OpenVPN / ovpn-dco-win

OpenVPN Data Channel Offload driver for Windows
MIT License
47 stars 22 forks source link

Note: cipher 'none' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload. #73

Closed Drift91 closed 4 months ago

Drift91 commented 4 months ago

Hi, are there any plans to enable DCO for unencrypted connections? I'm currently trying to use OpenVPN to tunnel my 1Gbps connection through my 10Gbps VPS to reduce latency due to my ISP refusing to fix their routing. As such security isn't a concern, only performance; everything requiring security on the connection is generally already encrypted via HTTPS. However the tunnel's bandwidth is being throttled due to my client's CPU usage.

With encryption enabled I get roughly 400 to 750 Mbps and it seems to fluctuate, but without encryption I get 200 to 300 Mbps due to lack of DCO support. My CPU is an i5-9600KF overclocked to 5.0GHz, so I'm honestly surprised that it can't handle 1Gbps of encrypted traffic while the VPS only sits at 50% usage.

Edit: I should probably mention that my client is running Windows 10 Pro 22H2 and the VPS is running a fresh install of Ubuntu Server 24.04 with openvpn-as package version 2.14.0-b90cb316-Ubuntu24 reported by apt.

cron2 commented 4 months ago

AEAD CPU usage is neglible with CPUs supporting AES-NI - as in "compression none" would not be faster. A 5-year-old Xeon could easily saturate a 10G link with AEAD encrypted packets, so your i5-9xxx can do so as well.

Drift91 commented 4 months ago

Not sure what's causing the tunnel to saturate a single core then... Guess I should check the settings on the NIC in Windows. Any ideas?

Drift91 commented 4 months ago

I just realized something, does the Windows IP stack have to process the tunnel and physical NIC separately? Because CPU usage is roughly double that of with no tunnelling, so I guess the tunnel is just another layer being processed by the CPU.

Drift91 commented 4 months ago

Alright, speed seems to have picked back up, might have been my ISP's connection being slow or the test server somehow being overloaded at 4AM. Although I don't like the CPU usage, it's clearly not due to the AES encryption.