Hi. The new affordable routers with ‘IPSec hardware encryption acceleration’ (RB750Gr3).
.. can the hardware acceleration work for SSTP as well? or only IPSec?
Hardware acceleration works only with ipsec.
Will work only for IPsec
just asking, why? As far as i know, usually the HW assists the cyphering, which is in this case AES (CBC or CTR) up to 256bits.
so what i would think it’s just the code running on the CPU (read: current SSTP implementation) that doesn’t use the hw capabilities.
does this sound reasonable (although it will not change the overall outcome of the discussion)?
Because SSTP uses regular SSL lib which does not support HW acceleration. But it is possible that in future SSTP will also use HW enc.
Everything happens in the future 
Yes I did wonder the same. The hardware does encryption and usually with VPN types you can specify the encryption type, so long as we find one that is common between SSTP and what the hardware offers..
Anyway, yes, the Future… lots of things take a long time around here don’t they 
It’s just that SSTP is so firewall friendly.. I can send out small Hex boxes and not worry about firewalls being in the way.
I wonder if the CHR sees increased performance on hypervisors with AES acceleration passthrough. Anyone have a pair of licensed units that could comment?
from 6.39 changelog:
*) ipsec - enable aes-ni on i386 and x64 for cbc, ctr and gcm modes;
So yes, CHR will have increased AES performance if v6.39 is installed, but this only works with IPSec, not SSTP.
It would be super cool if you guys would work on rebuilding the SSTP stuff to use the hardware crypto
Thanks mrz!
Bump Up!
Any plans to implement it?