AES-NI Support for OpenVPN Windows Server 2008?

[gizamo]

Hi people, Im new to the forum, not sure if I actually posted this in the right subforum, forgive me if its not.
Anyway, right now Im a student trying to get OpenVPN to work with AES-NI on a Windows Server 2008 platform as a project. I know it requires patches but Im not sure as to where to obtain them, think I am googling the wrong keywords out but can't seem to get them right. Please help! Thanks so much in advance!

P.S. Anyone know if I can get OpenVPN to run with IPSec with them reading off two different NICs on a single machine?

[janjust]

I have not seen any OpenSSL patches for AESNI support on windows thus far; this is what is required to get OpenVPN to support AES-NI as well.
Google for 'openssl windows aes-ni' to see if you can a kind soul who has rebuilt OpenSSL on windows using the patch.

Yes it is possible to run openvpn and ipsec side-by-side, but they will never talk to each other, of course.

[gizamo]

Thanks so much for the speedy reply! I understand the windows problem, will look into it. The current AES-NI OpenSSL patch only affects linux? Also, I'm very new to VPN, so I don't understand all the jargon featured in the patch logs. Can anyone very roughly describe how the patch allows OpenSSL to run AES-NI? Thanks!

[janjust]

Intel published an OpenSSL patch to support AES-NI on linux, and they published a patch to support it on Windows using the CryptoServices; I have yet to see if the OpenSSL patch also works when compiling OpenSSL on Windows.

If OpenSSL supports AES-NI (you can find out using 'openssl speed -evp aes-256-cbc') then you can make use of this patch in OpenVPN using

Code: Select all

engine aesni

I can confirm that this work on Linux.