plaisthos has uploaded a new patch set (#2). ( http://gerrit.openvpn.net/c/openvpn/+/1550?usp=email )
Change subject: Try to emphasise the transition from old ovpn-dco to new ovpn module ...................................................................... Try to emphasise the transition from old ovpn-dco to new ovpn module This tries to ensure that the difference between the old and new module is clearer. Also removed a duplicate section about --disable-dco from the manual page. This also changes one instance of ovpn-dco to ovpn that is probably a bug when reusing a tun device. Change-Id: Iff9f6811fdf553f59f2afee0072d7bf90133d328 Signed-off-by: Arne Schwabe <[email protected]> --- M Changes.rst M configure.ac M doc/man-sections/advanced-options.rst M doc/man-sections/generic-options.rst M src/openvpn/dco.c M src/openvpn/dco_linux.c 6 files changed, 15 insertions(+), 18 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/50/1550/2 diff --git a/Changes.rst b/Changes.rst index 36af4e7..9c80ee8 100644 --- a/Changes.rst +++ b/Changes.rst @@ -55,10 +55,11 @@ Support for new version of Linux DCO module OpenVPN DCO module is moving upstream and being merged into the - main Linux kernel. For this process some API changes were required. + main Linux kernel in 6.16. For this process some API changes were required. OpenVPN 2.7 will only support the new API. The new module is called - ``ovpn``. Out-of-tree builds for older kernels are available. Please - see the release announcements for futher information. + ``ovpn``. Out-of-tree builds for older kernels are available from + https://github.com/OpenVPN/ovpn-backports. Please + see the release announcements for further information. Support for server mode in win-dco driver On Windows the win-dco driver can now be used in server setups. diff --git a/configure.ac b/configure.ac index e151816..57f1bd6 100644 --- a/configure.ac +++ b/configure.ac @@ -731,7 +731,7 @@ OPTIONAL_LIBNL_GENL_LIBS="${LIBNL_GENL_LIBS}" AC_DEFINE(ENABLE_DCO, 1, [Enable shared data channel offload]) - AC_MSG_NOTICE([Enabled ovpn-dco support for Linux]) + AC_MSG_NOTICE([Enabled ovpn-dco (via ovpn kernel module) support for Linux]) fi ;; *-*-freebsd*) diff --git a/doc/man-sections/advanced-options.rst b/doc/man-sections/advanced-options.rst index e1115e4..e50c578 100644 --- a/doc/man-sections/advanced-options.rst +++ b/doc/man-sections/advanced-options.rst @@ -102,7 +102,9 @@ Data channel offload currently requires data-ciphers to only contain AEAD ciphers (AES-GCM and Chacha20-Poly1305) and Linux with the - ovpn-dco module. + ovpn module. The ovpn module is integrated into the Linux kernel + since 6.16 or available as backport from + https://github.com/OpenVPN/ovpn-backports. Note that some options have no effect or cannot be used when DCO mode is enabled. diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst index f46dfec..81e375d 100644 --- a/doc/man-sections/generic-options.rst +++ b/doc/man-sections/generic-options.rst @@ -178,15 +178,6 @@ on console) and ``--auth-nocache`` will fail as soon as key renegotiation (and reauthentication) occurs. ---disable-dco - Disable "data channel offload" (DCO). - - On Linux don't use the ovpn-dco device driver, but rather rely on the - legacy tun module. - - You may want to use this option if your server needs to allow clients - older than version 2.4 to connect. - --disable-occ **DEPRECATED** Disable "options consistency check" (OCC) in configurations that do not use TLS. diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 26b8645..a696d7a 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -376,9 +376,10 @@ * don't need to have the net_ctx percolate all the way here */ int ret = net_iface_type(NULL, o->dev, iftype); - if ((ret == 0) && (strcmp(iftype, "ovpn-dco") != 0)) + if ((ret == 0) && (strcmp(iftype, "ovpn") != 0)) { - msg(msglevel, "Interface %s exists and is non-DCO. Disabling data channel offload", + msg(msglevel, "Interface %s exists and its not using " + "ovpn DCO driver. Disabling data channel offload", o->dev); return false; } diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 3ad8b90..96ce643 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -159,7 +159,7 @@ break; case -NLE_OBJ_NOTFOUND: - msg(M_INFO, "%s: netlink reports object not found, ovpn-dco unloaded?", prefix); + msg(M_INFO, "%s: netlink reports object not found, ovpn kernel module unloaded?", prefix); break; default: @@ -1239,7 +1239,9 @@ { if (resolve_ovpn_netlink_id(D_DCO_DEBUG) < 0) { - msg(msglevel, "Note: Kernel support for ovpn-dco missing, disabling data channel offload."); + msg(msglevel, "Note: Kernel support for ovpn missing, disabling data " + "channel offload. Use a 6.16.0 kernel with ovpn or use" + "ovpn-backports to enable data channel offload."); return false; } -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1550?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Iff9f6811fdf553f59f2afee0072d7bf90133d328 Gerrit-Change-Number: 1550 Gerrit-PatchSet: 2 Gerrit-Owner: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
