Installing OpenVPN 3 client in Linux

OpenVPN 3 Linux client provides better performance and connection stability over the regular openvpn client. Also, if the client is built with DCO(Data Channel Offload) support then data transfer is a lot faster. For this guide I’ll be using Kali Linux but the same will work for any Debian based Distro.

Note:- For more info on OpenVPN DCO you can refer this link.

Install necessities and create directory structure

apt install g++ make libssl-dev liblz4-dev cmake linux-headers-generic libcap-dev 
export O3=~/O3 && mkdir $O3
export DEP_DIR=$O3/deps && mkdir $DEP_DIR
export DL=$O3/dl && mkdir $DL

Clone the OpenVPN3 repo and build dependencies

cd $O3
git clone https://github.com/OpenVPN/openvpn3.git core
cd core/scripts/linux/
./build-all

Clone the OpenVPN DCO repo, install deps and build

cd $O3

git clone https://github.com/OpenVPN/ovpn-dco.git

apt install pkg-config libnl-genl-3-dev

cd ovpn-dco

make && make install

modprobe ovpn-dco

Check if ovpn-dco kernel module is loaded

lsmod | grep dco

modinfo ovpn_dco

Build OpenVPN3 cli with dco support

cd $O3/core && mkdir build && cd build

cmake -DCLI_OVPNDCO=on ..

cmake --build .

Next run the openvpn 3 client

./test/ovpncli/ovpncli file.ovpn --no-dco
running the client without dco support
successful connection without dco support

To run the client with DCO support we need to adjust the ciphers in our OpenVPN config file. Currently ovpn-dco only supports AES-GCM and CHACHA20POLY1305 ciphers. So, to enable DCO support edit your *.ovpn config file and change the cipher to one of the above. For example I changed

cipher AES-128-CBC

to

cipher AES-128-GCM

Then run the client without the --no-dco flag.

connecting with dco mode
OpenVPN3 dco

You can further add the client to your PATH and use it directly. Also, during my testing I found the vpn connection to my personal server with DCO mode on was about three times faster. According to OpenVPN Inc. the speed can be further improved to about eight times by implementing dco support on both server and client side. In a future post I’ll write about how to implement dco support in OpenVPN server. Happy Hacking!

Leave a Reply

Your email address will not be published. Required fields are marked *