Date: 2023-05-20
Time: 09:30–10:15
Room: DMS 1110
Level: Intermediate
if_ovpn is the FreeBSD implementation of OpenVPN's Data Channel Offload (DCO) technology. DCO moves the OpenVPN data path into the kernel. This not only avoids the overhead of the traditional if_tun approach where data must be copied in and out of the kernel for every packet, but also the limitations imposed by the single threaded nature of the user space daemon. Finally, it allows OpenVPN to take advantage of cryptography offload hardware such as Intel's QAT.
if_ovpn will be part of FreeBSD 14.0. The upcoming OpenVPN 2.6.0 release is the first to support DCO, for Linux, FreeBSD and Windows.
This talk will present implementation details as well as performance results.
The following slides have been made available for this session: