Hi,
On 31/07/15 09:10, Rahul Arora wrote:
Hi
I tried to run openssl with the commands provided by you.But my
performance is decreasing when i use cryptodev.
I tried with file of approx 100MB.
*Without HW it takes 4secs only.
*
*with cryptodev it takes 3min 15 secs*
Can you please provide some inputs to improve this?
this depends greatly on your hardware, but it is also off-topic for the
openvpn email lists.
Perhaps you are better off asking on the openssl users/devel mailing lists.
It does prove, however, that you should not and can not blindly trust
the results that "openssl speed" give you.
HTH,
JJK
On Fri, Jul 31, 2015 at 6:26 AM, Jan Just Keijser <janj...@nikhef.nl
<mailto:janj...@nikhef.nl>> wrote:
Hi,
On 30/07/15 19:04, Rahul Arora wrote:
Hi
Thanks for the reply.
I am already using "--engine cryptodev" in the configuration file.
I am using "aes-128-cbc" cipher algorithm and it is supported in
my hardware as i am running "openssl speed test" using these
ciphers only and in case of "openssl speed test" throughput is
increasing but with openvpn it is not so.
this was reported by someone on the list a few days ago as well.
the problem is not with openvpn , but with the openssl speed
command used: the cryptodev engine (and kernel device) do not
provide a factor of 100+ speedup. It's the "openssl speed -evp
aes-256-cbc" command that reports erroneous results.
Try running this openssl command on your box:
date ; cat bigfile | openssl enc -e -aes-256-cbc -bufsize 8192
-pass pass:testing123 > /dev/null ; date
where 'bigfile' is some large file of > 2 GB in size.
Then rerun it using
date ; cat bigfile | openssl enc -engine cryptodev -e -aes-256-cbc
-bufsize 8192 -pass pass:testing123 > /dev/null ; date
and compare the results. On my hardware I get zero difference
whether I use cryptodev or not, whereas 'openssl speed' reports a
100+ % improvement:
with cryptodev module loaded:
aes-256-cbc 286337.65k 1048423.31k 4589489.60k
19596646.40k 141238272.00k
without cryptodev:
aes-256-cbc 465276.57k 487043.33k 493990.87k
493776.90k 495720.11k
so, apart from the fact that openvpn's speed limitations are not
determined solely by encryption/decryption, this does prove to me
that the cryptodev device offers little if no performance improvement.
hope this clears things up,
JJK
On Thu, Jul 30, 2015 at 5:18 PM, Gert Doering
<g...@greenie.muc.de <mailto:g...@greenie.muc.de>> wrote:
Hi,
On Thu, Jul 30, 2015 at 12:55:00PM +0530, Rahul Arora wrote:
> *Openvpn --version*
> OpenVPN 2.1.3 arm-fsl-linux-gnueabi [SSL] [LZO2] [EPOLL] built on Jul
29
> 2015
This is, uh, ancient. 2.3.7 is the current stable release.
(It might or might not related, but we're certainly not going
back to 2.2
or even 2.1 releases to debug anything. OpenVPN *should* use
the crypto
accelerator just fine, if OpenSSL can use it - if you need to
use an
OpenSSL engine, tell OpenVPN with "--engine yourengine". It
might not
make an overwhelming difference in speed if you use the wrong
crypto
algorithms - like, your hardware accelerates 3DES and you use
--cipher blowfish...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/ <http://www.muc.de/%7Egert/>
Gert Doering - Munich, Germany g...@greenie.muc.de
<mailto:g...@greenie.muc.de>
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
