Hello,
> Date: Mon, 25 Apr 2016 17:59:39 +0200
> From: g...@greenie.muc.de
> To: dreet...@hotmail.com
> CC: openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] Log AES-NI
>
> Hi,
>
> On Mon, Apr 25, 2016 at 05:09:30PM +0200, Dreetjeh D wrote:
> > Currently when "engine cryptodev" is set, it will show up in the OpenVPN
> > log:
> > "Initializing OpenSSL support for engine 'cryptodev'"
> > On my NAS I use "engine cryptodev" (Armv7 so no aesni) in config.
> > 1. engine cryptodev is software crypto, as in not offloading from CPU?
>
> No idea what cryptodev can do on ARM. This NAS has hardware encryption
> support. I mentioned it because the log shows"Initializing OpenSSL support
> for engine 'cryptodev'"and in the log on pfSense I do not find for example:
> "Initializing OpenSSL support for engine 'AES-NI'"But that I understand now,
> thanks.
>
> > On my new self build router pfSense box I have AES-NI support on SoC, N3150
> > CPU.
> > 2. It is hardware crypto, as in offloading from CPU?
> > If I understand correct, AES-NI will automatically be used by OpenSSL if
> > available, so no need to write "engine aesni" in the config.
>
> Right.
>
> > 3. Would it be possible to log if OpenSSL is making use of AES-NI?
>
> We don't know - we call OpenSSL, and it will do something, and return
> an encrypted/decrypted buffer to us. Hmm... not getting any wiser from
> viewing in top too...
>
> > In pfSense, when activating AES-NI in WebUI, a module aesni.ko gets loaded.
> > 4. How would one know if AES-NI is actually being used, I mean looking at
> > it in real time?
>
> Using AES-NI via kernel cryptodev is almost always a bad idea - because
> it is much slower than just using the same AES-NI instructions in openssl
> userland ("same CPU opcodes, less jump-to-kernel-and-back").
>
> So "just don't do that"... Ok, so I should not load that module and not write
> "engine something" to take advantage of AES-NI.The results I posted on the
> forum do not show a difference worth mentioning though.....Offloading
> encryption doesn`t seem to do anything.Maybe because AES-NI is used
> regardless..? Could not find a related setting in BIOS.The only difference is
> between OpenVPN unencrypted vs. encrypted. I`m going to do some more tests.
>
> gert
> --
Thank you so far,Pippin
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
