This tries to ensure that the difference between the old and new module
is clearer.
Also removed a duplicate section about --disable-dco from the manual page.
This also changes one instance of ovpn-dco to ovpn that is probably a bug
when reusing a tun device.
Change-Id: Iff9f6811fdf553f59f2afee0072d7bf90133d328
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Antonio Quartulli <antonio@mandelbit.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1550
Message-Id: <
20260411090625.18343-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36573.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
are not readable for ``NT SERVICE\OpenVPNService``.
Support for new version of Linux DCO module
- OpenVPN DCO module is moving upstream and being merged into the
- main Linux kernel. For this process some API changes were required.
- OpenVPN 2.7 will only support the new API. The new module is called
- ``ovpn``. Out-of-tree builds for older kernels are available. Please
- see the release announcements for futher information.
+ The OpenVPN DCO module has been merged into the Linux kernel as of
+ 6.16. This required some API changes and OpenVPN 2.7 only supports
+ the new API. The new module is called ``ovpn``. Out-of-tree builds
+ for older kernels are available from
+ https://github.com/OpenVPN/ovpn-backports. Please
+ see the release announcements for further information.
Support for server mode in win-dco driver
On Windows the win-dco driver can now be used in server setups.
OPTIONAL_LIBNL_GENL_LIBS="${LIBNL_GENL_LIBS}"
AC_DEFINE(ENABLE_DCO, 1, [Enable shared data channel offload])
- AC_MSG_NOTICE([Enabled ovpn-dco support for Linux])
+ AC_MSG_NOTICE([Enabled ovpn-dco (via ovpn kernel module) support for Linux])
fi
;;
*-*-freebsd*)
Data channel offload currently requires data-ciphers to only contain
AEAD ciphers (AES-GCM and Chacha20-Poly1305) and Linux with the
- ovpn-dco module.
+ ovpn module. The ovpn module has been integrated into the Linux kernel
+ since 6.16 or is available as backport from
+ https://github.com/OpenVPN/ovpn-backports.
Note that some options have no effect or cannot be used when DCO mode
is enabled.
on console) and ``--auth-nocache`` will fail as soon as key
renegotiation (and reauthentication) occurs.
---disable-dco
- Disable "data channel offload" (DCO).
-
- On Linux don't use the ovpn-dco device driver, but rather rely on the
- legacy tun module.
-
- You may want to use this option if your server needs to allow clients
- older than version 2.4 to connect.
-
--disable-occ
**DEPRECATED** Disable "options consistency check" (OCC) in configurations
that do not use TLS.
* don't need to have the net_ctx percolate all the way here
*/
int ret = net_iface_type(NULL, o->dev, iftype);
- if ((ret == 0) && (strcmp(iftype, "ovpn-dco") != 0))
+ if ((ret == 0) && (strcmp(iftype, "ovpn") != 0))
{
- msg(msglevel, "Interface %s exists and is non-DCO. Disabling data channel offload",
+ msg(msglevel, "Interface %s exists and is not using the "
+ "ovpn DCO driver. Disabling data channel offload",
o->dev);
return false;
}
break;
case -NLE_OBJ_NOTFOUND:
- msg(M_INFO, "%s: netlink reports object not found, ovpn-dco unloaded?", prefix);
+ msg(M_INFO, "%s: netlink reports object not found, ovpn kernel module unloaded?", prefix);
break;
default:
{
if (resolve_ovpn_netlink_id(D_DCO_DEBUG) < 0)
{
- msg(msglevel, "Note: Kernel support for ovpn-dco missing, disabling data channel offload.");
+ msg(msglevel, "Note: Kernel support for ovpn interfaces missing, "
+ "disabling data channel offload. Use Linux 6.16.0 or "
+ "newer with ovpn support or use ovpn-backports for "
+ "interface support.");
return false;
}
projects / thirdparty / openvpn.git / commitdiff
