Hi All,
I am running Oracle Linux 9.2. I enabled the dsommers/openvpn-release-2.6 and dsommers/openvpn3 repos and installed OpenVPN 2.6.6 and the kmod-ovpn-dco package.
I did my config and the service started fine but I am not seeing the kernel module loaded at all. lsmod doesn't show the module. Is it that I have to compile the module separately. Trying to find some info on that. Am I missing something obvious?
The log file has the error Note: Kernel support for ovpn-dco missing, disabling data channel offload.
Thanks for any help.
DCO on Oracle Linux
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
RemoteOne
- OpenVPN User
- Posts: 34
- Joined: Wed Sep 18, 2019 10:11 am
Re: DCO on Oracle Linux
DSommers has released an new Kernel Mod, and It looks like it is working again. However, Secure Boot has to be turned off for the OpenVPN host to use it as the Kernel mod is not signed.
You need to update the package kmod-ovpn-dco
this should remove the old package and replace it with the new.
Turn off secure boot on your host, and reboot
then
should show something like
Then, restart the OpenVPN service and test
You should see the following references to DCO in your openvpn.log file (at VERB 4)
You need to update the package kmod-ovpn-dco
this should remove the old package and replace it with the new.
Turn off secure boot on your host, and reboot
Code: Select all
modprobe ovpn-dco-v2Code: Select all
lsmod | grep vpnshould show something like
Code: Select all
ovpn_dco_v2 90112 0
ip6_udp_tunnel 16384 1 ovpn_dco_v2
udp_tunnel 24576 1 ovpn_dco_v2
You should see the following references to DCO in your openvpn.log file (at VERB 4)
Code: Select all
2023-10-13 16:10:55 us=954458 OpenVPN 2.6.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-10-13 16:10:55 us=954472 library versions: OpenSSL 1.1.1k FIPS 25 Mar 2021, LZO 2.08
2023-10-13 16:10:55 us=954530 DCO version: copr:0.2.20230426.3.el8
......
2023-10-13 16:10:56 us=2438 net_iface_new: add tun0 type ovpn-dco
2023-10-13 16:10:56 us=3423 DCO device tun0 opened
......
-
RemoteOne
- OpenVPN User
- Posts: 34
- Joined: Wed Sep 18, 2019 10:11 am
Re: DCO on Oracle Linux
Note also, if you have SELINUX enabled, you will need to make a local policy to allow openvpn to use netlink_generic_socket. See the discussion in this thread viewtopic.php?t=35197
-
RemoteOne
- OpenVPN User
- Posts: 34
- Joined: Wed Sep 18, 2019 10:11 am
Re: DCO on Oracle Linux
I have been testing on Rocky 8. Just started on Rocky 9 now and it seems a further tweak will be needed for Selinux on that. Haven't figured out what it is as yet though.