OpenVPN 3 Linux client provides better performance and connection stability over the regular openvpn client. Also, if the client is built with DCO(Data Channel Offload) support then data transfer is a lot faster. For this guide I’ll be using Kali Linux but the same will work for any Debian based Distro.
Note:- For more info on OpenVPN DCO you can refer this link.
Install necessities and create directory structure
apt install g++ make libssl-dev liblz4-dev cmake linux-headers-genericlibcap-dev
export O3=~/O3 && mkdir $O3
export DEP_DIR=$O3/deps && mkdir $DEP_DIR
export DL=$O3/dl && mkdir $DL
Clone the OpenVPN3 repo and build dependencies
git clone https://github.com/OpenVPN/openvpn3.git core
Clone the OpenVPN DCO repo, install deps and build
cd $O3 git clone https://github.com/OpenVPN/ovpn-dco.git apt install pkg-config libnl-genl-3-dev cd ovpn-dco make && make install modprobe ovpn-dco
Check if ovpn-dco kernel module is loaded
lsmod | grep dco modinfo ovpn_dco
Build OpenVPN3 cli with dco support
cd $O3/core && mkdir build && cd build cmake -DCLI_OVPNDCO=on .. cmake --build .
Next run the openvpn 3 client
./test/ovpncli/ovpncli file.ovpn --no-dco
To run the client with DCO support we need to adjust the ciphers in our OpenVPN config file. Currently ovpn-dco only supports AES-GCM and CHACHA20POLY1305 ciphers. So, to enable DCO support edit your *.ovpn config file and change the cipher to one of the above. For example I changed
Then run the client without the
You can further add the client to your PATH and use it directly. Also, during my testing I found the vpn connection to my personal server with DCO mode on was about three times faster. According to OpenVPN Inc. the speed can be further improved to about eight times by implementing dco support on both server and client side. In a future post I’ll write about how to implement dco support in OpenVPN server. Happy Hacking!