Originally posted by Nille_kungen
View Post
Announcement
Collapse
No announcement yet.
OpenVPN DCO Linux Kernel Module Aims To Offer Faster VPN Performance
Collapse
X
-
- Likes 2
-
Originally posted by birdie View PostWould be interesting to compare it to classic userspace-only OpenVPN and WireGuard.
Quick summary:
Last edited by oibaf; 21 September 2021, 08:29 AM.
- Likes 1
Comment
-
Originally posted by M@yeulC View PostCouldn't they use eBPF for that? At least for the decryption phase.
- Likes 1
Comment
-
Correct me if I am wrong:
Wireguard is UDP only and only uses stream ciphers.
OpenVPN supports TCP and therefore TLS.
Same purpose but different approaches.
A kernel approach to process TLS traffic would be a good thing, (I would think) as it would handle the encrypt/decrypt more effectively.
Comment
-
-
Originally posted by edwaleni View PostCorrect me if I am wrong:
Wireguard is UDP only and only uses stream ciphers.
OpenVPN supports TCP and therefore TLS.
Same purpose but different approaches.
A kernel approach to process TLS traffic would be a good thing, (I would think) as it would handle the encrypt/decrypt more effectively.
The kernel module won't implement TLS, just the data channel, which is where the performance is needed.
TLS in OpenVPN is just used by the control channel and this won't be moved to the kernel.
- Likes 2
Comment
-
Originally posted by oibaf View Post
OpenVPN is usually UDP, there is also TCP mode to be used when, for example, only TCP ports 80/443 are permitted by the firewall.
The kernel module won't implement TLS, just the data channel, which is where the performance is needed.
TLS in OpenVPN is just used by the control channel and this won't be moved to the kernel.
Comment
-
Originally posted by sinepgib View Post
Since the kernel already supports handling TLS (not sure to what level tho), wouldn't it be a reasonable next step to take advantage of that support here?
Comment
Comment