I’m thinking about building a box for pfsense. Looking at hardware options and I see a pretty significant difference in price when comparing hardware with and without AES-NI. I don’t necessarily think I’ll need AES. The way I understand it, AES is for using VPN that is somehow running on the router??? I mean, my wife and I both use VPNs on our work computers so we can reach our work networks, but that isn’t using any encryption features on my router, is it?? Or am I not understanding?
You should consider opnsense instead of pfsense in any case.
why?
The company behind pfSense is shady as hell:
https://opnsense.org/opnsense-com/
Also the complete and utter clusterfuck of an attempt to bring Wireguard into the FreeBSD kernel:
It’s for encryption and decryption so only valid for VPN tunnels initiated by pfsense. Not a needed feature by any means if you don’t selfhost stuff and want to setup VPN tunnels and run a lot of traffic through (like say media through Jellyfin)
If installing Wireguard as your VPN is a possibility, Install Opnsense + Wireguard on old hardware and forget about AES.
Pfsense has an openvpn server and client built in. Also if you are using site-to-site ipsec vpns it can be useful. I think it will also use the extensions if you run a web proxy to inspect tls traffic. If you just use it for a nat gateway, then you don’t need aes-ni or even most of the features Pfsense provides.
If you don’t use a VPN on the router, you won’t need it.
But what if you decide to set one up so you can VPN in while on the road? Personally, I’d rather have it and not need it, than need it and not have it…as well as “buy once, cry once” rather than need to upgrade down the line.
deleted by creator