Aloha all, since I use pfSense in multiple locations in a 4 node IPSec vpn setup, I got curious as to what kind of performance I could potentially be getting if I wasn’t hamstrung by the 20 Mbps uplink each site has.
Apparently, I’d need a multi gigbit uplink to let most of CPU’s I have on hand really stretch their encryption performance legs.
You can view my results here: https://docs.google.com/spreadsheets/d/1zKgIaRF5noy9znNdrYkpRtoy1sZbTCwZy8o_RdDuL6w/edit?usp=sharing
What I’d like from everyone that wishes to contribute is for you to fill out this form I threw together to collate data: https://forms.gle/3yLVxj5c8nbgpaEw8
Entering your username is optional if you want to be anonymous.
When you run the test (the form tells you what command to run), you should get output similar to this:
Basically, you’re going to run 2 tests:
- AES-NI on: openssl speed -elapsed -evp aes-256-cbc
- AES-NI off: openssl speed -elapsed aes-256-cbc
If your version of OpenSSL includes 16384 bytes results, don’t use those. I’m only collecting the "8192 bytes" results. Also, if you install OpenSSL for Windows, you can get the results from your Windows based builds as well (desktop, server, laptop, etc).
And finally, the disclaimer: these results do not mean you WILL get this kind of performance across 2 encrypted points.
It’s merely giving you an idea of the potential.