From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: Correct installation for kernel modules Date: Thu, 19 Oct 2023 09:46:54 +0200 Message-ID: In-Reply-To: <593D97C4-1CF8-407C-8F4D-C777C4EDD25C@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5145427750863465605==" List-Id: --===============5145427750863465605== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, Am Mittwoch, dem 18.10.2023 um 19:42 +0100 schrieb Michael Tremer: > Hello Erik, >=20 > This is interesting, because OpenVPN probably needs some > acceleration. >=20 > Throughput has always been poor because of the badly implemented > fragmentation code, that is as far as I know also deprecated and > therefore won=E2=80=99t be improved, but we all depend on it right now. >=20 > However, we have only made very bad experiences with out of tree > kernel modules. Especially since we now only have two years on the > LTS kernels, we need to be able to rely on those maintainers to keep > up. I don=E2=80=99t want to say anything bad about them at all, but in the > past, even projects that have been moving well suddenly stalled and > became a large headache for us. >=20 > And there might be an alternative that should be an option for > OpenVPN (at least theoretically): KTLS. Interesting haven=C2=B4t heared of that before. >=20 > I did a quick Google search and could not find anything. But do you > know how this module relates to KTLS? Can KTLS not be used in this > case? Will give it also a research but haven=C2=B4t see a concept for KTLS as a substitution for ovpn-dco or speed acceleration for OpenVPN in general. Another point is the limitations of ovpn-dco by design since it needs a subnet topology but IPFire uses net30 and to implement this for Roadwarriors we would need to change this which is a bigger task. We spoke about that longer time ago. What would work out of the box are Net-to-Net connections since they use a p2p topology and the speed boost from the diagrams looks good so far -->=C2=A0https://openvpn.net/blog/openvpn-data-channel-offload/ . Anyways, will research in terms of KTLS for OpenVPN a little more and come then back in here again. >=20 > -Michael Best, Erik >=20 > > On 18 Oct 2023, at 10:50, ummeegge wrote: > >=20 > > Hi all, > > wanted to open a testing scenario for the OpenVPN data channel > > offload > > (DCO) --> > > https://github.com/OpenVPN/openvpn/blob/master/README.dco.md > > kernel module. So far i have been used this LFS --> > > https://git.ipfire.org/?p=3Dpeople/ummeegge/ipfire-2.x.git;a=3Dblob;f=3Dl= fs/ovpn-dco;h=3D8b056518fa7a638dddb39955248ac5b626b9b4cd;hb=3D5f85ecb7b26628f= ccbed65c08b54e35c7f249ee5 > > but i wanted to ask for a proper or correct way, in special the > > installation paths of such modules but in general if i can handle > > it in > > such way. > >=20 > > Best, > >=20 > > Erik >=20 --===============5145427750863465605==--