Hi guys,
I am searching a good VPN gateway board since some time. Currently I am using a Raspberry Pi 4 but am not really happy with the OpenVPN throughput (approx. 60 MBit/s, but 100 MBits/s connection). I guess this is related to the fact that the Raspberry does not have supported hardware acceleration for openssl/openvpn. I also tried some other boards (like an Odroid) but none of them provided a sufficient performance until now. I read about the ROCK64 and people are claiming that the crypto hardware is used by openssl, is this the case? What performance can I expect if using the board with OpenVPN? Maybe somebody already tested it and can provide some numbers?
Thanks in advance!
Bye
I have a Rock64 as my Pi-Hole box and it's also running PiVPN. I'm very happy with the performance. Don't have any real numbers, but it's pretty comparable to the commercial VPN I used previously.
Hi @ jsfrederick ,
thanks for your answer!
Can you do me a favor and execute the following command on your Rock64:
Code: :~ $ openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 11503672 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 3579215 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 967404 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 246825 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 30944 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 15543 aes-128-cbc's in 3.00s
OpenSSL 1.1.1c 28 May 2019
built on: Thu May 30 15:27:48 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-hL5TK7/openssl-1.1.1c=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 61352.92k 76356.59k 82551.81k 84249.60k 84497.75k 84885.50k
This should show how slow/fast the openssl performance is.
Bye
Code: Rock64:
# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d 10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 83467.99k 265912.51k 567192.41k 827204.95k 952388.27k 958447.62k
Code: RockPro64:
# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d 10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 352376.39k 869647.34k 1273120.68k 1408291.84k 1489237.33k 1496765.78k
(12-01-2019, 05:30 AM)evilbunny Wrote: Code: Rock64:
# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d 10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 83467.99k 265912.51k 567192.41k 827204.95k 952388.27k 958447.62k
Code: RockPro64:
# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d 10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 352376.39k 869647.34k 1273120.68k 1408291.84k 1489237.33k 1496765.78k
Hi @ evilbunny
these numbers look amazing (compared to the PI4). What operating system are you using?
I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.
Thanks!
Bye
(12-01-2019, 05:41 AM)Talkabout Wrote: (12-01-2019, 05:30 AM)evilbunny Wrote: Code: Rock64:
# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d 10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 83467.99k 265912.51k 567192.41k 827204.95k 952388.27k 958447.62k
Code: RockPro64:
# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d 10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 352376.39k 869647.34k 1273120.68k 1408291.84k 1489237.33k 1496765.78k
Hi @evilbunny
these numbers look amazing (compared to the PI4). What operating system are you using?
I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.
Thanks!
Bye Rock64 same size as RPi3, the only different is the power connect (DC jack vs microUSB).
Ok, thanks guys, sound good!
some more points to confirm:
- NFS root (file system on nfs share) possible?
- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?
- my PI rack has a fan, what temperatures are expected from the CPU on load?
Thanks!
12-01-2019, 08:33 PM
(This post was last modified: 12-01-2019, 08:34 PM by jsfrederick.)
My numbers are just about the same as Evilbunny's, see below.
I am using Armbian Stretch ( www.armbian.com) for the Rock64, and PiVPN ( www.pivpn.io).
I have a a case that has a fan so it runs pretty cool for me. I got my case from here: https://www.kksb-cases.us/
As TLLIM said, the Rock64 is the same size as the RPi, but i recommend that you get a Rock64 specific case since the connectors are slightly different.
Code: root@pihole:~# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 16437665 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 13192876 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6888083 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2453359 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 352688 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175202 aes-128-cbc's in 3.00s
OpenSSL 1.1.0l 10 Sep 2019
built on: reproducible build, date unspecified
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/aarch64-linux-gnu/engines-1.1\""
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 87667.55k 281448.02k 587783.08k 837413.21k 963073.37k 956836.52k
root@pihole:~#
12-02-2019, 01:35 AM
(This post was last modified: 12-02-2019, 01:41 AM by evilbunny.)
(12-01-2019, 05:41 AM)Talkabout Wrote: these numbers look amazing (compared to the PI4). What operating system are you using?
Ayufan's Debian Minimal
(12-01-2019, 04:57 PM)Talkabout Wrote: - NFS root (file system on nfs share) possible?
you still need an emmc/sdcard for boot etc, once that finishes you can do nfs root, this is an OS/software config thing
Quote:- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?
Raspbian is a debian fork, with arm there is no bios, hardware specific files get loaded at boot you need to use rock64 images.
Quote:- my PI rack has a fan, what temperatures are expected from the CPU on load?
Thermal limits start kicking in about 83C, I use a small fan and some small heatsinks on my r64's to stop them getting that high.
Thanks again guys!
This answers all my questions, I ordered a Rock64 and will give it a shot.
Bye
|
