Hi: Antonio Quartulli <a...@unstable.cc> > > Yes, 2.6.10 requires ovpn-dco-v2.
ok. so I can not downgrade. > wireguard uses chacha20poly1305, therefore it'd be essential to test > with this algorithm in order to make a full comparison. > > Do you have a full log to provide regarding the error "dco_new_key: > netlink reports object not found, ovpn-dco unloaded?" ? yes. I put my hope to chacha20 but it is sad that openvpn crash when connect. I will try to compile openwrt snapshot version with newer kernel to see if there is difference. without dco, chcha20 can run about "31Mbit/28Mbit upload/download speed at the device. dco would at least double the speed I think. the chaha20 connect error message like below: root@OpenWrt:~# openvpn --verb 4 --tls-client --dev tun100 --data-ciphers CHACHA20-POLY1305 --ifconfig 172.31.22.2 172.31.22.1 --cert /tmp/client.crt --key /tmp/client.key --remote 172 .18.1.253 --peer-fingerprint 25:22:D9:1D:9C:2C:69:87:18:0F:E8:47:13:DB:E7:B6:BA:DD:97:69:55:A7:3E:F3:BE:6D:77:3D:F1:DB:E5:FE 2024-04-24 09:02:34 us=251216 Using certificate fingerprint to verify peer (no CA option set). 2024-04-24 09:02:34 us=276861 OpenVPN 2.6.10 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO] 2024-04-24 09:02:34 us=277161 library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10 2024-04-24 09:02:34 us=277612 DCO version: 2.0.0 2024-04-24 09:02:34 us=278286 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2024-04-24 09:02:34 us=313725 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ] 2024-04-24 09:02:34 us=315646 net_iface_new: add tun100 type ovpn-dco 2024-04-24 09:02:34 us=320517 DCO device tun100 opened 2024-04-24 09:02:34 us=321061 do_ifconfig, ipv4=1, ipv6=0 2024-04-24 09:02:34 us=321788 net_iface_mtu_set: mtu 1500 for tun100 2024-04-24 09:02:34 us=323677 net_iface_up: set tun100 up 2024-04-24 09:02:34 us=325645 net_addr_ptp_v4_add: 172.31.22.2 peer 172.31.22.1 dev tun100 2024-04-24 09:02:34 us=327154 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2024-04-24 09:02:34 us=330289 TCP/UDP: Preserving recently used remote address: [AF_INET]172.18.1.253:1194 2024-04-24 09:02:34 us=330810 Socket Buffers: R=[180224->180224] S=[180224->180224] 2024-04-24 09:02:34 us=331505 UDPv4 link local (bound): [AF_INET][undef]:1194 2024-04-24 09:02:34 us=332491 UDPv4 link remote: [AF_INET]172.18.1.253:1194 2024-04-24 09:02:34 us=337756 TLS: Initial packet from [AF_INET]172.18.1.253:1194, sid=266fb55b 137b9c2a 2024-04-24 09:02:34 us=368371 VERIFY OK: depth=0, CN=server 2024-04-24 09:02:34 us=371187 VERIFY OK: depth=0, CN=server 2024-04-24 09:02:34 us=501819 peer info: IV_CIPHERS=CHACHA20-POLY1305 2024-04-24 09:02:34 us=502506 peer info: IV_PROTO=746 2024-04-24 09:02:34 us=503743 P2P mode NCP negotiation result: TLS_export=1, DATA_v2=1, peer-id 12315992, cipher=CHACHA20-POLY1305 2024-04-24 09:02:34 us=504501 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519 2024-04-24 09:02:34 us=505083 [server] Peer Connection Initiated with [AF_INET]172.18.1.253:1194 2024-04-24 09:02:34 us=506083 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2024-04-24 09:02:34 us=507294 TLS: tls_multi_process: initial untrusted session promoted to trusted 2024-04-24 09:02:35 us=676840 Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2024-04-24 09:02:35 us=678505 Outgoing dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key 2024-04-24 09:02:35 us=679264 Outgoing dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication 2024-04-24 09:02:35 us=679901 Incoming dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key 2024-04-24 09:02:35 us=680663 Incoming dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication 2024-04-24 09:02:35 us=741773 dco_new_key: netlink reports object not found, ovpn-dco unloaded? 2024-04-24 09:02:35 us=742534 dco_new_key: failed to send netlink message: No such file or directory (-2) 2024-04-24 09:02:35 us=743093 Impossible to install key material in DCO: No such file or directory 2024-04-24 09:02:35 us=743413 Exiting due to fatal error 2024-04-24 09:02:35 us=743989 Closing DCO interface 2024-04-24 09:02:35 us=744455 net_addr_ptp_v4_del: 172.31.22.2 dev tun100 2024-04-24 09:02:35 us=746278 net_iface_del: delete tun100 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
