openvpn: DCO is unavailable for TCP
rbray89 opened this issue · comments
Spent an unfortunate amount of time trying to enable DCO for a TCP OpenVPN Server in Opnsense.
There either needs to be a prominent note, error log entry, or configuration validation error thrown when trying to use DCO with TCP connections.
Should be easily replicated by trying to use both options and the config is allowed without warnings.
Thank you for creating an issue.
Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.
The easiest option to gain traction is to close this ticket and open a new one using one of our templates.
@rbray89 some of this is unfortunate design of OpenVPN making this choice implied by the daemon, not the user. Couple this with the requirement to pre-create the correct network interface with the correct driver this deliberate design choice falls apart very quickly, but it is what it is. We'll add the relevant validation.
this needs an extra validation indeed, for reference https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features