Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-15 16:37:03 +01:00
Code Issues Projects Releases Wiki Activity

feat: add Data Channel Offload (DCO) availability check (#1331)

Browse Source 
- Add detection and logging for OpenVPN Data Channel Offload (DCO)
support during installation
- DCO is a kernel acceleration feature (merged into Linux 6.16) that
improves VPN performance
- Add DCO documentation to README
This commit is contained in:
Stanislas
2025-12-10 18:53:45 +01:00
committed by GitHub
parent 3e46cfb3bd
commit 2ecd4bd6e4
2 changed files with 68 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
openvpn-install.sh
View File

@@ -257,6 +257,42 @@ function openvpnVersionAtLeast() {
return 1
}
# Check if kernel version is at least the specified version
# Usage: kernelVersionAtLeast "6.16"
# Returns 0 if version is >= specified, 1 otherwise
function kernelVersionAtLeast() {
local required_version="$1"
local kernel_version
kernel_version=$(uname -r | cut -d'-' -f1)
if [[ -z "$kernel_version" ]]; then
return 1
fi
if [[ "$(printf '%s\n' "$required_version" "$kernel_version" | sort -V | head -n1)" == "$required_version" ]]; then
return 0
fi
return 1
}
# Check if Data Channel Offload (DCO) is available
# DCO requires: OpenVPN 2.6+, kernel support (Linux 6.16+ or ovpn-dco module)
# Returns 0 if DCO is available, 1 otherwise
function isDCOAvailable() {
# DCO requires OpenVPN 2.6+
if ! openvpnVersionAtLeast "2.6"; then
return 1
fi
# DCO is built into Linux 6.16+, or available via ovpn-dco module
if kernelVersionAtLeast "6.16"; then
return 0
elif lsmod 2>/dev/null | grep -q "^ovpn_dco" || modinfo ovpn-dco &>/dev/null; then
return 0
fi
return 1
}
function installOpenVPNRepo() {
log_info "Setting up official OpenVPN repository..."
@@ -975,6 +1011,18 @@ function installOpenVPN() {
log_info "OpenVPN version supports ChaCha20-Poly1305"
fi
# Check Data Channel Offload (DCO) availability
if isDCOAvailable; then
# Check if configuration is DCO-compatible
if [[ $PROTOCOL == "udp" ]] && [[ $COMPRESSION_ENABLED == "n" ]] && [[ $CIPHER =~ (GCM|CHACHA20-POLY1305) ]]; then
log_info "Data Channel Offload (DCO) is available and will be used for improved performance"
else
log_info "Data Channel Offload (DCO) is available but not enabled (requires UDP, AEAD cipher, no compression)"
fi
else
log_info "Data Channel Offload (DCO) is not available (requires OpenVPN 2.6+ and kernel support)"
fi
# An old version of easy-rsa was available by default in some openvpn packages
if [[ -d /etc/openvpn/easy-rsa/ ]]; then
run_cmd "Removing old Easy-RSA" rm -rf /etc/openvpn/easy-rsa/