With the release of pfSense 2.4, OpenVPN 2.4.3 has been incorporated into pfSense. As a result, OpenVPN can use AES-NI acceleration for AES-GCM tunnels. AES-NI is a form of hardware acceleration designed to speed up encryption and decryption in routines implementing Advanced Encryption Standard (AES). Utilizing AES-GCM encryption on a CPU supporting AES-NI should improve throughput on OpenVPN tunnels in pfSense by 30 to 50%.

With the release of pfSense 2.5, you will have an additional incentive to ensure that the CPU on which you are running is AES-NI-compatible, as version 2.5 will only run on CPUs that support AES-NI encryption or another hardware crypto offload. While this will prevent running pfSense 2.5 and up on some lower-end systems (such as many Celeron-based systems), it is supported by all AMD pCPUs since the release of the Bulldozer family of processors in late 2011, and by all Intel CPUs since the Skylake family (initially released in August 2015). AES-NI is also supported by a number of ARM CPUs, where it has the additional advantage of offloading AES instructions to on-die cryptographic accelerators. Examples of ARM CPUs supporting AES-NI include the ARM processors used in pfSense embedded systems produced by Netgate such as the TI AM3352 (SG-1000) and the Cortex-A9 (SG-3100).