Installing OpenVPN 3 client in Linux
OpenVPN 3 Linux client provides better performance and connection stability over the regular openvpn client. Also, if the client is built with DCO(Data Channel Offload) support then data transfer is a lot faster. For this guide I’ll be using Kali Linux but the same will work for any Debian based Distro.
Note:- For more info on OpenVPN DCO you can refer this link.
Install necessities and create directory structure
apt install g++ make libssl-dev liblz4-dev cmake linux-headers-generic libcap-dev
export O3=~/O3 && mkdir $O3
export DEP_DIR=$O3/deps && mkdir $DEP_DIR
export DL=$O3/dl && mkdir $DLClone the OpenVPN3 repo and build dependencies
cd $O3
git clone https://github.com/OpenVPN/openvpn3.git core
cd core/scripts/linux/
./build-allClone the OpenVPN DCO repo, install deps and build
cd $O3
git clone https://github.com/OpenVPN/ovpn-dco.git
apt install pkg-config libnl-genl-3-dev
cd ovpn-dco
make && make install
modprobe ovpn-dcoCheck if ovpn-dco kernel module is loaded
lsmod | grep dco
modinfo ovpn_dcoBuild OpenVPN3 cli with dco support
cd $O3/core && mkdir build && cd build
cmake -DCLI_OVPNDCO=on ..
cmake --build .Next run the openvpn 3 client
./test/ovpncli/ovpncli file.ovpn --no-dco
To run the client with DCO support we need to adjust the ciphers in our OpenVPN config file. Currently ovpn-dco only supports AES-GCM and CHACHA20POLY1305 ciphers. So, to enable DCO support edit your *.ovpn config file and change the cipher to one of the above. For example I changed
cipher AES-128-CBC
to
cipher AES-128-GCM
Then run the client without the --no-dco flag.
You can further add the client to your PATH and use it directly. Also, during my testing I found the vpn connection to my personal server with DCO mode on was about three times faster. According to OpenVPN Inc. the speed can be further improved to about eight times by implementing dco support on both server and client side. In a future post I’ll write about how to implement dco support in OpenVPN server. Happy Hacking!
