PINE64
ROCK64 as VPN Gateway - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: ROCK64 (https://forum.pine64.org/forumdisplay.php?fid=85)
+--- Forum: General Discussion on ROCK64 (https://forum.pine64.org/forumdisplay.php?fid=86)
+--- Thread: ROCK64 as VPN Gateway (/showthread.php?tid=8456)

Pages: 1 2


ROCK64 as VPN Gateway - Talkabout - 11-30-2019

Hi guys,

I am searching a good VPN gateway board since some time. Currently I am using a Raspberry Pi 4 but am not really happy with the OpenVPN throughput (approx. 60 MBit/s, but 100 MBits/s connection). I guess this is related to the fact that the Raspberry does not have supported hardware acceleration for openssl/openvpn. I also tried some other boards (like an Odroid) but none of them provided a sufficient performance until now. I read about the ROCK64 and people are claiming that the crypto hardware is used by openssl, is this the case? What performance can I expect if using the board with OpenVPN? Maybe somebody already tested it and can provide some numbers?

Thanks in advance!

Bye


RE: ROCK64 as VPN Gateway - jsfrederick - 11-30-2019

I have a Rock64 as my Pi-Hole box and it's also running PiVPN. I'm very happy with the performance. Don't have any real numbers, but it's pretty comparable to the commercial VPN I used previously.


RE: ROCK64 as VPN Gateway - Talkabout - 12-01-2019

Hi @jsfrederick ,

thanks for your answer!

Can you do me a favor and execute the following command on your Rock64:

Code:
:~ $ openssl speed -evp aes-128-cbc -elapsed


You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 11503672 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 3579215 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 967404 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 246825 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 30944 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 15543 aes-128-cbc's in 3.00s
OpenSSL 1.1.1c  28 May 2019
built on: Thu May 30 15:27:48 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-hL5TK7/openssl-1.1.1c=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      61352.92k    76356.59k    82551.81k    84249.60k    84497.75k    84885.50k


This should show how slow/fast the openssl performance is.

Bye


RE: ROCK64 as VPN Gateway - evilbunny - 12-01-2019

Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k



RE: ROCK64 as VPN Gateway - Talkabout - 12-01-2019

(12-01-2019, 05:30 AM)evilbunny Wrote:
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k

Hi @evilbunny 

these numbers look amazing (compared to the PI4). What operating system are you using?

I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.

Thanks!

Bye


RE: ROCK64 as VPN Gateway - tllim - 12-01-2019

(12-01-2019, 05:41 AM)Talkabout Wrote:
(12-01-2019, 05:30 AM)evilbunny Wrote:
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k

Hi @evilbunny 

these numbers look amazing (compared to the PI4). What operating system are you using?

I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.

Thanks!

Bye
Rock64 same size as RPi3, the only different is the power connect (DC jack vs microUSB).


RE: ROCK64 as VPN Gateway - Talkabout - 12-01-2019

Ok, thanks guys, sound good!

some more points to confirm:

- NFS root (file system on nfs share) possible?
- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?
- my PI rack has a fan, what temperatures are expected from the CPU on load?

Thanks!


RE: ROCK64 as VPN Gateway - jsfrederick - 12-01-2019

My numbers are just about the same as Evilbunny's, see below.

I am using Armbian Stretch (www.armbian.com) for the Rock64, and PiVPN (www.pivpn.io).

I have a a case that has a fan so it runs pretty cool for me.  I got my case from here: https://www.kksb-cases.us/

As TLLIM said, the Rock64 is the same size as the RPi, but i recommend that you get a Rock64 specific case since the connectors are slightly different.

Code:
root@pihole:~# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 16437665 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 13192876 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6888083 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2453359 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 352688 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175202 aes-128-cbc's in 3.00s
OpenSSL 1.1.0l  10 Sep 2019
built on: reproducible build, date unspecified
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/aarch64-linux-gnu/engines-1.1\""
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      87667.55k   281448.02k   587783.08k   837413.21k   963073.37k   956836.52k
root@pihole:~#



RE: ROCK64 as VPN Gateway - evilbunny - 12-02-2019

(12-01-2019, 05:41 AM)Talkabout Wrote: these numbers look amazing (compared to the PI4). What operating system are you using?

Ayufan's Debian Minimal

(12-01-2019, 04:57 PM)Talkabout Wrote: - NFS root (file system on nfs share) possible?

you still need an emmc/sdcard for boot etc, once that finishes you can do nfs root, this is an OS/software config thing

Quote:- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?

Raspbian is a debian fork, with arm there is no bios, hardware specific files get loaded at boot you need to use rock64 images.

Quote:- my PI rack has a fan, what temperatures are expected from the CPU on load?

Thermal limits start kicking in about 83C, I use a small fan and some small heatsinks on my r64's to stop them getting that high.


RE: ROCK64 as VPN Gateway - Talkabout - 12-02-2019

Thanks again guys!

This answers all my questions, I ordered a Rock64 and will give it a shot.

Bye