OpenVPN DCO Looks Like It Might Be Ready For Linux 6.14 To Speed-Up VPN Performance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67093

    OpenVPN DCO Looks Like It Might Be Ready For Linux 6.14 To Speed-Up VPN Performance

    Phoronix: OpenVPN DCO Looks Like It Might Be Ready For Linux 6.14 To Speed-Up VPN Performance

    In development for several years has been the OpenVPN DCO Linux kernel module for data channel offload (DCO) capabilities to provide for much faster virtual private networking (VPN) performance. It's looking like the lengthy review process on OpenVPN DCO is about wrapping up and leaving hope that it will be ready to premiere in next year's Linux 6.14 kernel...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • bug77
    Senior Member
    • Dec 2009
    • 6475

    #2
    I still want wireguard

    Comment

    • NeoMorpheus
      Senior Member
      • Aug 2022
      • 589

      #3
      So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?

      Comment

      • intelfx
        Senior Member
        • Jun 2018
        • 1083

        #4
        Originally posted by NeoMorpheus View Post
        So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
        We discussed this in the last thread about OpenVPN DCO.

        TL;DR: management capabilities. If you need anything other than a dumb data pipe with pre-shared keys and pre-configured IP addresses, WireGuard is of zero help.

        Comment

        • Raka555
          Junior Member
          • Nov 2018
          • 673

          #5
          Originally posted by NeoMorpheus View Post
          So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
          Ease of use.
          It is very easy to setup an openvpnAS server +LDAP and let people help themselves.

          Wireguard is great for site-to-site VPN, but managing users is a pain. Delivering their private key securely can be challenging.
          To ask non-tech savvy people to create their own config and send you the publc key ... well ... uhm...
          I cringe at the thought of rolling out wireguard at large scale.

          Plain openvpn that you manage yourself probably don't have a lot of advantages except maybe that it can do L2 VPN, which wg can't to my knowledge.
          Last edited by Raka555; 04 December 2024, 02:11 PM.

          Comment

          • edxposed
            Senior Member
            • Jan 2023
            • 302

            #6
            Originally posted by NeoMorpheus View Post
            So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
            Wireguard limited itself to chacha20 instead of a scalable encryption design for the sake of some embedded ewaste, so it's already lost from the start

            Comment

            • zparihar
              Junior Member
              • Oct 2017
              • 17

              #7
              How will the be speed increase compare to WireGuard?

              Comment

              • lyamc
                Senior Member
                • Jun 2020
                • 518

                #8
                Originally posted by NeoMorpheus View Post
                So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
                DHCP-type IP Address assignment vs Static-only assignment
                Layer 2 (tap) and Layer 3 (tun) support vs just Layer 3
                And a lot of other management capabilities


                Originally posted by NeoMorpheus View Post
                So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
                First you need to make sure you're comparing apples and oranges. OpenVPN supports TCP and UDP. Some people opt for TCP which will be slower than UDP. As latency increases, TCP throughput falls through the ground.

                Aside from that it should make it much more competitive with Wireguard. If you choose Wireguard for the increased throughput, that just means (to me) that you don't need most of what OpenVPN offers. I'm saying this as someone who mainly uses Wireguard.

                Comment

                • tomeq82
                  Junior Member
                  • Jan 2024
                  • 3

                  #9
                  Originally posted by NeoMorpheus View Post
                  So im curious, which advantages has OpenVPN over Wireguard these days that would make someone choose it?
                  Manageability and user experience. Raw Wireguard setup is of little real use. Without any programmed/scripted/automated overlay it is just more of proof of concept. Just take a look how does it cope with endpoints behind NAT, what requires it to be operable in such scenario etc. etc.

                  Don't trust the hype that the Wireguard is "easy to use" or "easiest VPN on the market". It is definitely not.

                  Comment

                  • fitzie
                    Senior Member
                    • May 2012
                    • 672

                    #10
                    Originally posted by edxposed View Post

                    Wireguard limited itself to chacha20 instead of a scalable encryption design for the sake of some embedded ewaste, so it's already lost from the start
                    i think of it more as an experiment. Jason obviously studied ipsec/ssl and the disaster that was both from downgrade attacks and configuration issues and made the decision to fix the algos in. at some point he will have to support newer algos and we'll see how that is handled then. I was resistant at first, but it's a fair decision to decide to make when you've seen all the end user crypto mistakes as he has.

                    Comment

                    Working...
                    X