openvpn использует openssl для шифрования, последние версии поддерживают aes-ni.
Код:
:~$ grep "model name" /proc/cpuinfo | head -1
model name : Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
:~$ grep aes /proc/cpuinfo | head -1
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm ida arat xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid
:~$ openssl speed aes-256-cbc
Doing aes-256 cbc for 3s on 16 size blocks: 17942272 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 64 size blocks: 4822327 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 256 size blocks: 1223060 aes-256 cbc's in 2.99s
Doing aes-256 cbc for 3s on 1024 size blocks: 307521 aes-256 cbc's in 3.00s
Doing aes-256 cbc for 3s on 8192 size blocks: 38569 aes-256 cbc's in 3.00s
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Oct 15 17:46:51 UTC 2014
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256 cbc 95692.12k 102876.31k 104716.84k 104967.17k 105319.08k
:~$ openssl speed -evp aes-256-cbc
Doing aes-256-cbc for 3s on 16 size blocks: 92453096 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 64 size blocks: 24293335 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 256 size blocks: 6160578 aes-256-cbc's in 2.99s
Doing aes-256-cbc for 3s on 1024 size blocks: 1544089 aes-256-cbc's in 3.00s
Doing aes-256-cbc for 3s on 8192 size blocks: 193280 aes-256-cbc's in 3.00s
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Oct 15 17:46:51 UTC 2014
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 493083.18k 518257.81k 527460.86k 527049.05k 527783.25k
5-кратная разница, как видите.
Там есть инфа по тюнингу в тч и для использования aes-ni:
https://community.openvpn.net/openvp...Networks_Linux