pHxaq 2 Posted ... Hello Staff team, as OpenVPN 2.7 and the latest Linux Kernel 6.16 have now streamlined the integration of the ovpn driver, DCO has become the new performance standard. OpenVPN Data Channel Offload (DCO): The Definitive Guide to the Performance Boost Making OpenVPN The Fastest VPN Protocol Other companies such as ExpressVPN and Norton VPN have already integrated DCO to offer their users these performance gains. Implementing this would keep your service competitive and provide a much smoother experience for those of us who prefer the OpenVPN protocol for its maturity and security. Do you have OpenVPN DCO on your current technical roadmap? I look forward to hearing your thoughts on this. Kind regards. 1 go558a83nk reacted to this Quote Share this post Link to post
oassQ9w4cbl4AySZhhth%p36x 5 Posted ... https://netdevconf.info/0x16/papers/27/ovpn-dco.pdf yep some pretty interesting results, praying @Staff stop ignoring it. Quote Share this post Link to post
Staff 10500 Posted ... 7 hours ago, oassQ9w4cbl4AySZhhth%p36x said: https://netdevconf.info/0x16/papers/27/ovpn-dco.pdf yep some pretty interesting results, praying @Staff stop ignoring it. Hello! We're not ignoring it, did you read the update on the first message of this thread? Kind regards 1 1 oassQ9w4cbl4AySZhhth%p36x and go558a83nk reacted to this Quote Share this post Link to post
oassQ9w4cbl4AySZhhth%p36x 5 Posted ... thank you, yes i missed that update the forums do not notify when you modify the thread. disappointing decision though. AES-NI support and using AES-GCM is better for computer to computer communication and openvpn DCO outperforms wireguard by quite some margin, especially when tuned properly. AmneziaWG is good but also most things do not support it. For most people they just want the best throughput for the lowest overhead which up until openvpn DCO was wireguard. now it is not. Quote Share this post Link to post
Staff 10500 Posted ... 1 hour ago, oassQ9w4cbl4AySZhhth%p36x said: thank you, yes i missed that update the forums do not notify when you modify the thread. disappointing decision though. AES-NI support and using AES-GCM is better for computer to computer communication Hello! Well, not totally true thanks to SIMD, especially AVX and AVX-512. AVX is commonly available on CPUs since 2011, while AVX-512 came out around 2016. By the way: WireGuard already saturates our servers (2.6 Gbit/s per client on the server, recently...) so the physical limit of our lines is reached before kernel performance becomes a problem. We would also like to see how the new DCO beats properly configured WireGuard on real life usage, not from a paper written by the same DCO developer. But anyway DCO changed incarnations and compatibilities many times. Having followed each iteration at the beginning, we wasted a significant amount of time and this situation had to be ended. No more, thank you... we are inclined to use the NEW DCO only when we have our infrastructure running on a mainline kernel that includes the module (in other words, starting from Debian 14, which is due to be released in 2027). On the other hand we also acknowledge the decision of important competitors to drop OpenVPN completely in the recent past. It's a delicate matter that we must take into consideration. Additionally, OpenVPN keeps a relevant superiority over WireGuard with some important features: DHCP enabled, ability to connect over SSH and TLS additional tunnels, and over socks and http proxies. But we do not need DCO for such strategic options (which by themselves hit performance heavily) so its adoption is not compelling. Our customers' choice is clear: OpenVPN usage dropped from 80% to 23% in just a year and a half. Note that just two weeks ago we had 24%, now it's 23%, the decline is fast. 1 hour ago, oassQ9w4cbl4AySZhhth%p36x said: AmneziaWG is good but also most things do not support it. For most people they just want the best throughput for the lowest overhead which up until openvpn DCO was wireguard. now it is not. So what? DCO is not a replacement for blocks circumvention and does not feature AmneziaWG abilities, including CPS, handshake and payload packets padding, junk packets. We see DCO as a WireGuard competitor, but not at all as an AmneziaWG alternative, which in turn is aimed at lower performance for better blocks circumvention. Kind regards Quote Share this post Link to post
flat4 95 Posted ... Not going to add any technical input to this convo but as a former hardline openvpn user on a pfsense box the speed difference was night and day when i made the switch. I also think that we have to give them credit for keeping Openvpn as an option since the numbers are low they are putting technical effort on a very low percentage of users. That's why i love airvpn they choose provide for any both services and not make it a financial or technical issue. If they are not the latest is for a reason, if that is not good for you, there's always a choice to leave. Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
pHxaq 2 Posted ... 7 hours ago, Staff said: Our customers' choice is clear: OpenVPN usage dropped from 80% to 23% in just a year and a half. Note that just two weeks ago we had 24%, now it's 23%, the decline is fast. Hi Staff! Thanks for the reply; as another user posted, I also missed the update on the Announcements topic. However, one thing I'd like to ask regarding these numbers: do they represent a switch from OpenVPN to Wireguard by already existing users, or is this due to the fact that a big number of new users joined the service and started with WG by default for their connections? Not to make a counter argument, it's just that it could be a combination of causes for the % decline of active OpenVPN users. Anyway, it's always good to have both options available, so we'll patiently wait for 2027 hoping to get the new shiny OpenVPN. Thanks again for the replies! Quote Share this post Link to post
Not connected, Your IP: 216.73.216.140
Online: 41449 users - 485120 Mbit/s total BW