summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-07-27 16:27:17 +0200
committerChristian Breunig <christian@breunig.cc>2023-07-27 16:27:17 +0200
commit14c4fac22bfd7fb35b50019d7707a9a932238870 (patch)
tree6609bb2a5bb4f86d46372e27358c4cb30166ba51 /docs
parent5299c309428fdb8dbdce334df715c17a41010b84 (diff)
downloadvyos-documentation-14c4fac22bfd7fb35b50019d7707a9a932238870.tar.gz
vyos-documentation-14c4fac22bfd7fb35b50019d7707a9a932238870.zip
openvpn: T4974: merge two DCO docs
Diffstat (limited to 'docs')
-rw-r--r--docs/configuration/interfaces/openvpn.rst59
1 files changed, 21 insertions, 38 deletions
diff --git a/docs/configuration/interfaces/openvpn.rst b/docs/configuration/interfaces/openvpn.rst
index ed24825b..c0019577 100644
--- a/docs/configuration/interfaces/openvpn.rst
+++ b/docs/configuration/interfaces/openvpn.rst
@@ -514,28 +514,6 @@ example:
}
-Offloading (DCO)
-================
-
-The expression Data Channel Offload refers to any technique implemented with
-the goal of moving the processing of data packets from the OpenVPN userspace
-program to a separate entity.
-
-Given that OpenVPN spends a considerable amount of time passing data packets
-back and forth from kernel-land to user-land, where decryption and re-routing
-happens, it was decided to offload the data processing directly to the kernel.
-As direct consequence, data packets are not required to leave the kernelspace
-anymore, thus boosting the performance of active VPN connections.
-
-.. warning:: This is experimental!
-
-.. cfgcmd:: set interfaces openvpn <name> offload dco
-
- Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel
- module.
-
- Disabled by default - no kernel module loaded.
-
******
Client
******
@@ -627,19 +605,19 @@ Will add ``push "keepalive 1 10"`` to the generated OpenVPN config file.
OpenVPN Data Channel Offload (DCO)
**********************************
-OpenVPN Data Channel Offload (DCO) enables significant performance
-enhancement in encrypted OpenVPN data processing. By minimizing context
-switching for each packet, DCO effectively reduces overhead. This optimization
-is achieved by keeping most data handling tasks within the kernel, avoiding
-frequent switches between kernel and user space for encryption and packet
-handling. As a result, the processing of each packet becomes more efficient,
-potentially leveraging hardware encryption offloading support available in
-the kernel.
-
-.. note:: OpenVPN DCO is not full OpenVPN features supported , is currently
- considered experimental. Furthermore, there are certain OpenVPN features and
- use cases that remain incompatible with DCO. To get a comprehensive
- understanding of the limitations associated with DCO, refer to the list of
+OpenVPN Data Channel Offload (DCO) enables significant performance enhancement
+in encrypted OpenVPN data processing. By minimizing context switching for each
+packet, DCO effectively reduces overhead. This optimization is achieved by
+keeping most data handling tasks within the kernel, avoiding frequent switches
+between kernel and user space for encryption and packet handling.
+
+As a result, the processing of each packet becomes more efficient, potentially
+leveraging hardware encryption offloading support available in the kernel.
+
+.. note:: OpenVPN DCO is not full OpenVPN features supported , is currently
+ considered experimental. Furthermore, there are certain OpenVPN features and
+ use cases that remain incompatible with DCO. To get a comprehensive
+ understanding of the limitations associated with DCO, refer to the list of
known limitations in the documentation.
https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features
@@ -657,10 +635,15 @@ tunnel configuration where we can enable this function .The current best
practice is to create a new tunnel with DCO to minimize the chance of problems
with existing clients.
-.. cfgcmd:: set interfaces openvpn vtun10 enable-dco
+.. cfgcmd:: set interfaces openvpn <name> offload dco
+
+ Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel
+ module.
+
+ Disabled by default - no kernel module loaded.
+
+ .. note:: Enable this feature causes an interface reset.
-Using this command over the interface is performing DCO ,is necessary reset
-the tunnel.
Troubleshooting
===============