From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4dYXQ80dC2z2xnx for ; Sat, 20 Dec 2025 18:05:52 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4dYXQ43GrZz2xM3 for ; Sat, 20 Dec 2025 18:05:48 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange secp256r1 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4dYXQ352LFz1jv for ; Sat, 20 Dec 2025 18:05:47 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1766253947; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=azE610yZg8IZ0giAoHXpID7rYCPJPGezp2j177yhHvM=; b=bYAjjRzW0THQ93Axl0G+3rNT/rbjIGMLMzhVLilLe3vmF0fzzJ2awdhI/Rwf6GMrAsV9pP O+7qbcDp95a2zGAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1766253947; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=azE610yZg8IZ0giAoHXpID7rYCPJPGezp2j177yhHvM=; b=wnXLDQfOHXBhlwOFGMjlBy9+1ymyprh/wUBYw4cDEyHrH6x8dYdG+w7z5T1OXDvhDD0JMg tpRdYk4t/7hos77+EQ7VEYh//dLzxxnAQQBEmPSaA/3rYBGblNCGWkQWVf0hyZ6MszKCik u8mDo1RkpMbhphrhySnJm+/zHEJuXWFfCXL3XP7xTfEJymEV4ijvETIACCjTRzZnpcWg3r VDIxxQlMU9I4ayzgHhLwC3s/NMu7ZZWc4JfYUayjO7WRkP9woF8/1RQ9dQfSkGonqfcNTJ gGOVK/+UT6/mVPJdWUY6T6XU2kYy5b/eAcYykUcOIMVtvw2Fxfmpzp0p7GvpDw== Message-ID: <95de13b9655902ecd319bb998a94bdd8f10186b7.camel@ipfire.org> Subject: Re: openvpn-2.7_rc1 From: ummeegge To: development@lists.ipfire.org Date: Sat, 20 Dec 2025 19:05:43 +0100 In-Reply-To: <4247a605-6aac-4c9c-93c8-db236c2cb769@ipfire.org> References: <4247a605-6aac-4c9c-93c8-db236c2cb769@ipfire.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Hello Adolf and all, wanted to deliver also some results to the 2.7 version of OpenVPN, which is currently on rc4 release. Meanwhile i use the rc4 candidate with the new Kernel 6.18.1 which Arne delivered for testing. Have compiled rc4 with the following diff ` @@ -73,10 +73,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && ./configure \ --prefix=3D/usr \ --sysconfdir=3D/var/ipfire/ovpn \ - --enable-iproute2 \ --enable-plugins \ --enable-plugin-auth-pam \ - --enable-plugin-down-root + --enable-plugin-down-root \ + --enable-dco ` and it uses the new ovpn Kernel modul out of the box if no CBC Cipher is in usage. Have set in the WUI `--data-cipher-fallback` to disabled and configured only GCM and ChaCha20 as Ciphers (if there is CBC somewhere included, DCO will disable itself at startup). So there was no more configuration needed to enable the "Data Channel Offload" . Made some rudimentary speedtests=C2=A0with speedtest.net with an Fedora 43 client via WLAN with this scenarios: 1) Direct and without OpenVPN to get a reference value of the line=20 2) non-DCO OpenVPN 2.6 on client and server (without DCO) 3) Server-DCO OpenVPN-2.7_rc4 on IPFire (as Server) and with 2.6 (without DCO) on client side and 4) Full-DCO on both ends OpenVPN-2.7_rc4 with enabled DCO which i wanted to provide here for you. Download: Direkt: 49.39 Mbps non-DCO: 23.99 Mbps Server-DCO: 44.63 Mbps Full DCO: 47.84 Mbps Upload: Direkt: 20.93 Mbps non-DCO: 19.66 Mbps Server-DCO: 20.59 Mbps Full DCO: 20.54 Mbps Idle latency: Direkt: 14 ms non-DCO: 15 ms Server-DCO: 16 ms Full DCO: 15 ms Download latency: Direkt: 41 ms non-DCO: 171 ms Server-DCO: 53 ms Full DCO: 58 ms Upload latency: Direkt: 35 ms non-DCO: 37 ms Server-DCO: 36 ms Full DCO: 35 ms Was at first not sure if something went wrong and i e.g. bypassed accidentially the tunnel but mtr showed that all is OK. I know that these results are not representative but i wanted nevertheless to let you know. May someone wants to give it also a try. Also, a lot hass been changed to the better in 2.7 IMHO. Best, Erik