SSTP hardware acceleration?

carl0s · Fri May 05, 2017 11:32 pm

Hi. The new affordable routers with 'IPSec hardware encryption acceleration' (RB750Gr3).

.. can the hardware acceleration work for SSTP as well? or only IPSec?

Mon May 08, 2017 8:02 am

Hardware acceleration works only with ipsec.

ajack46 · Mon May 08, 2017 10:00 am

Will work only for IPsec

doneware · Mon May 08, 2017 11:13 am

Hardware acceleration works only with ipsec.

just asking, why? As far as i know, usually the HW assists the cyphering, which is in this case AES (CBC or CTR) up to 256bits.
so what i would think it's just the code running on the CPU (read: current SSTP implementation) that doesn't use the hw capabilities.
does this sound reasonable (although it will not change the overall outcome of the discussion)?

Mon May 08, 2017 11:22 am

Because SSTP uses regular SSL lib which does not support HW acceleration. But it is possible that in future SSTP will also use HW enc.

Mon May 08, 2017 12:36 pm

Because SSTP uses regular SSL lib which does not support HW acceleration. But it is possible that in future SSTP will also use HW enc.

Everything happens in the future

carl0s · Tue May 23, 2017 1:41 pm

Yes I did wonder the same. The hardware does encryption and usually with VPN types you can specify the encryption type, so long as we find one that is common between SSTP and what the hardware offers..

Anyway, yes, the Future... lots of things take a long time around here don't they

It's just that SSTP is so firewall friendly.. I can send out small Hex boxes and not worry about firewalls being in the way.

idlemind · Tue Jun 20, 2017 5:47 pm

I wonder if the CHR sees increased performance on hypervisors with AES acceleration passthrough. Anyone have a pair of licensed units that could comment?

Wed Jun 21, 2017 11:43 am

from 6.39 changelog:
*) ipsec - enable aes-ni on i386 and x64 for cbc, ctr and gcm modes;

So yes, CHR will have increased AES performance if v6.39 is installed, but this only works with IPSec, not SSTP.

carl0s · Wed Jun 21, 2017 11:49 am

from 6.39 changelog:
*) ipsec - enable aes-ni on i386 and x64 for cbc, ctr and gcm modes;

So yes, CHR will have increased AES performance if v6.39 is installed, but this only works with IPSec, not SSTP.

It would be super cool if you guys would work on rebuilding the SSTP stuff to use the hardware crypto

idlemind · Wed Jun 21, 2017 3:37 pm

Thanks mrz!

mywayteam · Sun Dec 03, 2023 7:06 pm

Bump Up!
Any plans to implement it?

SSTP hardware acceleration?

SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Re: SSTP hardware acceleration?

Who is online