Migrating from Openwrt: need to build a VPN Gateway (with QAT, Wireguard, OpenVPN)

Hi,

last year I made some test with Vyos 1.1 and I found it very interesting and now I am ready to change my actual configuration.

I use actually OpenWrt 18.06 (as my internal router) on a ESXi virtual machine (based on Supermicro Atom C2758, 8 cores, 16GB RAM): I would like to migrate to vyos and I need some (basic) info and advices.

First, I would like to cotinue using ESXi virtual machine but I would also like to have a configuration that you use QAT (to maximize VPN performance for Wireguard/OpenVPN) but I don’t know if QAT is supported on a virtual machine (and for my CPU specs): do you have some info?

Second question relates to how to build a tailored vyos for my hardware (on virtual or on bare metal): after reading the documentation, to build the ISO I need also to build the packages I need (or all to simplify) and include them in final build: it’s correct?

Thanks in advance

Hi @walexago,

Your CPU support QAT, and I think it possible use QAT in VM, like SR-IOV, but now QAT acceleration implemented only for IPSec.

For build own VyOS ISO you can follow instruction GitHub - vyos/vyos-build: VyOS image build scripts
ps:// QAT kernel modules build automatically.

Hello! Now in 2023, does VyOS QAT support Wireguard, OpenVPN?

We have enhanced our existing image by incorporating support for OpenVPN data channel offload. it should improved the current implementation and allow using kernel functions to encryption/ decryption :

https://docs.vyos.io/en/latest/configuration/interfaces/openvpn.html#openvpn-data-channel-offload-dco

regarding wireguard I not sure if it allow use those kernel modules but many new option was add latest kernel .

The answer is no!
C2758 and c3758 will not support it. Since they didn’t support chacha-poly , intel qal gen 4 support chacha-poly .