Table of Contents
About hide.me VPN 
Account 
Connection Help 
Apps & Devices 
Android 
Amazon Fire OS 
iOS 
Linux 
macOS 
Router 
Browsers 
Windows 
Stream sports 
American football 
Athletics 
Baseball 
Basketball 
Fighting 
Cricket 
Cycling 
Football 
Golf 
Motor sports 
Swimming 
Tennis 
Other sports 
Other Issues OpenVPN DCO – Experimental kernel driver on Windows
Last modified: June 22, 2022
Table of Contents
What is OpenVPN DCO and why is it important?
Putting effort in securing your online security is one of the most important things nowadays. The more data encryption you use, the more it slows your computer’s computing speed down. This cannot be leveraged by using more modern and stronger CPU’s indefinitely. This is where OpenVPN DCO comes in to play.
OpenVPN DCO (Data Channel Offload) is an experimental kernel implementation to significantly enhance OpenVPN performance. It does so by running out of kernel space and thus avoids expensive and slow payload transfer between user and kernel space.
What are User and Kernel Spaces?
The kernel is the base layer for all other layers. It is what loads first when you turn on your computer, regardless of the operating system. Hardware is the foundation, followed by the kernel space on top of that and is closed by the user space on top of that. The programs you use are at the very top. The farther you go up from the hardware layer, the slower the programs run. For this reason encrypting data can be a challenge. By doing so, data exchanges between kernel and user space cost processing power. In turn, this creates a bottleneck for OpenVPN speed.
Since OpenVPN is a user-space VPN protocol, encryption overhead and context switches limit its speed. Modern CPU’s have addressed the former, but the latter still needs addressing.
Where does OpenVPN DCO come in?
OpenVPN DCO implements the Linux kernel module to handle the OpenVPN data channel. It no longer sends data traffic between the user and kernel space for routing and encryption/decryption. Operations on payloads take place in the Linux kernel. This optimizes performance and cuts latency and payload transfer cost.
In addition, the encryption is also multi-threaded. Multi-threading splits up tasks or jobs into smaller units and spreads them across different CPU’s. This makes data transfer much faster.
How Much Faster is it?
To get an idea of how much faster OpenVPN DCO is, its developers have tested it in different configurations. Visit this Blog page to see the infographics.
Offloading is really the holy grail of both security and performance because it allows us to embrace industry standard protocols such as SSL/TLS, but by offloading the packet processing to kernel space or hardware, we can push performance to the limits of wire speed.
James Yonan, CTO of OpenVPN
The OpenVPN DCO incorporates the entire OpenVPN data channel into the kernel module while keeping the control channel outside of it. It also continues to use the standard SSL/TLS protocols, including support for TLS 1.3 features.
How Can I Enable OpenVPN DCO?
Launch hide.me app and click on the Settings icon at the bottom.
Now, click on Lab Features on the left and OpenVPN DCO link on the right. Next, enable the related option.
Finally, click on the top left arrow to save the settings.
Note: OpenVPN DCO is currently under heavy development, therefore neither its user space API nor the code itself is considered stable and may change radically over time.
To learn even more about this feature or contribute to its development, visit its GitHub project development page.
OpenVPN DCO implementation is a continuation of our commitment into bleeding edge novelties in data security field. Recently we’ve also incorporated experimental WireGuardNT implementation.
If you have any other concerns that need addressing, contact our Support team directly.
hide.me Support
Open Setup Guides
We have a detailed step-by-step guide which can help you set up a VPN within minutes.
Open Setup Guide