From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: openvpn-2.7_rc1
Date: Sat, 20 Dec 2025 19:05:43 +0100 [thread overview]
Message-ID: <95de13b9655902ecd319bb998a94bdd8f10186b7.camel@ipfire.org> (raw)
In-Reply-To: <4247a605-6aac-4c9c-93c8-db236c2cb769@ipfire.org>
Hello Adolf and all,
wanted to deliver also some results to the 2.7 version of OpenVPN,
which is currently on rc4 release. Meanwhile i use the rc4 candidate
with the new Kernel 6.18.1 which Arne delivered for testing.
Have compiled rc4 with the following diff
`
@@ -73,10 +73,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && ./configure \
--prefix=/usr \
--sysconfdir=/var/ipfire/ovpn \
- --enable-iproute2 \
--enable-plugins \
--enable-plugin-auth-pam \
- --enable-plugin-down-root
+ --enable-plugin-down-root \
+ --enable-dco
` and it uses the new ovpn Kernel modul out of the box if no CBC Cipher
is in usage. Have set in the WUI `--data-cipher-fallback` to disabled
and configured only GCM and ChaCha20 as Ciphers (if there is CBC
somewhere included, DCO will disable itself at startup).
So there was no more configuration needed to enable the "Data Channel
Offload" .
Made some rudimentary speedtests with speedtest.net with an Fedora 43
client via WLAN with this scenarios:
1) Direct and without OpenVPN to get a reference value of the line
2) non-DCO OpenVPN 2.6 on client and server (without DCO)
3) Server-DCO OpenVPN-2.7_rc4 on IPFire (as Server) and with 2.6
(without DCO) on client side and
4) Full-DCO on both ends OpenVPN-2.7_rc4 with enabled DCO
which i wanted to provide here for you.
Download:
Direkt: 49.39 Mbps
non-DCO: 23.99 Mbps
Server-DCO: 44.63 Mbps
Full DCO: 47.84 Mbps
Upload:
Direkt: 20.93 Mbps
non-DCO: 19.66 Mbps
Server-DCO: 20.59 Mbps
Full DCO: 20.54 Mbps
Idle latency:
Direkt: 14 ms
non-DCO: 15 ms
Server-DCO: 16 ms
Full DCO: 15 ms
Download latency:
Direkt: 41 ms
non-DCO: 171 ms
Server-DCO: 53 ms
Full DCO: 58 ms
Upload latency:
Direkt: 35 ms
non-DCO: 37 ms
Server-DCO: 36 ms
Full DCO: 35 ms
Was at first not sure if something went wrong and i e.g. bypassed
accidentially the tunnel but mtr showed that all is OK.
I know that these results are not representative but i wanted
nevertheless to let you know. May someone wants to give it also a try.
Also, a lot hass been changed to the better in 2.7 IMHO.
Best,
Erik
next prev parent reply other threads:[~2025-12-20 18:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-06 21:19 openvpn-2.7_rc1 Adolf Belka
2025-11-07 14:18 ` openvpn-2.7_rc1 Michael Tremer
2025-12-20 18:05 ` ummeegge [this message]
2025-12-23 11:27 ` openvpn-2.7_rc1 Michael Tremer
2025-12-23 16:13 ` openvpn-2.7_rc1 ummeegge
2025-12-28 12:18 ` openvpn-2.7_rc1 Michael Tremer
2025-12-30 11:17 ` openvpn-2.7_rc1 ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=95de13b9655902ecd319bb998a94bdd8f10186b7.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox