I’m thinking about building a box for pfsense. Looking at hardware options and I see a pretty significant difference in price when comparing hardware with and without AES-NI. I don’t necessarily think I’ll need AES. The way I understand it, AES is for using VPN that is somehow running on the router??? I mean, my wife and I both use VPNs on our work computers so we can reach our work networks, but that isn’t using any encryption features on my router, is it?? Or am I not understanding?
Encryption and Decryption can be resource intensive processes. Most firewalls typically have a lower throughout for VPN connections than they do for just straight routing because of the extra processing power required for VPN. Based on what little I’ve read, it seems like CPU’s with AES-NI are capable of handling the encryption process more efficiently which probably reduces system load and allows for more throughput.
This only helps in situations where your firewall is either serving or connecting to a VPN. It won’t make any difference if your connecting to a work VPN form your computer. Even if you are hosting a VPN connection from your firewall, AES-NI is probably overkill unless you’re planning to connect a bunch of clients to it at the same time or plan to do something like file transfers at Gigabit speeds.