 -0800 


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday 7 November 2019 20:45, Pippin <pippin...@protonmail.com> wrote:

Hi,

To add some info, if want to know a ballpark figure regarding throughput one 
can do:

$ openvpn --genkey --secret /tmp/secret
$ time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 
--cipher aes-256-cbc
Thu Nov 7 20:39:57 2019 disabling NCP mode (--ncp-disable) because not in P2MP 
client or server mode

real 0m8.050s
user 0m8.035s
sys 0m0.012s

Now divide 3200 with the real time:
3200/8.05 ~ 397 Mbps (estimated)


 ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Thursday 7 November 2019 16:37, Jan Just Keijser janj...@nikhef.nl wrote:
>
> > Hi Ralf,
> > On 07/11/19 16:20, Ralf Hildebrandt via Openvpn-users wrote:
> >
> > > We're (finally) running OpenVPN-2.4.8 on new(er) hardware. How can we
> > > see if it is using the CPU based hardware crypto?
> > > Nov 7 16:00:21 openvpn2019 tcp[704]: OpenVPN 2.4.8 x86_64-pc-linux-gnu 
> > > [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on 
> > > Oct 30 2019
> > > Nov 7 16:00:26 openvpn2019 udp[703]: OpenVPN 2.4.8 x86_64-pc-linux-gnu 
> > > [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on 
> > > Oct 30 2019
> >
> > Your OpenVPN is linked against OpenSSL; the hardware crypto comes from
> > the openssl library, which nowadays almost always uses the hardware
> > crypto (aesni) stuff.  You can verify it using an openssl command:
> > $ openssl speed -evp aes-256-gcm
> > [...]
> > type             16 bytes     64 bytes    256 bytes   1024 bytes 8192 bytes
> > aes-256-gcm     425364.35k  1051290.73k  1965822.72k  2464973.82k
> > 2740142.08k
> > $ OPENSSL_ia32cap=0 openssl speed -evp aes-256-gcm
> > [...]
> > aes-256-gcm      79353.93k    88207.08k    90939.05k    89396.91k 91321.69k
> > in the first line you see what aes-ni does for AES-256-GCM: 2,740,142
> > kbytes processed per second for 8K blocks
> > compared to the second line withuout aes-ni: only 91,321 kbytes processed.
> > If the results or the two above commands are equal, then your openssl
> > library does NOT use hardware crypto.
> > HTH,
> > JJK
> > Openvpn-users mailing list
> > Openvpn-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users




_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to