Page 1 of 1

DCO (data channel offload) offering

Posted: Wed Jun 22, 2022 4:27 am
by johnpi
Once OpenVPN 2.6.0 stable version is released, will Viscosity make available an option to enable DCO for the client?
Why I ask is because it's soon to be released with my OpenVPN server once 2.6.0 is released, and it looks very beneficial in efficiency.
"OpenVPN DCO allows for huge performance gains when processing encrypted OpenVPN data by reducing the amount of context switching that happens for each packet. "

ref: https://openvpn.net/blog/openvpn-data-channel-offload/

Thanks,
John

Re: DCO (data channel offload) offering

Posted: Fri Jun 24, 2022 9:15 am
by James
Hi John,

We have no current plans to adopt the DCO driver. While that may change in the future, for now we don't feel it'll offer a major benefit to Viscosity users. There are a number of reasons behind this:

- It's not possible to implement DCO on macOS. Apple have deprecated "kernel extensions" and replaced them with "system extensions". System extensions run in user-space, offering no performance benefit from having a user-space process do the work.
- Viscosity's Windows driver already outperforms the OpenVPN TAP driver in performance and is capable of saturating almost all client-side network connections.
- Much of the performance gain is reportedly from multithreading the encryption/decryption, rather than from it being in-kernel. We're looking into whether we can introduce this multithreading into the OpenVPN implementation itself without the need of a dedicated driver (which would benefit both macOS and Windows versions).
- DCO is primarily of benefit on the OpenVPN server. You'll still be able to connect to servers using the DCO driver/module without needing to also be using the DCO driver client-side.
- DCO's cipher support is limited to a very small number of available ciphers, which raises tricky issues when Viscosity needs to load a network driver to use (as it may not know in advance while ciphers can be used).

As mentioned above, we try not to lock ourselves into decisions and this may change in the future.

Cheers,
James