Hello,
I've just replaced my good old RB2011 with a L009UiGS-2HaxD, however I'm not having any success with hardware assisted IPsec.
The router is connected to 3 different Mikrotik routers (RBD52G-5HacD2HnD, D53G-5HacD2HnD, RBwAPGR-5HacD2HnD) which all can work in accelerated mode, however the new L009UiGS-2HaxD cannot, whatever encryption I choose.
Of course, the result is high CPU load and limited throughput.
Is this a known limitation, or am I doing something wrong?
I'm running the latest dev branch 7.12rc1
Thanks for your help.
Re: L009UiGS-2HaxD hardware accelerated IPsec?
L009 switch chip is not (yet ?) on the list of supported chips for HW acceleration.
https://help.mikrotik.com/docs/display/ROS/IPsec
The fact IPSEC test results are missing from the product page, is also an indication.
If you really have to use IPSEC, you're stuck there.
Is it an option to move to Wireguard ? Much faster and less demanding on CPU.
https://help.mikrotik.com/docs/display/ROS/IPsec
The fact IPSEC test results are missing from the product page, is also an indication.
If you really have to use IPSEC, you're stuck there.
Is it an option to move to Wireguard ? Much faster and less demanding on CPU.
Re: L009UiGS-2HaxD hardware accelerated IPsec?
Thanks for answer.
I believe it is not the switch chip responsible for the encryption, but the CPU (IPQ-5018).
The product page is s really missing the IPsec test results, however the description is clearly stating "L009 features a powerful dual-core ARM CPU. It offers significant improvement when it comes to routing and filtering, complex firewall rules, IPsec hardware encryption, and various advanced RouterOS features"
I was already looking at the Wireguard VPN solution, but I wonder if that is faster than the hardware assisted IPsec.
Let's hope someone from Mikrotik can chime in and confirm that HW encryption was only forgotten from the code and next version will have it.
My other older and smaller routers have the feature, so I expect to have it in the new L009UiGS-2HaxD.
I believe it is not the switch chip responsible for the encryption, but the CPU (IPQ-5018).
The product page is s really missing the IPsec test results, however the description is clearly stating "L009 features a powerful dual-core ARM CPU. It offers significant improvement when it comes to routing and filtering, complex firewall rules, IPsec hardware encryption, and various advanced RouterOS features"
I was already looking at the Wireguard VPN solution, but I wonder if that is faster than the hardware assisted IPsec.
Let's hope someone from Mikrotik can chime in and confirm that HW encryption was only forgotten from the code and next version will have it.
My other older and smaller routers have the feature, so I expect to have it in the new L009UiGS-2HaxD.
Last edited by akovacs on Mon Oct 09, 2023 12:56 pm, edited 1 time in total.
Re: L009UiGS-2HaxD hardware accelerated IPsec?
Make no mistake, Wireguard IS faster then HW assisted IPSEC.
I did the tests between RB5009 and AX Lite some time ago.
Noticeable difference.
I'm sure it will only be a matter of time before IPSEC HW offload gets included properly.
I did the tests between RB5009 and AX Lite some time ago.
Noticeable difference.
I'm sure it will only be a matter of time before IPSEC HW offload gets included properly.
Re: L009UiGS-2HaxD hardware accelerated IPsec?
Mikrotik support has no estimate about when the hardware encryption would be available.
Let's hope it is coming soon.
Meanwhile, I will experiment with Wireguard.
Let's hope it is coming soon.
Meanwhile, I will experiment with Wireguard.
-
-
wispmikrotik
Member Candidate
- Posts: 138
- Joined:
Re: L009UiGS-2HaxD hardware accelerated IPsec?
Hi,
@Normis, Do we have progress? When can we see IPsec hardware acceleration for the L009?
Thanks,
@Normis, Do we have progress? When can we see IPsec hardware acceleration for the L009?
Thanks,
Who is online
Users browsing this forum: No registered users and 5 guests