This is my linksys wrt1200ac router running openwrt chaos calmer without hardware encryption.
openssl speed aes-128-cbc aes-256-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 22115.49k 23533.72k 23918.11k 23759.20k 23392.41k
aes-256 cbc 17021.01k 17849.96k 18528.97k 18411.86k 18751.19k
Results with -evp
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 57870.11k 166301.54k 500421.82k 2999330.13k 5462835.20k
aes-256-cbc 34949.69k 203289.60k 588880.00k 1769523.20k 8192819.20k
Results with -elapsed
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 22028.01k 23443.88k 23716.69k 23905.96k 23344.47k
aes-256 cbc 16927.14k 18014.42k 18365.10k 18414.25k 18614.95k
Results with -elapsed -evp
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 2164.35k 7273.90k 18415.27k 30216.19k 36088.49k
aes-256-cbc 2054.61k 6656.23k 15593.65k 23533.91k 27211.09k
Build Info:
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,long) aes(partial) blowfish(ptr)
compiler: ccache_cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -I/home/jow/relman-cc.1/.cache/sdk/mvebu/generic/staging_dir/target-arm_cortex-a9+vfpv3_uClibc-0.9.33.2_eabi/usr/include -I/home/jow/relman-cc.1/.cache/sdk/mvebu/generic/staging_dir/target-arm_cortex-a9+vfpv3_uClibc-0.9.33.2_eabi/include -I/home/jow/relman-cc.1/.cache/sdk/mvebu/generic/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-4.8-linaro_uClibc-0.9.33.2_eabi/usr/include -I/home/jow/relman-cc.1/.cache/sdk/mvebu/generic/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-4.8-linaro_uClibc-0.9.33.2_eabi/include -DOPENSSL_SMALL_FOOTPRINT -DHAVE_CRYPTODEV -DOPENSSL_NO_ERR -DTERMIOS -Os -pipe -march=armv7-a -mtune=cortex-a9 -mfpu=vfpv3-d16 -fno-caller-saves -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -mfloat-abi=soft -fpic -fomit-frame-pointer -Wal
For rerference my desktop system (debian jessie-backports, kernel 4.7) with an i3-6100T
Results with -elapsed
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 126771.10k 141282.43k 144572.76k 146331.65k 146792.45k
aes-256 cbc 93610.62k 101680.19k 102504.11k 101647.02k 95764.48k
Results with -elapsed -evp
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 1041366.59k 1159505.11k 1202731.69k 1211473.24k 1214163.63k
aes-256 cbc 91820.65k 101493.80k 102946.30k 103063.89k 101029.21k
Build Info:
OpenSSL 1.0.2j 26 Sep 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
Thanks for the pfsense comparison, seems these appliances can do everything i used openwrt for out of the box and are alot more powerfull but also more expensive. Giving the sg-2220 appliance an try.
Does ssh run stable with marvel-cesa? With strongswan the router sometimes reboots if ipsec starts but is afterwards stable.
Takes only a few seconds but can be seen on the console.