Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DCO on PFSense CE

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fmroeira86
      last edited by

      Hello,

      Out of curiosity, what's the differences between Plus vs CE in terms of OpenVPN DCO?

      Running a openvpn --version I get this:

      openvpn --version
      OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
      library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
      DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
      Originally developed by James Yonan
      Copyright (C) 2002-2023 OpenVPN Inc sales@openvpn.net
      Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=yes enable_dco_arg=yes enable_debug=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=yes enable_strict_options=no enable_systemd=no enable_unit_tests=no enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no

      So really, what are the differences between those versions?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @fmroeira86
        last edited by

        @fmroeira86 it may be disabled in code? It’s supposed to be Plus only:
        https://docs.netgate.com/pfsense/en/latest/general/plus.html#cryptography-and-vpn-acceleration

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        F 1 Reply Last reply Reply Quote 0
        • F
          fmroeira86 @SteveITS
          last edited by

          @SteveITS sure.

          Question is... What are the differences as It seems CE openvpn server was compiled with DCO

          F 1 Reply Last reply Reply Quote 0
          • F
            fmroeira86 @fmroeira86
            last edited by

            if_ovpn.ko module is not present on CE...

            1 Reply Last reply Reply Quote 0
            • F
              fmroeira86
              last edited by

              I little bump.

              Any technical reason to not include DCO in PFSense CE?

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @fmroeira86
                last edited by

                @fmroeira86

                The second paragraph here :

                OpenVPN Data Channel Offload (DCO)

                Netgate worked with OpenVPN to develop and integrate support for OpenVPN Data Channel Offload (DCO) into FreeBSD and pfSense® Plus software version 22.05 and later.

                So, maybe like Microsoft : there is a home version and Pro.
                Why the difference ? Your guesses are as good as mine ;)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                M 1 Reply Last reply Reply Quote 1
                • M
                  michmoor LAYER 8 Rebel Alliance @Gertjan
                  last edited by

                  @Gertjan
                  Thinking the same. I think the code for DCO is in CE but the keys to build the platform are held by Netgate. You cant compile pfSense yourself.
                  That said, they are probably keeping it as a value add for their business customers hence why its only on Plus.

                  Firewall: NetGate,Palo Alto-VM,Juniper SRX
                  Routing: Juniper, Arista, Cisco
                  Switching: Juniper, Arista, Cisco
                  Wireless: Unifi, Aruba IAP
                  JNCIP,CCNP Enterprise

                  F 1 Reply Last reply Reply Quote 0
                  • F
                    fmroeira86 @michmoor
                    last edited by

                    @michmoor Yep. :)

                    It's a shame.

                    Business customers exist because, somewhere along this path, there were non-business customers who contributed to the project.

                    Stripping CE of this kind of functionality will do nothing more than make people consider other alternative projects.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.