#106 flag to enable openvpn-dco, switch cipher from AES-128-CBC to CHACHA20-POLY1305 (!94) · Merge requests · leap / Container Platform / lilypad

sgk requested to merge feat/openvpn-dco into main Aug 27, 2024

adds a flag to optionally enable openvpn-dco on selected gateway hosts
switch from AES-128-CBC to CHACHA20-POLY1305 since AES-128-CBC is not supported by openvpn-dco

When starting openvpn it will automatically detect DCO support and use the kernel module. Add the option --disable-dco to disable data channel offload support. https://github.com/OpenVPN/openvpn/blob/master/README.dco.md#getting-started-linux

For this to work, we have to upgrade the openvpn container image to install openvpn >=2.6
openvpn!8 (merged)

Edited Aug 29, 2024 by sgk

#106 flag to enable openvpn-dco, switch cipher from AES-128-CBC to CHACHA20-POLY1305