OpenVPN DCO Linux Kernel Module Aims To Offer Faster VPN Performance

OpenVPN has been implementing a kernel module for data channel offload (DCO) capabilities to enhance the performance of this virtual private network system.

OpenVPN DCO aims to provide a much faster VPN implementation by leveraging data encryption backed by AES-NI in kernel space to avoid the context switching overhead from OpenVPN currently in user-space. The OpenVPN DCO kernel module handles the OpenVPN data channel in kernel-space and provides higher throughput and lower latency. Further helping the performance is this new implementation having multi-threaded encryption.

Numbers reported by OpenVPN are very promising and their next-gen VPN is already using DCO in production. They noted, "OpenVPN Cloud, our next-gen VPN has already launched DCO in production, where we are seeing order-of-magnitude performance gains on the server side and expect to see similar gains in the client when ovpn-dco becomes widespread on the client side."

The OpenVPN3 Linux client is currently in beta, the Linux OpenVPN server with the DCO module is currently available for developers right now.

While OpenVPN's announcement talks how they believe in "open-source, and backs this fully" as well as giving the capabilities back to the community, their kernel module plans aren't clear right now. In particular, there isn't any mention if they will go through with trying to upstream/mainline this OpenVPN kernel module into the Linux kernel. So we'll see how this OpenVPN DCO adoption plays out in the months ahead with many Linux users already focused on WireGuard for secure VPN tunnel purposes and having its mature kernel implementation.

The OpenVPN DCO announcement can be read on the OpenVPN.net blog including some early performance figures.