ROCK64 as VPN Gateway
#1
Hi guys,

I am searching a good VPN gateway board since some time. Currently I am using a Raspberry Pi 4 but am not really happy with the OpenVPN throughput (approx. 60 MBit/s, but 100 MBits/s connection). I guess this is related to the fact that the Raspberry does not have supported hardware acceleration for openssl/openvpn. I also tried some other boards (like an Odroid) but none of them provided a sufficient performance until now. I read about the ROCK64 and people are claiming that the crypto hardware is used by openssl, is this the case? What performance can I expect if using the board with OpenVPN? Maybe somebody already tested it and can provide some numbers?

Thanks in advance!

Bye
  Reply
#2
I have a Rock64 as my Pi-Hole box and it's also running PiVPN. I'm very happy with the performance. Don't have any real numbers, but it's pretty comparable to the commercial VPN I used previously.
  Reply
#3
Hi @jsfrederick ,

thanks for your answer!

Can you do me a favor and execute the following command on your Rock64:

Code:
:~ $ openssl speed -evp aes-128-cbc -elapsed


You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 11503672 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 3579215 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 967404 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 246825 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 30944 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 15543 aes-128-cbc's in 3.00s
OpenSSL 1.1.1c  28 May 2019
built on: Thu May 30 15:27:48 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-hL5TK7/openssl-1.1.1c=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      61352.92k    76356.59k    82551.81k    84249.60k    84497.75k    84885.50k


This should show how slow/fast the openssl performance is.

Bye
  Reply
#4
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k
  Reply
#5
(12-01-2019, 05:30 AM)evilbunny Wrote:
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k

Hi @evilbunny 

these numbers look amazing (compared to the PI4). What operating system are you using?

I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.

Thanks!

Bye
  Reply
#6
(12-01-2019, 05:41 AM)Talkabout Wrote:
(12-01-2019, 05:30 AM)evilbunny Wrote:
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k

Hi @evilbunny 

these numbers look amazing (compared to the PI4). What operating system are you using?

I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.

Thanks!

Bye
Rock64 same size as RPi3, the only different is the power connect (DC jack vs microUSB).
  Reply
#7
Ok, thanks guys, sound good!

some more points to confirm:

- NFS root (file system on nfs share) possible?
- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?
- my PI rack has a fan, what temperatures are expected from the CPU on load?

Thanks!
  Reply
#8
My numbers are just about the same as Evilbunny's, see below.

I am using Armbian Stretch (www.armbian.com) for the Rock64, and PiVPN (www.pivpn.io).

I have a a case that has a fan so it runs pretty cool for me.  I got my case from here: https://www.kksb-cases.us/

As TLLIM said, the Rock64 is the same size as the RPi, but i recommend that you get a Rock64 specific case since the connectors are slightly different.

Code:
[email protected]:~# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 16437665 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 13192876 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6888083 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2453359 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 352688 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175202 aes-128-cbc's in 3.00s
OpenSSL 1.1.0l  10 Sep 2019
built on: reproducible build, date unspecified
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/aarch64-linux-gnu/engines-1.1\""
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      87667.55k   281448.02k   587783.08k   837413.21k   963073.37k   956836.52k
[email protected]:~#
  Reply
#9
(12-01-2019, 05:41 AM)Talkabout Wrote: these numbers look amazing (compared to the PI4). What operating system are you using?

Ayufan's Debian Minimal

(12-01-2019, 04:57 PM)Talkabout Wrote: - NFS root (file system on nfs share) possible?

you still need an emmc/sdcard for boot etc, once that finishes you can do nfs root, this is an OS/software config thing

Quote:- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?

Raspbian is a debian fork, with arm there is no bios, hardware specific files get loaded at boot you need to use rock64 images.

Quote:- my PI rack has a fan, what temperatures are expected from the CPU on load?

Thermal limits start kicking in about 83C, I use a small fan and some small heatsinks on my r64's to stop them getting that high.
  Reply
#10
Thanks again guys!

This answers all my questions, I ordered a Rock64 and will give it a shot.

Bye
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Rock64 v2 Locking Up when Accessing External Storage theGAXman 2 82 01-14-2020, 05:44 AM
Last Post: tomarm
  rock64, compile problems "illegal instruction", "memory fault" -> ddr_333Mhz? hunderteins 6 573 01-14-2020, 05:36 AM
Last Post: tomarm
  Rock64 problems with external Hard Drive and powering mjd 1 102 12-14-2019, 10:05 AM
Last Post: helsinki92
  Rock64 Long Term stability ramprasad 1 115 12-09-2019, 04:34 PM
Last Post: evilbunny
  Selling Rock64's dugalbug 6 388 10-19-2019, 12:12 PM
Last Post: dugalbug
Exclamation Rock64 v2 freeze help! JuanDTM 5 289 10-16-2019, 06:37 PM
Last Post: Rocklobster
  Rock64 for video surveillance martinschm 6 519 09-19-2019, 01:56 AM
Last Post: Jozek
  ROCK64 not booting TheGiolly 10 592 09-09-2019, 06:57 AM
Last Post: Rocklobster
  Rock64 v3 - POE P1V 3 709 08-18-2019, 05:51 AM
Last Post: mcerveny
  Rock64 board seems defective, how to confirm? Josk 1 216 08-15-2019, 08:24 PM
Last Post: tllim

Forum Jump:


Users browsing this thread: 1 Guest(s)