diff options
author | Christian Breunig <christian@breunig.cc> | 2023-07-27 16:24:46 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-27 16:24:46 +0200 |
commit | 5299c309428fdb8dbdce334df715c17a41010b84 (patch) | |
tree | f8f27519d07f41ee3e501c174368992ab38913ec /docs/configuration | |
parent | ada1da93772414464eb47b712c12765c30d89488 (diff) | |
parent | e93afe3d3309ae1243e11816bba03b23db81386b (diff) | |
download | vyos-documentation-5299c309428fdb8dbdce334df715c17a41010b84.tar.gz vyos-documentation-5299c309428fdb8dbdce334df715c17a41010b84.zip |
Merge pull request #1049 from fett0/Openvpn-dco-doc
OpenVPN : add documetation DCO on VyOS
Diffstat (limited to 'docs/configuration')
-rw-r--r-- | docs/configuration/interfaces/openvpn.rst | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst index c92d5dc6..ed24825b 100644 --- a/docs/configuration/interfaces/openvpn.rst +++ b/docs/configuration/interfaces/openvpn.rst @@ -623,6 +623,45 @@ Will add ``push "keepalive 1 10"`` to the generated OpenVPN config file. quotes using the ``"`` statement. +********************************** +OpenVPN Data Channel Offload (DCO) +********************************** + +OpenVPN Data Channel Offload (DCO) enables significant performance +enhancement in encrypted OpenVPN data processing. By minimizing context +switching for each packet, DCO effectively reduces overhead. This optimization +is achieved by keeping most data handling tasks within the kernel, avoiding +frequent switches between kernel and user space for encryption and packet +handling. As a result, the processing of each packet becomes more efficient, +potentially leveraging hardware encryption offloading support available in +the kernel. + +.. note:: OpenVPN DCO is not full OpenVPN features supported , is currently + considered experimental. Furthermore, there are certain OpenVPN features and + use cases that remain incompatible with DCO. To get a comprehensive + understanding of the limitations associated with DCO, refer to the list of + known limitations in the documentation. + + https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features + + +Enabling OpenVPN DCO +==================== + +DCO support is a per-tunnel option and it is not automatically enabled by +default for new or upgraded tunnels. Existing tunnels will continue to function +as they have in the past. + +DCO can be enabled for both new and existing tunnels,VyOS adds an option in each +tunnel configuration where we can enable this function .The current best +practice is to create a new tunnel with DCO to minimize the chance of problems +with existing clients. + +.. cfgcmd:: set interfaces openvpn vtun10 enable-dco + +Using this command over the interface is performing DCO ,is necessary reset +the tunnel. + Troubleshooting =============== |