OpenVPN with Ubuntu and Via's Padlock Technology
Why?
I've been using OpenVPN for gaming. I have heard of Hamachi, but open source tastes better.
I wanted to have an OpenVPN client running 24/7, so I tried running it on a low-power laptop. This led to unacceptable latency and disconnects. The encryption load was just too much.
Having a powerful desktop running would solve that, but running costs build up all too fast.
What?
Via produce processors with low power consumption and hardware acceleration for encryption with their Padlock system.
After quite a lot of searching for a cheap Via machine, I found this on eBay. It's got a Via C7 processor (all of which have Padlock), and it turns out to use less than 30W even on peak load.
How?
I replaced the 1GB Compact Flash card with an 8GB one, then installed Ubuntu Server 12.4.1 via a USB stick. (Choosing to install the OpenSSH server).
I had found plenty of sources telling me to check which engines were available. However, when I tried, all I got was:
> openssl engine
(dynamic) Dynamic engine loading support
Which I thought was a problem (I was expecting the Padlock engine to show up).
However, if you used the command:
> openssl engine padlock
(padlock) CIA PadLock (no-RNG, ACE)
You can see that padlock is actually there. (You'd get a bunch of errors with a 'could not load the shared library...' if it wasn't).
You can check the speed with and without the padlock engine using these two commands:
openssl speed -evp aes-128-ecb -engine padlock
openssl speed -evp aes-128-ecb
This showed vastly more bytes processed with the padlock engine (top line) than with software (bottom line).
So then it came to setting padlock as the default engine...
I found the instructions on this page worked for me. Basically, you have to add:
openssl_conf = openssl_def
[openssl_def] engines = openssl_engines
[openssl_engines] padlock = padlock_engine
[padlock_engine] default_algorithms = ALL
to your openssl.cnf (before any [blah] sections).
Happy gaming!
I've been using OpenVPN for gaming. I have heard of Hamachi, but open source tastes better.
I wanted to have an OpenVPN client running 24/7, so I tried running it on a low-power laptop. This led to unacceptable latency and disconnects. The encryption load was just too much.
Having a powerful desktop running would solve that, but running costs build up all too fast.
What?
Via produce processors with low power consumption and hardware acceleration for encryption with their Padlock system.
After quite a lot of searching for a cheap Via machine, I found this on eBay. It's got a Via C7 processor (all of which have Padlock), and it turns out to use less than 30W even on peak load.
How?
I replaced the 1GB Compact Flash card with an 8GB one, then installed Ubuntu Server 12.4.1 via a USB stick. (Choosing to install the OpenSSH server).
I had found plenty of sources telling me to check which engines were available. However, when I tried, all I got was:
> openssl engine
(dynamic) Dynamic engine loading support
Which I thought was a problem (I was expecting the Padlock engine to show up).
However, if you used the command:
> openssl engine padlock
(padlock) CIA PadLock (no-RNG, ACE)
You can see that padlock is actually there. (You'd get a bunch of errors with a 'could not load the shared library...' if it wasn't).
You can check the speed with and without the padlock engine using these two commands:
openssl speed -evp aes-128-ecb -engine padlock
openssl speed -evp aes-128-ecb
This showed vastly more bytes processed with the padlock engine (top line) than with software (bottom line).
So then it came to setting padlock as the default engine...
I found the instructions on this page worked for me. Basically, you have to add:
openssl_conf = openssl_def
[openssl_def] engines = openssl_engines
[openssl_engines] padlock = padlock_engine
[padlock_engine] default_algorithms = ALL
to your openssl.cnf (before any [blah] sections).
Happy gaming!
Comments
Post a Comment