Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to correctly use DCO mode configuration

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • yon 0Y
      yon 0
      last edited by

      now i using local pf23.01-BETA system and remote using ubuntu 22.10 openvpn 2.6 with dco kernel.
      I can't find complete help documentation on configuring with DCO.
      Not sure what is the correct configuration.

      this pfsense openvpn log:

      Jan 29 09:47:03	openvpn	42716	SIGUSR1[soft,process-push-msg-failed] received, process restarting
Jan 29 09:47:03	openvpn	42716	Failed to open tun/tap interface
Jan 29 09:47:03	openvpn	42716	ERROR: Failed to apply push options
Jan 29 09:47:03	openvpn	42716	OPTIONS ERROR: pushed options are incompatible with data channel offload. Use --disable-dco to connect to this server
Jan 29 09:47:03	openvpn	42716	OPTIONS IMPORT: Server did not request DATA_V2 packet format required for data channel offload
Jan 29 09:47:01	openvpn	42716	[tv189.com] Peer Connection Initiated with [AF_INET]188.156.188.65:51756
Jan 29 09:47:01	openvpn	42716	WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 10.18.3.2 10.18.3.1'
Jan 29 09:47:01	openvpn	42716	WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1451'
Jan 29 09:47:01	openvpn	42716	peer info: IV_PROTO=106
Jan 29 09:47:01	openvpn	42716	peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Jan 29 09:47:01	openvpn	42716	UDPv4 link remote: [AF_INET]188.156.188.65:51756
Jan 29 09:47:01	openvpn	42716	UDPv4 link local (bound): [AF_INET]10.78.252.35:0
Jan 29 09:47:01	openvpn	42716	TCP/UDP: Preserving recently used remote address: [AF_INET]188.156.188.65:51756
Jan 29 09:47:01	openvpn	42716	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      yon 0Y 1 Reply Last reply Reply Quote 0
      • yon 0Y
        yon 0 @yon 0
        last edited by

        i want to use openvpn for p2p bgp tunnel. so use p2p mode.

        this is remote ubuntu openvpn config:

        mode p2p
local 188.156.188.65
port 51756
proto udp4
dev-type tun
dev usvpn
link-mtu 1500
ecdh-curve ED448
tls-server
remote-cert-tls client
ca ca.crt
cert server.crt
key server.key
float
dh none
auth SHA3-256
tls-crypt ta.key
ifconfig 10.18.3.1 10.18.3.2
ifconfig-ipv6 2a0c:2406:513:b::2/124 2a0c:2406:513:b::3
auth-nocache
keepalive 30 120
pull-filter ignore peer-id
ping-timer-rem
cipher AES-256-GCM
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
max-clients 100
mute 20
tls-version-min 1.3
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.