OpenVPN with DCO Documentation
-
I realize that the DCO implementation is still considered "experimental" but since it has been included in the Release version 23.01, is there any documentation or guidance how to deploy a working DCO instance? So far I cannot get anything working with the included OpenVPN package following the older guides but using DCO settings.
This might be a future enhancement when it is more stable? I would love to "experiment" with it, but so far, it seems to be non-functional as shipped in 23.01.
Thanks!
-
It was in 22.05 as well, and improved in 23.01. In many cases all you need to do is check the box and it will work, but that depends on what settings you are using already.
It's covered in the docs already:
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html
-
@jimp I have tried at least a dozen different ways to get DCO to work and I can never get any traffic to flow once I switch the tunnel to DCO. I have tried taking existing tunnels and switch them to DCO, build a new one from scratch and tried DCO on both the client, server and both at the same time. I'm not sure if I am running into the iroute issue or what the problem is, the documentation is all for the non-DCO implementations and doesn't really apply here.
One scenario I am trying to make work is a remote site connects to central hub, central hub has many sites connecting to it and uses DCO with QAT offload. Once the tunnel establishes, no traffic will flow thru the tunnel. I have tried policy based routing and static routes but neither seems to be working.
I even tried setting up a very basic road-warrior VPN setup with no fancy routing at all, and the clients can't even ping across the tunnel to the VPN interface IP.
Scouring the internet for working setups has not net any results so I was wondering if there is any documentation from netgate about how to actually do it "properly".
Thanks!