DCO Kernel module allows OpenVPN to offload any data plane management to the Linux kernel, thus allowing it to exploit any Linux low-level API while avoiding expensive and slow payload transfer between kernel space and userspace. This will enhance OpenVPN tunnel overall performance.
To install DCO kernel module, for Ubuntu:
#sudo apt install kmod-ovpn-dco
To enable DCO for an OpenVPN tunnel, in a Linux connector used by OpenVPN Cloud:
#sudo openvpn3 session-manage -c "OpenVPN Cloud" --disconnect
#sudo openvpn3 config-manage --show --config "OpenVPN Cloud" --dco true
#sudo openvpn3 session-start -c "OpenVPN Cloud" --dco true
OpenVPN Session will be disconnected and a new one will be created, with DCO enabled. Right now, it's not possible to make this configuration permanent, but this will be addressed on the next OpenVPN 3 Linux client versions. Meanwhile, a workaround to guarantee OpenVPN client will operate using DCO, even after a reboot, would be to create a /etc/init.d script to enable it during server initialization (out of scope of this article).