diff options
| author | fett0 <fernando.gmaidana@gmail.com> | 2023-07-24 16:47:44 -0300 |
|---|---|---|
| committer | fett0 <fernando.gmaidana@gmail.com> | 2023-07-24 16:47:44 -0300 |
| commit | e93afe3d3309ae1243e11816bba03b23db81386b (patch) | |
| tree | 617ccbbfaa7303b2304f75054a0433d9c268f8b8 /docs/configuration/interfaces | |
| parent | 072e1a922639ca11224eb0ca518c0966b43020f8 (diff) | |
| download | vyos-documentation-e93afe3d3309ae1243e11816bba03b23db81386b.tar.gz vyos-documentation-e93afe3d3309ae1243e11816bba03b23db81386b.zip | |
OpenVPN : add documetation DCO on VyOS
Diffstat (limited to 'docs/configuration/interfaces')
| -rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index 5850591c..74a065c7 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -600,6 +600,45 @@ Will add ``push "keepalive 1 10"`` to the generated OpenVPN config file. quotes using the ``"`` statement. +********************************** +OpenVPN Data Channel Offload (DCO) +********************************** + +OpenVPN Data Channel Offload (DCO) enables significant performance +enhancement in encrypted OpenVPN data processing. By minimizing context +switching for each packet, DCO effectively reduces overhead. This optimization +is achieved by keeping most data handling tasks within the kernel, avoiding +frequent switches between kernel and user space for encryption and packet +handling. As a result, the processing of each packet becomes more efficient, +potentially leveraging hardware encryption offloading support available in +the kernel. + +.. note:: OpenVPN DCO is not full OpenVPN features supported , is currently + considered experimental. Furthermore, there are certain OpenVPN features and + use cases that remain incompatible with DCO. To get a comprehensive + understanding of the limitations associated with DCO, refer to the list of + known limitations in the documentation. + + https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features + + +Enabling OpenVPN DCO +==================== + +DCO support is a per-tunnel option and it is not automatically enabled by +default for new or upgraded tunnels. Existing tunnels will continue to function +as they have in the past. + +DCO can be enabled for both new and existing tunnels,VyOS adds an option in each +tunnel configuration where we can enable this function .The current best +practice is to create a new tunnel with DCO to minimize the chance of problems +with existing clients. + +.. cfgcmd:: set interfaces openvpn vtun10 enable-dco + +Using this command over the interface is performing DCO ,is necessary reset +the tunnel. + Troubleshooting =============== |