In development for several years has been the OpenVPN DCO Linux kernel module for data channel offload (DCO) capabilities to provide for much faster virtual private networking (VPN) performance. It’s looking like the lengthy review process on OpenVPN DCO is about wrapping up and leaving hope that it will be ready to premiere in next year’s Linux 6.14 kernel.
The OpenVPN DCO kernel module allows leveraging data encryption backed by AES-NI in kernel space and to avoid context switching overhead from some of the OpenVPN code currently operating in user-space. Another performance boost comes by way of multi-threaded encryption support. The OpenVPN DCO kernel module handles the OpenVPN data channel in kernel-space and provides higher throughput and lower latency.
There have been some very nice performance gains shown for using the OpenVPN DCO kernel code:
Published this week was the v12 patches for the OpenVPN DCO code. Antonio Quartulli of OpenVPN kicked off the v12 patch series with:
“This is the 12th version of the patchset. Hopefully there are no major flaws that will require more resendings. I am sure we’ll have plenty of time to polish up all bells and whistles :-)”
There are many fixes and code changes as a result of the code review process. There have been other indications on the LKML that it looks like OpenVPN DCO is wrapping up and about ready to cross the bridge to mainline, so here’s to hoping it indeed wraps up in the next few weeks ahead of the Linux 6.14 kernel cycle in early 2025.
