SSL Offleading

[jnebrera]

Hi all,

Im wondering if OpenVPN supports SSL Offloading to crypto cards.

In particular we are interested in cards based on Cavium Networks CN1610, CN1615 or CN1620 chips.

Would this be valid in a virtualized environment (VMWare) too?

Very thankful in advance.

Regards

[janjust]

openvpn uses "plain" openssl to do its encryption; if you can find or build an openssl library that supports the Cavium chips then openvpn will make use of them as well, with the right settings ('--engine [name]' ).

I'd be interested to see if it works for you, as this part of openssl (and hence openvpn) tends to be tricky.

[vinoth]

Using crypto acceleration available in cavium octeon hardware with configuring the engine option, results in repeated "Authenticate/Decrypt packet error: bad packet ID" errors, after client connected to the openvpn server in this case.

The client connectivity, client ip assignment, client routes configuration seem to be working fine. Connecting to the internal network(or tun ip of the gw) from client results in the above error. Using the engine from openssl just works fine.
Time settings are synchronized between the server/client.

The same setup works fine with not using the engine option. Is there any known caveats in using the engine option in openvpn?

[perlish]

Hi man,did you solve your problem ?
I also want to use cavium to speed up the ssl vpn.