SoftEther VPN User Forum

SoftEther VPN User Forum
https://forum.softether.org/

It's time to Upgrade OpenVPN to 2.6/2.7 for Performance and Security

https://forum.softether.org/viewtopic.php?f=11&t=69732

Page 1 of 1

It's time to Upgrade OpenVPN to 2.6/2.7 for Performance and Security

Posted: Wed Jul 02, 2025 5:50 am
by evelynice
Dear VPNGate Team,

I request upgrading the default OpenVPN version to at least 2.6, or preferably 2.7, for performance and security improvements.

VPNGate currently uses OpenVPN 2.0 with AES-128-CBC, which is incompatible with DCO (Data Channel Offload). This prevents DCO from being enabled, causing slow speeds—often under 1 Mbps—on high-bandwidth connections. With DCO enabled in OpenVPN 2.6 and later, speeds improve 3-5 times, especially on Windows and Linux platforms.

Additionally, AES-128-CBC is outdated and vulnerable. OpenVPN 2.7 not only supports DCO by default but also integrates stronger ciphers like AES-256-GCM, offering better security and performance. While TAP-Windows6 is available in 2.7, DCO provides a significant performance advantage.

OpenVPN 2.6 and 2.7 also bring improvements such as better network adapter management on Windows and improved stability. Common Linux distributions (Ubuntu, Debian, CentOS, etc.) support these versions, ensuring compatibility across platforms.

Staying with OpenVPN 2.0 is now a performance bottleneck. Upgrading is necessary for better performance, security, and reliability.

Re: It's time to Upgrade OpenVPN to 2.6/2.7 for Performance and Security

Posted: Thu Jul 03, 2025 4:48 am
by solo
SoftEther supports all OpenVPN client versions but requires a minor "data-ciphers" config change, and SE server v5 also supports AES-256-GCM.

As for DCO, check this log of OpenVPN 2.6.10 connecting to SE v5...

Code: Select all

2025-07-03 13:32:04 Note: ovpn-dco-win driver is missing, disabling data channel offload.
2025-07-03 13:32:04 OpenVPN 2.6.10 [git:v2.6.10/ba0f62fb950c56a0] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Mar 20 2024
2025-07-03 13:32:04 Windows version 10.0 (Windows 10 or greater), amd64 executable
2025-07-03 13:32:04 library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
2025-07-03 13:32:04 DCO version: N/A
...
2025-07-03 13:32:07 Using peer cipher 'AES-256-GCM'
...
2025-07-03 13:32:12 Initialization Sequence Completed
2025-07-03 13:32:12 MANAGEMENT: >STATE:1751513532,CONNECTED,SUCCESS,,,
So, Windows' OpenVPN client has no driver for DCO anyway (although it can be fixed).
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/