Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Server dco

    OpenVPN
    3
    5
    130
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Asulu
      last edited by

      Hey, im currently setup a new OpenVPN Server in PFsense 23.09.1-RELEASE.

      OpenVPN Version:

      OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
      library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
      DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 plus-RELENG_23_09_1-n256200-3de1e293f3a: Wed Dec 6 21:00:32 UTC 2023

      OpenVPN Server:
      Mode: Remote Access ( User Auth )
      Data Ciphers: AES-256-GCM
      X Enable Data Channel Offload (DCO) for this instance

      I try to connect with the latest OpenVPN Connect Client, it doesnt look like its using dco?
      [Feb 13, 2025, 10:33:18] Connected via TUN_WIN
      ⏎[Feb 13, 2025, 10:33:18] EVENT: CONNECTED user@ip:1194 (ip) via /UDP on TUN_WIN/10.203.0.2/ gw=[10.203.0.1/] mtu=

      There is a hidden button in the OpenVPN Connect Client > Settings > Advanced Settings > Enable DCO.
      So for my understanding i need to toggle this, but if i do so i get the following error:

      f4ede422-8f0b-40dd-8ac6-3110a99f7e8b-image.png

      Am i misunderstanding something?

      Thank you!

      GertjanG K 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @Asulu
        last edited by Gertjan

        @Asulu said in OpenVPN Server dco:

        Am i misunderstanding something?

        in PFsense 23.09.1-RELEASE

        Or, 24.11 was released months ago.
        There were bug fixes ^^

        6f60da1b-e892-4625-8831-ed7acaef1bdc-image.png

        edit : I'm using the latest App 3.5.1 (Apple) and can find the

        There is a hidden button in the OpenVPN Connect Client > Settings > Advanced Settings > Enable DCO.

        so its really hidden ?

        I do have set :

        89179309-92b7-4c10-bd16-cb7abcb4f091-image.png

        on the server side.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        A 1 Reply Last reply Reply Quote 0
        • K
          kprovost @Asulu
          last edited by

          @Asulu Aside from the obvious (don't run old software for your firewall) it's also important to understand that DCO is not a protocol modification. That is, to the client it doesn't matter if the server is running DCO or not.

          This looks like a client configuration issue entirely unrelated to the server. The client software seems to say that it's configured to use an encryption algorithm that is not compatible with DCO (DCO will only work with AES-GCM or ChaCha). Check what alternate algorithms you have configured and remove anything that's not AES-GCM or ChaCha.

          1 Reply Last reply Reply Quote 0
          • A
            Asulu
            last edited by Asulu

            First i need to update :D
            The only encryption algo i use is AES-256-GCM,

            Thanks for your help,

            1 Reply Last reply Reply Quote 0
            • A
              Asulu @Gertjan
              last edited by

              @Gertjan said in OpenVPN Server dco:

              so its really hidden ?

              i checked this. only in my windows connect app:

              433cb667-86dd-4934-aee9-06dfb0bed48f-image.png

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.