Hi Ralf,
On 07/11/19 16:20, Ralf Hildebrandt via Openvpn-users wrote:
We're (finally) running OpenVPN-2.4.8 on new(er) hardware. How can we
see if it is using the CPU based hardware crypto?
Nov 7 16:00:21 openvpn2019 tcp[704]: OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL
(OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Nov 7 16:00:26 openvpn2019 udp[703]: OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL
(OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Your OpenVPN is linked against OpenSSL; the hardware crypto comes from
the openssl library, which nowadays almost always uses the hardware
crypto (aesni) stuff. You can verify it using an openssl command:
$ openssl speed -evp aes-256-gcm
[...]
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-gcm 425364.35k 1051290.73k 1965822.72k 2464973.82k
2740142.08k
$ OPENSSL_ia32cap=0 openssl speed -evp aes-256-gcm
[...]
aes-256-gcm 79353.93k 88207.08k 90939.05k 89396.91k 91321.69k
in the first line you see what aes-ni does for AES-256-GCM: 2,740,142
kbytes processed per second for 8K blocks
compared to the second line withuout aes-ni: only 91,321 kbytes processed.
If the results or the two above commands are equal, then your openssl
library does NOT use hardware crypto.
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
