Blog

OpenVPN DCO on FreeBSD Presentation at AsiaBSDCon 2023

Written by Doug McIntire | March 27, 2023

Kristof Provost will be presenting his paper on the FreeBSD implementation of OpenVPN Data Channel Offload (DCO) on April 1st, from 14:30 to 15:15, at AsiaBSDCon 2023, occurring from March 30 to April 2, 2023 at the Tokyo University of Science, Tokyo, Japan.

Kristof is an embedded software engineer specializing in networking and video applications. He is a board member of the EuroBSDCon Foundation and he has been working with BSD for over 13 years. He has over 900 commits in the main branch of FreeBSD to his credit, not counting MFCs.

OpenVPN is a widely deployed open source Virtual Private Network (VPN) application used to create secure point-to-point or site-to-site VPN connections for encrypted communications. OpenVPN is a single-threaded process implemented in user space. This implementation makes it difficult to take advantage of multi-core processors and cryptographic offload hardware.

OpenVPN Data Channel Offload (DCO) is an enhancement to OpenVPN which allows for significant performance gains when processing encrypted OpenVPN data by reducing the amount of context switching that happens for each packet. This makes the overall processing of each packet more efficient while also leveraging available hardware encryption offloading support in the kernel. 

The main objective of Kristof’s FreeBSD work on OpenVPN, sponsored by Netgate, is to further increase performance by eliminating context switches and associated copies to/from userspace, and add support for multi-threaded encryption to support even faster performance gains. Kristof’s OpenVPN work on FreeBSD has been incorporated into pfSense® Plus software, which has led to significant performance gains for the OpenVPN implementation on Netgate hardware using Intel® QuickAssist Technology (QAT) or AES-NI (depending on the hardware).

There is much more to this story, but telling it will have to wait until Kristof presents his work and findings at AsiaBSDCon.

If you are attending AsiaBSDCon, be sure to attend Kristof’s presentation on April 1st. On the same day, Brad Davis will also be speaking about the future direction of pfSense software and Kristof will be presenting Leon Dang’s work on Boosting IPsec and VPN performance in pfSense with IIMB. We hope to see you at AsiaBSDCon 2023 in Tokyo.