ROCK64 as VPN Gateway
#11
Hi guys,

today I received my Rock64 and of course immediately set it up to do some tests. Openssl now performes way better as visible here:

Code:
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 16712860 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 13207655 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 6899270 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2457687 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 353153 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 16384 size blocks: 178379 aes-128-cbc's in 3.00s
OpenSSL 1.1.0l  10 Sep 2019
built on: reproducible build, date unspecified
options:bn(64,64) rc4(char) des(int) aes(partial) blowfish(ptr)
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/aarch64-linux-gnu/engines-1.1\""
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
aes-128-cbc      89135.25k   281763.31k   588737.71k   838890.50k   964343.13k   974187.18k

but openvpn performance is still slower than on Raspberry Pi4:

Rock64
Code:
[email protected]:~$ sudo openvpn --genkey --secret /tmp/secret
[email protected]:~$ sudo time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
Tue Dec  3 10:51:06 2019 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
15.94user 0.00system 0:15.95elapsed 99%CPU (0avgtext+0avgdata 5340maxresident)k
0inputs+0outputs (0major+318minor)pagefaults 0swaps

RPI4
Code:
[email protected]:/etc/openvpn $ sudo openvpn --genkey --secret /tmp/secret
[email protected]:/etc/openvpn $ sudo time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
Tue Dec  3 11:52:11 2019 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
12.69user 0.04system 0:12.76elapsed 99%CPU (0avgtext+0avgdata 5300maxresident)k
0inputs+0outputs (0major+287minor)pagefaults 0swaps

As you can see the Raspberry takes 12,76s to perform the test, whereas the Rock64 needs 15,95s. Based on the explanation in this thread

https://airvpn.org/forums/topic/18322-ho...hroughput/

it means, that still the Rock64 is slower. Is openvpn taking advantage of the hardware acceleration of Rock64? Any other explanation?

Thanks!
  Reply
#12
are you running aarch64 userland? and is your openvpn built to use armv8 crypto extensions?
Come have a chat in the Pine A64 IRC channel >>
  Reply
#13
(12-03-2019, 05:13 PM)xalius Wrote: are you running aarch64 userland? and is your openvpn built to use armv8 crypto extensions?

Hi @xalius ,

I am using Ayufan's Debian Minimal which should be aarch64. I have not rebuild openvpn as I was assuming that it is not necessary. Do you know what settings need to be changed when building openvpn to enable these extensions?

Thanks!

Bye
  Reply
#14
Hi all,

the problem might be that openvpn is using different libraries than openssl:

Code:
[email protected]:~$ ldd /usr/sbin/openvpn
       linux-vdso.so.1 (0x0000007f90289000)
       libnsl.so.1 => /lib/aarch64-linux-gnu/libnsl.so.1 (0x0000007f9017c000)
       libresolv.so.2 => /lib/aarch64-linux-gnu/libresolv.so.2 (0x0000007f90157000)
       liblzo2.so.2 => /lib/aarch64-linux-gnu/liblzo2.so.2 (0x0000007f9012a000)
       liblz4.so.1 => /usr/lib/aarch64-linux-gnu/liblz4.so.1 (0x0000007f9010b000)
       libpthread.so.0 => /lib/aarch64-linux-gnu/libpthread.so.0 (0x0000007f900df000)
       libpkcs11-helper.so.1 => /usr/lib/aarch64-linux-gnu/libpkcs11-helper.so.1 (0x0000007f900b4000)
       libcrypto.so.1.0.2 => /usr/lib/aarch64-linux-gnu/libcrypto.so.1.0.2 (0x0000007f8fef1000)
       libssl.so.1.0.2 => /usr/lib/aarch64-linux-gnu/libssl.so.1.0.2 (0x0000007f8fe88000)
       libsystemd.so.0 => /lib/aarch64-linux-gnu/libsystemd.so.0 (0x0000007f8fdf6000)
       libdl.so.2 => /lib/aarch64-linux-gnu/libdl.so.2 (0x0000007f8fde3000)
       libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000007f8fc99000)
       /lib/ld-linux-aarch64.so.1 (0x0000007f9025f000)
       libselinux.so.1 => /lib/aarch64-linux-gnu/libselinux.so.1 (0x0000007f8fc65000)
       librt.so.1 => /lib/aarch64-linux-gnu/librt.so.1 (0x0000007f8fc4e000)
       liblzma.so.5 => /lib/aarch64-linux-gnu/liblzma.so.5 (0x0000007f8fc1d000)
       libgcrypt.so.20 => /lib/aarch64-linux-gnu/libgcrypt.so.20 (0x0000007f8fb69000)
       libpcre.so.3 => /lib/aarch64-linux-gnu/libpcre.so.3 (0x0000007f8faf6000)
       libgpg-error.so.0 => /lib/aarch64-linux-gnu/libgpg-error.so.0 (0x0000007f8fad5000)
[email protected]:~$ ldd /usr/bin/openssl
       linux-vdso.so.1 (0x0000007f9b0d2000)
       libssl.so.1.1 => /usr/lib/aarch64-linux-gnu/libssl.so.1.1 (0x0000007f9af94000)
       libcrypto.so.1.1 => /usr/lib/aarch64-linux-gnu/libcrypto.so.1.1 (0x0000007f9ad7e000)
       libdl.so.2 => /lib/aarch64-linux-gnu/libdl.so.2 (0x0000007f9ad6b000)
       libpthread.so.0 => /lib/aarch64-linux-gnu/libpthread.so.0 (0x0000007f9ad3f000)
       libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000007f9abf5000)
       /lib/ld-linux-aarch64.so.1 (0x0000007f9b0a8000)

OpenVPN is using libssl.so 1.0.2 and OpenSSL is using libssl.so 1.1, can this be an issue? Anybody knows how to make OpenVPN using the hardware crypto modules of Rock64?

Thanks!


Bye
  Reply
#15
Hi guys,

good news, the problem seems to be Debian Stretch. I have installed Armbian based on Buster and now the timing is far below RPI:

Code:
[email protected]:~# openvpn --genkey --secret /tmp/secret
[email protected]:~# time openvpn --test-crypto --secret /tmp/secret --verb 0 --tun-mtu 20000 --cipher aes-256-cbc
Wed Dec  4 21:23:21 2019 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode

real    0m4.937s
user    0m4.891s
sys     0m0.046s

This means, in theory, that the Rock64 is able to process 600 Mbit/s. That is what I was expecting. So for everybody who needs performance with OpenVPN, use Debian Buster (with OpenSSL 1.1).

Bye
  Reply
#16
Hi all,

now all the tests run just fine but I am only able to get a speed of approx. 24 MBit/s when transferring large files. With my RPI I reach 64 MBit/s (for same URL). One reason could be that the Rock64 is using "only" 25% of a CPU core when a large download is started (via CURL), while the RPI is using one core with 100%. Configuration changes with "nice" are not making any difference. Also I have not found any other parameter that could help here. Any idea?

Thanks!

Bye
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Rock64 Long Term stability ramprasad 1 46 Yesterday, 04:34 PM
Last Post: evilbunny
  Selling Rock64's dugalbug 6 332 10-19-2019, 12:12 PM
Last Post: dugalbug
Exclamation Rock64 v2 freeze help! JuanDTM 5 244 10-16-2019, 06:37 PM
Last Post: Rocklobster
  Rock64 for video surveillance martinschm 6 471 09-19-2019, 01:56 AM
Last Post: Jozek
  ROCK64 not booting TheGiolly 10 489 09-09-2019, 06:57 AM
Last Post: Rocklobster
  Rock64 v3 - POE P1V 3 621 08-18-2019, 05:51 AM
Last Post: mcerveny
  Rock64 board seems defective, how to confirm? Josk 1 185 08-15-2019, 08:24 PM
Last Post: tllim
  Purchase Rock64 V3? richardk 6 719 08-03-2019, 12:56 PM
Last Post: mcerveny
  Rock64 running OMV, how to setup RTL8812AU WiFi? electrosam 2 226 07-16-2019, 04:03 PM
Last Post: ayufan
  Rock64 random freezes BTB 3 338 07-01-2019, 10:17 AM
Last Post: Luke

Forum Jump:


Users browsing this thread: 1 Guest(s)