# IPSEC AES256 performance



## Abdullah (Feb 3, 2018)

I Have lanner 8759 which has xeon e3-1275 processor. Running opnsense (based on freebsd 10.3).  i have connected 2 such firewalls back to back Network topology is attached. VPN config at both ends is as follows:
Mode: Main
P1 protocol: AES256 and SHA1
P2 protocol: ESPand SHA1.
Tunnel is established between 10.10.10.1 and 10.10.10.2. I can verify that the tunnels are up using tcpdump.
Iperf server is hosted on 192.168.2.2, client from 192.168.3.2. Both PCs running windows.
I am getting throughput of about 420 Mbps. I was wondering if this is good on a xeon e3-1275 processor?
Also it supports aes ni, does that get enabled by default or has to be enabled via bios?
Lastly are there any tunables that i can play around with to increase performance since my cpu utilization hardly gets upto 15%?


----------



## SirDice (Feb 5, 2018)

Abdullah said:


> Running opnsense


PC-BSD, FreeNAS, NAS4Free, and all other FreeBSD Derivatives



Abdullah said:


> Also it supports aes ni, does that get enabled by default or has to be enabled via bios?


It's not enabled by default; `kldload aesni`


----------



## Abdullah (Feb 5, 2018)

will check it out with aes ni. thank you for response


----------



## Abdullah (Feb 26, 2018)

SirDice said:


> PC-BSD, FreeNAS, NAS4Free, and all other FreeBSD Derivatives
> 
> 
> It's not enabled by default; `kldload aesni`


Almost  twice the speed on AES GCM  with aes ni enabled, thanks for your tip.


----------

