Hacker News new | past | comments | ask | show | jobs | submit login
PfSense 2.5 and AES-NI (netgate.com)
45 points by sashk on May 1, 2017 | hide | past | favorite | 78 comments

This is quite obviously an attempt to cut out the flood of cheap embedded PCs which are ideal for pfSense and steer more sales to their own hardware. Systems such as "The vault" sold by protectli.com are completely adequate for the home network (I am capable of pushing > 100Mbit/s over OpenVPN at ~35% CPU). These run older celeron processors and are dirt cheap.


1) The post implies this restriction will only be for the community (free) edition. "pfSense Community Edition version 2.5 will include a requirement that the CPU supports AES-NI"

2) There is zero reason to require AES-NI, as running with a software fallback will simply yield lower performance. Taking this option away makes no sense unless you want to encourage those who don't pay for software support to buy your hardware, while those already paying for support are free to use their existing gear.

Well, if you care about security AES-NI allegedly prevents a side channel attack.

Are you referring to timing attacks or something even more subtle?

Timing, data cache, BTB, you name it: doing software AES exposes you to All The Side Channels, and AES is somewhat notoriously hard to implement safely in software compared to other software-profile ciphers. This is the big selling point for ChaPoly.

Most/all software implementations of AES had various side channels in the past. Considering AES-GCM, as far as I'm aware no software implementation is considered "safe". Some libraries do not support AES-GCM without hardware instructions that make it safe (e.g. libsodium choose that way).

This is mainly due to AES relying heavily on substitution boxes, i.e. small arrays that are indexed with secrets, which is easy to implement safely in hardware, but difficult in software that runs on a processor with caches and such.

In the GCM case, it's also because the polynomial hash in GHASH wants fast polynomial multiplication, which PCLMULQDQ provides, and which you want (unsafe) lookup tables for otherwise.

Wouldn't a bit-sliced implementation of AES be guaranteed constant time, at the cost of some speed?

As long as you keep the keys not in HSM, that'll be true. Should also require the use of TPM for storing keys..

No, this isn't valid reasoning.

TL, DR: If you are building a pfSense box with an x86 chip made in the past ~7 years [1], stop reading and carry on.

Those of you on a power budget, and want e.g. VPN support at closer to wire speeds, you're being advised to select a CPU with AES-NI to get hardware crypto offload. It's great we have software crypto in the first place, but under load it's likely to put a cap on your max throughput.

Kudos to pfSense/Netgate announcing this ahead of time.

[1] https://en.wikipedia.org/wiki/AES_instruction_set#Supporting...

AMD has shipped AES-NI in every processor family starting with Bulldozer in 2011.

Intel started in 2010 with Westmere, but kept it out of the lower-end models like Pentium, Celeron, and i3 for several generations. Only since Skylake (2015) is it included in every model produced from a supporting architecture. At least for Intel processors, the generalization above, absent other disclaimers, does not apply.

Actual lookup tables are linked in other posts like this one [1].

[1] https://news.ycombinator.com/item?id=14240007

The immediate predecessor to the Netgate SG-2220 ( I forget the Model, but it was based off of the the PC Engines apu1d [1]) does not support AES-NI. It has the AMD G series T40E, which is based off of the Bobcat architecture [2] [3]). I use pfsense as a home router, and while I am very happy with it, I will be forced to upgrade that hardware, and I do not use any feature sets that require the use of AES-NI.

In addition, the Netgate SG-2220 uses an Atom C2338, which was susceptible to the LPC bus failure [4] [5]. So as of right now, I would also be extremely hesitant to purchase the Netgate SG-2220 without some sort of assurance that the router I got is not affected by it.

[1] https://pcengines.ch/apu1d4.htm

[2] https://en.wikipedia.org/wiki/List_of_AMD_accelerated_proces...

[3] https://en.wikipedia.org/wiki/Bobcat_(microarchitecture)

[4] https://www.netgate.com/products/sg-2220.html

[5] http://www.anandtech.com/show/11110/semi-critical-intel-atom...

EDIT: Interestingly enough, someone from Netgate said that the PC Engines APU is unaffected: https://www.reddit.com/r/PFSENSE/comments/68nd6y/pfsense_25_... EDIT2: Seems they edited that, the APU1d won't be compatible.

Not Bobcat, unfortunately - which is what's in the PC Engines APUv1.

The Celeron J1900 (released 2013) does not support AES-NI. It's popular in low-powered mini PC devices, many of which come preinstalled with pfSense when purchased from Aliexpress.

Ditto for the Celeron 3215U, which is used in some newer devices along the same lines.

Close. Sadly the Celeron I bought that came out in 2011 doesn't support this.


Do newer, but still cheap CPU's work with AES-NI?

What is your definition of cheap? Don't rule out ARM based solutions.

^- While cheap toy SoCs like those found in SBCs do (all?) have NEON, which includes hardware acceleration for SHA1/2 and AES, don't assume good performance. A x86 desktop core is faster in software than those SoCs with hardware.

However, the poor I/O capabilities of most/all toy SoCs rule use as a high-bandwidth router out; you can't do Gigabit routing with just one built-in MAC and the other connected to a USB 2.0 port or somesuch.

The expressobin board has 3 NICs, runs a dual-core Marvell 3700, which is ARMv8, and has a crypto-offload on the SoC.

It sells for $49 on Amazon. https://www.amazon.com/dp/B06Y3V2FBK

AES-GCM runs quite well on ARMv8:


That's an interesting board, but it still only has one Ethernet interface, plus an on-board switch.

It has two, actually. I'm looking at the 3700 and some of the NXP CPUs for a 2018 "microfirewall".

We have a 3 port ARM board (one port has a switch on it) being announced on Thursday.

The device has 3 ethernet interfaces - one directly connected to the SoC, and the other two via an onboard switch.

That's not at all what the board's block diagram [0] depicts, but apparently they don't care to make that accurate. While the photographs do make it clear that there are three Ethernet ports, it's wrong to say that there are three Ethernet interfaces; the SoC only supports two and it's misleading to count the extra switched ports as extra interfaces because they do not even have the theoretical possibility of contributing to better routing capabilities.

[0] http://espressobin.net/wp-content/uploads/2017/01/ESPRESSObi...

Well, to get 2.5 running I am going to have to build another box. I'll need a CPU and motherboard. Possibly RAM. I'd like to find that for under $300. Under $150 would be more ideal.

I'm certainly not ruling anything out. I simply want to be able to get a working PFSense instance up and running.

PCengines APU2 has an AMD CPU with AES-NI, http://www.pcengines.ch/apu2c4.htm

It's usually not even worth the cost of electricity to keep running hardware that old. Upgrading to modern power efficient hardware pays for itself pretty quickly with lower electrical bills.

Lots of bans going on over at /r/pfsense where users are asking straightforward questions and the staff are just banning them. Read the edits made to the posts there crazy....

Seeming more and more like this is a cash grab thing to get people to upgrade to their hardware.

You were banned because you violated rules. You were incredibly rude and then even threatened us. If that wasn't enough you attempted to start a brand new drama thread. "Cash grab thing" assertion proves we were right to ban you.

You've just gone and accused Gamblore of being someone who they aren't.

You told me to "Chill for 30 days". Maybe you need to chill instead of damaging your brand by lashing out at people?

I think it's you who don't know who Gamblore is.

Gamblore can't be i_mormon_stuff, since i_mormon_stuff also has an account here under the same name and posted in this same thread.

Was there a third user you banned?

Nope, just you and i_mormon_stuff. I still think it's him, but lets see if he ever responds.

when you start a riot with your users you may get very paranoid like this guy.

Apologies, considering your exaggerated remark "lot's of bans going on" I assumed you were one of two (and only two) persons banned.

Isn't a linux headless box a great alternative to pfsense for non-commercial use? The problem here seems to be that home users now have to shell out more.

If you're going to use OpenVPN and other common software, why not just move to linux side of things? It seems that for home use you wouldn't need any enterprise grade software which I feel is the big advantage of pfSense. Sure pf is great but iptables isn't terrible either.

I find that the BSDs are becoming increasingly reluctant to any change that goes against their principles which I sometimes find a tad misplaced.

  > I find that the BSDs are becoming increasingly reluctant to  
  > any change that goes against their principles which I  
  > sometimes find a tad misplaced.
This seems a bit uncharitable. pfsense is an open source firewall product, made/released by a company that sells support and services. I wouldn't call it "one of the BSDs" any more than I would call say.. Sophos Firewall or Smoothwall as linux distributions.

Running a properly configured, headless linux box as a firewall would indeed be a fine choice for those technically capable, similarly so would a FreeBSD or OpenBSD install.

I'm not calling it one of the BSDs, but you still have to consider who's running the show. The FreeBSD part behind pfSense is as important as the Debian beind VyOS (although I'm not suggesting VyOS here).

If things are completely same from a management/security perspective, then I'd be wrong but it does make a difference when it comes to management, updates, and compatibility etc.

Your definition of technically capable is a bit vague. What can a technically capable user do? It can vary from barely being able to use the cli and minimal understanding of basic networking, to being able to compile/tune the kernel by themselves and write drivers in case they are missing.

I have to say, the way that the pfense team is handling it, and the moderators over on reddit, while I had been considering using it, I think I'll use ubiquiti when I upgrade the network

The angry pfSense team member just went through and deleted/removed all the comments involved in the thread he was arguing in.

After being a pfsense user for many years, I migrated to ubiquiti edgerouter a year or so ago. It has been great!

Sounds like a move to sell more hardware. My pfsense barely does any crypto. This will push me over to openbsd.

If this was a move to sell more hardware, why wouldn't we make the decision for 2.4 (which is imminent) rather than 2.5, which is based on FreeBSD 12, when 12.0R isn't even scheduled?

I don't know. What is your reasoning? I don't really understand why you'd want to force people to upgrade HW when they don't need to.

There is a difference between a design decision reasonable people can disagree, even forcefully, about, and a design decision that is actually a deceptive attempt to get people to buy new hardware.

They spelled out the reasoning in the post:

“in order to support the increased cryptographic loads that we see as part of pfSense verison 2.5, pfSense Community Edition version 2.5 will include a requirement that the CPU supports AES-NI”

You may disagree with that but it's intellectually dishonest to argue as if they didn't provide clear, technically defensible rationale, especially at a time when much of the industry has been moving to hardware offload.

Wait, your argument is that isn't a way to sell more hardware is that you will do it later, not now?

If we only allowed people to load pfSense on hw that we sell,or have sold, you would have a point.

Since we don't even attempt same, my point stands.

That point no makes sense as this decision cuts out a lot of the cheaper hardware people ran pfSense on previously so when they look at their options now your own lower priced stuff becomes more attractive and oh yes it has AES-NI and is fully compatible.

This really feels like a long con to get people to upgrade their hardware to a pfSense unit.

Indeed, AES-NI is very rare. Few computers if any have it.

Edit: /s ... ?!

> Edit: /s ... ?!

Why are you surprised? If you are trying to make a point that AES-NI is common, just say so. Trying to do so by saying the opposite and expecting people will pick up on the sarcasm through a pure text medium without necessarily sharing the same knowledge to know whether that statement is true or not just adds confusion to the conversation.

The point itself is useful, but the manner in which you expressed it emphasizes the delivery over the content, to the degree the content is sometimes obscured.

Why do you say that? According to [1], AES-NI is not that rare.

[1] https://en.wikipedia.org/wiki/AES_instruction_set

I might be mistaken, but I thought it was in every non pentium/celeron/atom chip after 2010 and every chip after 2015 with some extensions.

My desktop and laptop have them and they're mid-high end but not upper high end.

If I had to guess, I'd say Netgate is working on an SD-WAN service of sorts. Many players in this market are displacing the edge firewall, and offering a built-in service of their own or in partnership with a third-party might be a smart move.

What if we just added and SD-WAN implementation to pfSense?

I see pfSense playing two possible roles the SD-WAN. The first is customer-centric, and will allow pfSense edge devices to connect to a third-party SD-WAN service or one provided by Netgate itself. The other is vendor-centric, and will allow SD-WAN vendors to use pfSense for their Point-of-Presence software when building the geographically distributed network for SD-WAN traffic optimization.

Both are smart strategies and well within your core competency. As long as you're not building your own SD-WAN service you're golden.

> As long as you're not building your own SD-WAN service you're golden.

Thanks! Running our own SD-WAN service seems a lot like opening a cute little coffee shop: A fine way to spend a lot of money with no result.

There is a third option, which is also customer-centric: Allow the customer to run their own SD-WAN.

I look after a pfsense box for a school on a 9 year old E2200 that is obsolete by this.

On one hand I cannot complain because the server is 9 years old and lasted well, but on the other hand, why not an option for those just needing a packet filter to bypass this?

Am I missing something?

This is a real shame. I am going to have to find a different solution, as it turns out that pfSense is one of those projects that happily moves on without you, and I just can't understand why.

My Atom board has been perfect, but there is no hardware upgrade option.

I guess I'll have to find another project. And, yes, I used to recommend this project to everyone I know, even donated. Oh, well.

A further attempt at explanation. I'll probably clean this up and write another blog post.


This may be a good time to try a new relative open source product. OPNSense is a fork of PFSense with some philosophical and practical differences. Here are some notes on what and why https://docs.opnsense.org/fork/thefork.html

I'd recommend people take a look at VyOS[1] as well. It's a great router distribution, which comes with a lot of batteries included to do many, many things.

I guess I might still use pfSense when I need a _firewall_. I'd immediately grab VyOS whenever I need a router. Both can do routing and firewalling, though.

[1]: https://wiki.vyos.net/wiki/Main_Page

Oh yes, OPNsense. Those sure are some philosophical and practical differences. Differences as in:

- code theft - copyright abuse - attempt to steal pfSense trademark in Europe - toxic project members who publicly attack anyone who dares to point out issues (including assault on all major pfSense developers). - hiding serious vulnerabilities - downplaying serious vulnerabilities

Oh yes, that's a very different project. I documented most of it here https://www.reddit.com/r/OPNscam/

I think it would be healthy for you to 1) read about what copyright actually is and 2) read about what various licenses permit. There seems to be a disconnect between what is actually occurring and your understanding (and subsequent nerd-rage).

I have read your comments, visited your linked website. I think you may have some points.. To be clear I am testing OPNSense now for the first time. I thought their license is Apache. I will consider your points during my testing. I will also continue reading your posts on reddit and compare it to testing and repository data. Thank you for your comment, though somewhat harsh.

Are you saying that OPNsense doesn't care about AES side-channel attacks?

Would you please elaborate.

I was just banned from the pfSense subreddit for arguing about this change. https://i.imgur.com/1051KOl.png

My comments are visible here: https://i.imgur.com/8oZVSJO.png

Lovely. Due to this behaviour by pfSense employees I no longer want to use pfSense. Had no issues with the software and was considering purchasing their hardware.

Not any more.

archived view of the thread: https://archive.fo/pBoAY

I have no idea what happened let alone who was at fault, but please let's not repeat the drama here.

We detached this subthread from https://news.ycombinator.com/item?id=14240207 and marked it off-topic.

I shouldn't have brought this discussion here. I was angry after being banned (in my opinion for asking a legitimate question) and did try to spread the drama. That wasn't the right thing to do.

I was also banned from the pfsense subreddit for same reason.


Their employees are major tripping. I asked them a simple question, why do we need AES-NI hardware crypto if we don't use VPN's or anything that uses AES? And he refused to answer then banned.

Honestly I do not want to use it anymore and I shant be recommending it anymore to anyone.

No, you were incredibly rude to use and that's why you were banned. I suggest you share full screenshots if you're going to create drama.

At this point my advice would be for you guys to just leave it be. Stand up and walk away from the computer and go watch a movie for the night. You've made your call on this issue, you have unspecified "plans" and unless you care to reveal them or you care to change your stance on this issue there's nothing more to say or do here. You just need to let the anger blow over.

You don't gain anything by further antagonizing users at this point. And from your stance here - you don't actually want these people as users, correct? Essentially you've decided that these users are so-called "devil customers" - they're not profitable and you want them out of your clientele.

That's why you're essentially hardforking away from their hardware. So their opinions are no longer relevant to you, are they? As such this is literally a no-win move for you, the only thing it can do is hurt your business's image.

Just walk away, this isn't a good look for you guys.

I shared full screenshots of my own comments, except of the mod mail.

Here it is: https://i.imgur.com/FlF8E1Q.png

You deleted your own posts. This is the archive of some of them: https://archive.fo/pBoAY

I don't have an archive of the deeper posts, but they weren't particularly pleasant.

He deleted all the posts. His own, yours, that other guys. The whole comment chain. You may have to log out to see your own comments erased.

Thank you for sharing the mod discussion screenshot.


Please don't be uncivil on HN, regardless of how wrong someone else may be. It breaks the site rules to post this way and we ban accounts that do it.



We detached this comment from https://news.ycombinator.com/item?id=14242458 and marked it off-topic.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact