On Tue, Nov 17, 2020 at 9:32 AM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > If you are going back to the drawing board with in-kernel acceleration > for OpenVPN As far as I can tell, they're mostly after compatibility with their existing userspace stuff. Otherwise, if they were going back to the drawing board, they could just make openvpn userspace set up xfrm or wg tunnels to achieve basically the same design. And actually, the xfrm approach kind of makes a lot of sense for what they're doing; it was designed for that type of split-daemon tunneling design.
