ROCK64 as VPN Gateway
#1
Hi guys,

I am searching a good VPN gateway board since some time. Currently I am using a Raspberry Pi 4 but am not really happy with the OpenVPN throughput (approx. 60 MBit/s, but 100 MBits/s connection). I guess this is related to the fact that the Raspberry does not have supported hardware acceleration for openssl/openvpn. I also tried some other boards (like an Odroid) but none of them provided a sufficient performance until now. I read about the ROCK64 and people are claiming that the crypto hardware is used by openssl, is this the case? What performance can I expect if using the board with OpenVPN? Maybe somebody already tested it and can provide some numbers?

Thanks in advance!

Bye
  Reply
#2
I have a Rock64 as my Pi-Hole box and it's also running PiVPN. I'm very happy with the performance. Don't have any real numbers, but it's pretty comparable to the commercial VPN I used previously.
  Reply
#3
Hi @jsfrederick ,

thanks for your answer!

Can you do me a favor and execute the following command on your Rock64:

Code:
:~ $ openssl speed -evp aes-128-cbc -elapsed


You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 11503672 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 3579215 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 967404 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 246825 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 30944 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 15543 aes-128-cbc's in 3.00s
OpenSSL 1.1.1c  28 May 2019
built on: Thu May 30 15:27:48 2019 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-hL5TK7/openssl-1.1.1c=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      61352.92k    76356.59k    82551.81k    84249.60k    84497.75k    84885.50k


This should show how slow/fast the openssl performance is.

Bye
  Reply
#4
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k
  Reply
#5
(12-01-2019, 05:30 AM)evilbunny Wrote:
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k

Hi @evilbunny 

these numbers look amazing (compared to the PI4). What operating system are you using?

I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.

Thanks!

Bye
  Reply
#6
(12-01-2019, 05:41 AM)Talkabout Wrote:
(12-01-2019, 05:30 AM)evilbunny Wrote:
Code:
Rock64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 15650249 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 12464649 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6646786 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2423452 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 348775 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175497 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      83467.99k   265912.51k   567192.41k   827204.95k   952388.27k   958447.62k

Code:
RockPro64:

# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 66070573 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 40764719 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 14919383 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 4125855 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 545375 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 274066 aes-128-cbc's in 3.00s
OpenSSL 1.1.1d  10 Sep 2019
built on: Sat Oct 12 19:56:43 2019 UTC
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-H2OJIf/openssl-1.1.1d=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc     352376.39k   869647.34k  1273120.68k  1408291.84k  1489237.33k  1496765.78k

Hi @evilbunny 

these numbers look amazing (compared to the PI4). What operating system are you using?

I think that the Rock64 could be the solution for my performance problems... Am I correct that the size of the Rock64 is equal to the size of the RPI4? I have a small Rack for my PIs I would like to mount the Rock64 there.

Thanks!

Bye
Rock64 same size as RPi3, the only different is the power connect (DC jack vs microUSB).
  Reply
#7
Ok, thanks guys, sound good!

some more points to confirm:

- NFS root (file system on nfs share) possible?
- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?
- my PI rack has a fan, what temperatures are expected from the CPU on load?

Thanks!
  Reply
#8
My numbers are just about the same as Evilbunny's, see below.

I am using Armbian Stretch (www.armbian.com) for the Rock64, and PiVPN (www.pivpn.io).

I have a a case that has a fan so it runs pretty cool for me.  I got my case from here: https://www.kksb-cases.us/

As TLLIM said, the Rock64 is the same size as the RPi, but i recommend that you get a Rock64 specific case since the connectors are slightly different.

Code:
[email protected]:~# openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 16437665 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 13192876 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6888083 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2453359 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 352688 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 175202 aes-128-cbc's in 3.00s
OpenSSL 1.1.0l  10 Sep 2019
built on: reproducible build, date unspecified
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/aarch64-linux-gnu/engines-1.1\""
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      87667.55k   281448.02k   587783.08k   837413.21k   963073.37k   956836.52k
[email protected]:~#
  Reply
#9
(12-01-2019, 05:41 AM)Talkabout Wrote: these numbers look amazing (compared to the PI4). What operating system are you using?

Ayufan's Debian Minimal

(12-01-2019, 04:57 PM)Talkabout Wrote: - NFS root (file system on nfs share) possible?

you still need an emmc/sdcard for boot etc, once that finishes you can do nfs root, this is an OS/software config thing

Quote:- is Debian a recommended distro to use? I am using Raspbian on my other PIs, is it compatible with Rock64 also?

Raspbian is a debian fork, with arm there is no bios, hardware specific files get loaded at boot you need to use rock64 images.

Quote:- my PI rack has a fan, what temperatures are expected from the CPU on load?

Thermal limits start kicking in about 83C, I use a small fan and some small heatsinks on my r64's to stop them getting that high.
  Reply
#10
Thanks again guys!

This answers all my questions, I ordered a Rock64 and will give it a shot.

Bye
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Rock64 random freezes BTB 4 520 Yesterday, 08:35 AM
Last Post: rotavio
Photo ROCK64 v3 4GB DDR board memory chip number Johannes 2 122 Yesterday, 04:29 AM
Last Post: Johannes
Big Grin Rock64 as a retro-gaming console: early impressions Luke 52 26,124 03-22-2020, 03:02 PM
Last Post: Labo
  Disable Auto Power On Rock64 willowen100 4 155 03-11-2020, 08:24 AM
Last Post: Rocklobster
  Rock64 running OMV, how to setup RTL8812AU WiFi? electrosam 3 403 02-21-2020, 01:49 AM
Last Post: bigtreeman
  rock64 only works with 546 MB bionic-minimal-rock64-0.6.40-226-arm64 danjperron 2 186 02-17-2020, 01:37 PM
Last Post: danjperron
  Rock64 v3 and SD-Cards Humberg 12 4,483 02-01-2020, 09:16 PM
Last Post: Leapo
  Rock64 v2 Locking Up when Accessing External Storage theGAXman 2 173 01-14-2020, 05:44 AM
Last Post: tomarm
  rock64, compile problems "illegal instruction", "memory fault" -> ddr_333Mhz? hunderteins 6 746 01-14-2020, 05:36 AM
Last Post: tomarm
  Rock64 problems with external Hard Drive and powering mjd 1 182 12-14-2019, 10:05 AM
Last Post: helsinki92

Forum Jump:


Users browsing this thread: 1 Guest(s)