Can someone explain why OpenVPN has two daemons listening by default?
The documentation says this is happening:
openvpn runs 2 daemons by default
- 1 for UDP on port 1194
- 1 for TCP on port 443
This makes no sense to me. If one instance can run only one at a time, why is the default to listen on both? Do you have any idea why? Is it because it’s prepared to do one or the other “out-of-the-box” so you don’t have to configure anything?
Thanks,
Reid K.
Why does OpenVPN have two daemons listening by default?
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Jun 29, 2022 8:07 pm
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Why does OpenVPN have two daemons listening by default?
Hi Reid,
By default Access Server will have one daemon per listening protocol per CPU core. And by default it will listen on both TCP and UDP.
The reason for this: the VPN daemon "openvpn-openssl" is basically the same as the open source openvpn(8) software, and any instance can only do one protocol for the tunnel.
The reason for one per CPU core: the software prior to the 2.6.x release in January was single-threaded. 2.6 introduced a DCO (data channel offload) feature where the bulk of the work in the VPN tunnel (encryption and decryption of tunnel traffic) is offloaded to kernel space, via a kernel module. Openvpn 2.6 is still single threaded, but the data channel will be managed by the kernel, distributed among CPU cores according to load.
DCO is still in beta in Access Server.
Regards, rob0
By default Access Server will have one daemon per listening protocol per CPU core. And by default it will listen on both TCP and UDP.
The reason for this: the VPN daemon "openvpn-openssl" is basically the same as the open source openvpn(8) software, and any instance can only do one protocol for the tunnel.
The reason for one per CPU core: the software prior to the 2.6.x release in January was single-threaded. 2.6 introduced a DCO (data channel offload) feature where the bulk of the work in the VPN tunnel (encryption and decryption of tunnel traffic) is offloaded to kernel space, via a kernel module. Openvpn 2.6 is still single threaded, but the data channel will be managed by the kernel, distributed among CPU cores according to load.
DCO is still in beta in Access Server.
Regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support