You've successfully subscribed to Nuvotex Blog
Great! Next, complete checkout for full access to Nuvotex Blog
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

openvpn 2.6.0 released

The new openvpn 2.6.0 has some very nice and shiny features you might want to starting using soon. This post highlights some of them.

Daniel Nachtrub
Daniel Nachtrub

Within the last few days the 2.6.0 version of openvpn has been released - and it has some very nice features I'll highlight in this post.

Data Channel Offload (DCO)

The most big one is data channel offload which - based on a newer data framing - can run the data channel of openvpn in kernel processing of packets. This means less or even no more context switching for data packets! While it will still take a while for this to be adapted on the field, it's (in my opinion) a very huge deal as we can improve throughput by far using DCO.

Besides the reduction of context switches DCO also has the ability to use multi-threading (related to the ciphers used) - this again speeds up processing of data.

So, if you have throughput or latency sensitive workloads, make sure to check out DCO!

On windows, make sure to enable DCO when running the installer:

I've written shortly about this in the past here:

openvpn data channel offload
openvpn is working on offloading the data channel to kernel space. This is improving throughput by an order of magnitude according tests.

Faster connection setup

Starting with wintun you have already been blessed with incredible fast connection setup. openvpn 2.6 drives this even further and has some improved negotiation for even faster connection setup.

openvpn 2.5 - using wintun
Starting with release 2.5 openvpn added support for wintun interfaces. To enable utilization of wintun interfaces, you need to make some adjustments.

Windows pre-logon access provider

Did you ever have the issue to require vpn connectivity at logon phase on windows? Finally openvpn GUI has some pre-logon provider that can integrate with windows and allows you to connect to VPN prior windows logon - this will come handy on your next password expiration or initial logon, unless you're maybe using some nice auto-logon VPN with openvpn service.

Make sure to check the feature when going through the setup:

The auto-logon vpn is very nice if you combine it with TPM based certificates:

Create a TPM backed certificate request (on windows)
Certificates are everywhere - sometimes you want to keep them even more secure than just on the filesystem (or operating system store). This guide shows how to create TPM backed certificates on windows.

And much more

Besides these three features, openvpn has received a lot of work. Check out the full changes here:


Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.