Hi, An OpenVPN colleague of me, Antonio Quartulli (on Cc), has been working on a kernel acceleration module for OpenVPN for quite some time. We call this OpenVPN Data Channel Offload (DCO). This moves the tunnelled network traffic to a new kernel module (ovpn-dco) and keep only the control channel (authentication, VPN IP configuration, etc) in user-space. This is gives a noticeable improved performance. We have had that support available in the OpenVPN 3 Linux for quite some time. But that is currently only a client-mode only implementation. So the real benefit of DCO has been limited when connecting to OpenVPN 2.x servers. In parallel with that, we have now reached a point where we also have code ready for OpenVPN 2.x which can make use of DCO - also for the server side. This code is currently going through review in among the developers in the OpenVPN community. But! We have now a dedicated Fedora Copr repository available for those willin g to test this out. # yum copr enable dsommers/openvpn-dco # yum copr enable dsommers/openvpn3 # yum install openvpn kmod-ovpn-dco The ovpn-dco kernel module is tried first, and if that succeeds OpenVPN 2.x will now use that instead of tun.ko. There is a new --disable-dco option which will force not using DCO, which is useful when testing performance. One performance tip ... Ensure your tun-mtu is 1420 or slightly lower, this is to avoid packet fragmentation which will reduce ability for ovpn-dco to work optimally. We are looking into ways to make the MTU settings better by default, but we're not there yet. This is the only configuration change which might be needed. Even though, I've mentioned OpenVPN 2.x server mode explicitly here ... It will also work with OpenVPN 2.x in client mode too. If you also try the OpenVPN 3 Linux to compare the performance, you should not really notice much difference - as it's the same kernel module doing th e heavy lifting. If you test this out, feel free to reach out on our OpenVPN developers mailing list [0], on IRC [0] or to Antonio (Cc) who is overseeing the DCO development. [0] <https://community.openvpn.net/openvpn/wiki/GettingHelp#Developersupport> -- kind regards, David Sommerseth OpenVPN Inc
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
