@alterelefant @HauntedOwlbear nodds in agreement
I rarely see any setup that maxes out the 2 GBit/s per CPU core with #AESni and optimized #IPsec parameters to for that, but if there ever is one that'll need more than what the average 1U 65W EPYC / Xeon can handle + a QAT card, then there's likely budget to get #tnsr #subscriptions waived through...
@critical @captainepoch some TP-Link should do that, tho if you're in the #EU you can,thank @EUCommission for killing #OpenWRT support with absurd #Firmware lockdowns.
Personally I'd recommend to #DIY something with #pfSense and seperate #WiFi and #Routing...
@marcan @lanodan the only cases where one would need even more Power are setups like High-Bandwith #VPN Gateways like some huge #pfSense if one needs 40+ GBit/s throughput on #OpenVPN or #WireGuard.
Mind you that #LUKS - aside from the encryption of the key in the header, uses #AES256 by default for a long time and is pretty efficient even prior to #AESni.
So no, in most cases the impact is purely synthetic and not really of any impact...
#AESni will give you at least 2GByte/s per thread & core so unless you put a pair of PCIe 5.0 x4 NVMe|s on a board with only a CPU that has 4C/8T, you shoudln't be able to measure much of a performance loss.
Espechally since that worst-case doesn't even exist AFAIK nor would it make sense.
It would be a different story if #LUKS were to use something like #RSA or other public/private asymetric crypto for the actual data encryption.
@lcruggeri @DosFox pretty nifty SoC.
I built a custom #pfSense with that in 2017.
Sadly shortly after, #AESni became necessary for #pfSense 2.4 which sadly obsolieted it.
Needless to say if you just need a little #Linux #Box to "fuck around and find out" and tinker with as a "server" to learn on or use some lightweight distro like #BunsenLabs or #RaspberryPiOS that should be still usefill for most people.
Kevin Karhan 
Kevin Karhan 
zSchön 
jupitersignal