| 37 | | A similar kernel module has also been developed for Windows, namely ''ovpn-dco-win''. |
| 38 | | It is a device driver implemented in kernelspace that substitutes all previous drivers used by OpenVPN (i.e. |
| | 41 | A kernel module has also been developed for Windows, namely ''ovpn-dco-win''. |
| | 42 | It is a device driver implemented in kernelspace that substitutes all previous drivers used by OpenVPN (i.e. tap-windows6, wintun, etc..). Differently from the other drivers, ovpn-dco-win uses the Windows Kernel API to also implement crypto operations, thus allowing to process data packets entirely in kernelspace, similarly to ovpn-dco for Linux. |
| | 43 | The main limitation of ovpn-dco-win is that it only supports client/p2p mode, while server mode is not available. This decision was made due to the fact that there is less and less demand for running OpenVPN server on Windows. |
| | 44 | |
| | 45 | The ovpn-dco-win source code is currently available at the following repository: https://github.com/OpenVPN/ovpn-dco-win |
| | 46 | |
| | 47 | === Expected limitations |
| | 48 | Not all functionalities available in OpenVPN have been implemented in ovpn-dco(-win). The reasons for this decision are mainly: |
| | 49 | 1. avoid unneeded complexity in a critical component like a kernel module; |
| | 50 | 1. take the chance to give a clear cut with legacy features that OpenVPN has carried around for a while. |
| | 51 | |
| | 52 | In particular, this is a list (mayb not be complete) of features that are **not** available when using ovpn-dco: |
| | 53 | * ciphers other than AES-GCM and CHACHA20-POLY1305 (the latter is not yet available in ovpn-dco-win); |
| | 54 | * compression or compression framing; |
| | 55 | * fragmentation; |
| | 56 | * TAP/Ethernet mode; |
| | 57 | * topologies other than ''subnet''; |
| | 58 | * no traffic shaping or any other sort of data packets manipulation (system tools should be used when available). |
| | 59 | |
| | 60 | === Some experiments |
| | 61 | |
| | 62 | ... |
