Have you compared performance between using openvpn-mbedtls and openvpn-openssl?
No, I had some problem building my firmware with openvpn-openssl (something related to dco kernel module, I think) then changed to openvpn-mbedtls with no issues.
I am running OpenWRT 25.12.4, OpenVPN 2.7.4 with DCO and getting around 3 Mbps in both directions. If I disable DCO, my speeds immediately reach 60 Mbps. Am I the only one with this problem?
AFAIK DCO does not support fix-mss. Try to lower the MSS for the connections inside the tunnel, this may (or may not) help.
I have already set tun-mtu=1400. It does not change much.
Hi,
After upgrading my ER605v2 to new kernel 6.18 I noticed chachapoly cipher is not working.
Some info about:
Kernel Log:
[ 197.356648] encrypt crypto_alloc_aead failed, err=-2
[ 197.435298] tun0: deleting peer with id 0, reason 0
Kernel 6.18.xx
root@ER605v2:/etc/config# uname -a
Linux ER605v2 6.18.34 #0 SMP Wed Jun 3 22:47:20 2026 mips GNU/Linux
OpenVPN info
root@ER605v2:/etc/config# openvpn --version
OpenVPN 2.7.4 mipsel-openwrt-linux-gnu [SSL (mbed TLS)] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
library versions: mbed TLS 3.6.6
DCO version: 6.18.34 #0 SMP Wed Jun 3 22:47:20 2026
Originally developed by James Yonan
Copyright (C) 2002-2026 OpenVPN Inc <sales@openvpn.net>
Chachapoly kernel modules are installed
root@ER605v2:~# apk info | grep -i chacha
kmod-crypto-chacha20poly1305
kmod-crypto-lib-chacha20
Same config as previous Kernel 6.12.xx, no changes in config files.
With AES-GCM tunnel is working as usual.. the issue is only affecting chachapoly after kernel upgrade.
Anyone in the same way?
Thanks,
Try with openvpn-openssl instead of openvpn-mbedtls