Anyone using Data Channel Offload (OVPN-DCO) on any of your client devices/networks yet?

[gonzopancho]

OpenVPN DCO is significantly faster than without.
It's also faster than Wireguard (even keeping the transform the same.)

 

[RMerlin]

It's also faster than Wireguard (even keeping the transform the same.)

That's probably because CPUs specialized operands can accelerate AES cipher operations, but not Chacha20.

 

[gonzopancho]

That's probably because CPUs specialized operands can accelerate AES cipher operations, but not Chacha20.

Only problem with your assertion: In addition to AES-GCM, DCO can run ChaCha20/Poly1305, and yes, OpenVPN w/DCO is still faster than Wireguard running ChaCha20/Poly1305. This is what I was relating when I wrote: "(even keeping the transform the same.)"

There is no good reason for this, after all, both protocols have to do about the same work, but there is a less good one: architecture. Wireguard could be better implemented on linux and windows.

Oh, and CPU instructions can accelerate ChaCha20, too. That's why we did the IIMB work for pfSense, and extended it to ARM64 platforms.

 

[sfx2000]

Oh, and CPU instructions can accelerate ChaCha20, too. That's why we did the IIMB work for pfSense, and extended it to ARM64 platforms.

Jim,

Which instructions are you asserting to regarding ChaCha20-Poly1035 acceleration and on which architecture classes?

On x86 - even without AES-NI, intel did a lot of good work using SSE to speed up the AES family...

ChaCha20 does run quite nicely on MIPS32 along with 32-bit ARM (and ARM64 cores that didn't license the crypto extensions like Broadcom's older Pi chips...)

 

[sfx2000]

In addition to AES-GCM, DCO can run ChaCha20/Poly1305

Go up in the thread - it's been discussed that DCO supports the AEAD ciphers for AES-128-GCM and ChaCha20-Poly1305 - that's old news...

Anyways nice to see that pfSense is implementing DCO - with the BSD stack, should perform well...

Realizing of course, that DCO is still work in progress, obviously...

 

[gonzopancho]

Jim,

Which instructions are you asserting to regarding ChaCha20-Poly1035 acceleration and on which architecture classes?

On x86 - even without AES-NI, intel did a lot of good work using SSE to speed up the AES family...

ChaCha20 does run quite nicely on MIPS32 along with 32-bit ARM (and ARM64 cores that didn't license the crypto extensions like Broadcom's older Pi chips...)

SSE 4.1/AVX/AVX2, if you have it will all accelerate ChaCha20 with our implementation.

With AVX-512 or even some recent Atoms, you can run VAES for AES-GCM and that rips .vs plain AES-NI.

 

[gonzopancho]

Go up in the thread - it's been discussed that DCO supports the AEAD ciphers for AES-128-GCM and ChaCha20-Poly1305 - that's old news...

Anyways nice to see that pfSense is implementing DCO - with the BSD stack, should perform well...

Have, and it does.

Realizing of course, that DCO is still work in progress, obviously...

At this point, it’s essentially done.

 

[Tech9]

At this point, it’s essentially done.

Is this going to work or done already for Intel C3558? I have 2x Netgate 6100 and 1x Netgate 5100 units in use based on this platform. All run site-to-site OpenVPN with sufficient for the needs speed, but I don't mind better. My IT guys have nothing much to do lately. I have one Netgate 6100 spare for experiments.

 

[sfx2000]

At this point, it’s essentially done.

Any chance of this making it over to pfSense CE?

Anyways - welcome to the SNB forums - you're always welcome here, just note that some folks are challenged with their filters - they mean well, just saying