I try to compare and choose which cipher to use in hub-spoke OpenVPN scheme where 30-40 remote points (spokes) will connect to the single "center" point (hub).
The hub is CCR1009 device which is quite powerful and has hardware acceleration for AES, and the spokes are 951 and 2011 routers, which are sufficient for the task (not that huge bandwidth with very nice price and overall value). As far as I know, both 951 and 201 can't do any hardware acceleration for any cipher so I consider it to encrypt in pure software mode.
So my question is: which cipher is less CPU-intensive for 951 device, aes-128 or blowfish-128?
I do understand that CCR will process 40 VPNs easily despite the cipher I choose even with its CPU only, but I suspect I'd better be good on 951 CPU and to care for its load.
As far as I see on the internet, the aes-128 should be better choice for CPU-based crypto like in 951/2011. But then, I really wonder if the CCR will use its h/w acceleration for OpenVPN when I use it with aes-128, or this h/w acceleration is for ipsec only?
Thank you for the answer, I know this is kind of very beginning of VPN area but I'd really like to know and now to just guess!