diff --git a/changelogs/fragments/224_add_dco_for_plus_versions.yml b/changelogs/fragments/224_add_dco_for_plus_versions.yml
new file mode 100644
index 00000000..cdda7419
--- /dev/null
+++ b/changelogs/fragments/224_add_dco_for_plus_versions.yml
@@ -0,0 +1,3 @@
+minor_changes:
+  - pfsense_openvpn_server - add ``dco`` parameter (https://github.com/pfsensible/core/pull/224).
+  - improve pfsense.is_ce_version to better support CE and Plus comparison
diff --git a/plugins/module_utils/openvpn_server.py b/plugins/module_utils/openvpn_server.py
index 20011efb..7f9989b4 100644
--- a/plugins/module_utils/openvpn_server.py
+++ b/plugins/module_utils/openvpn_server.py
@@ -15,6 +15,7 @@
 OPENVPN_SERVER_ARGUMENT_SPEC = dict(
     name=dict(required=True, type='str'),
     mode=dict(type='str', choices=['p2p_tls', 'p2p_shared_key', 'server_tls', 'server_tls_user', 'server_user']),
+    dco=dict(default=False, required=False, type='bool'),
     authmode=dict(default=list(), required=False, type='list', elements='str'),
     state=dict(default='present', choices=['present', 'absent']),
     custom_options=dict(default=None, required=False, type='str'),
@@ -213,6 +214,17 @@ def _params_to_obj(self):
             if self.params['mode'] == 'p2p_shared_key':
                 obj['shared_key'] = self.params['shared_key']
 
+            if self.params['dco']:
+                if not self.pfsense.is_ce_version():
+                    self._get_ansible_param_bool(obj, 'dco', force=True, value='enabled', value_false='disabled')
+                    # these are requirements for DCO
+                    obj['allow_compression'] = 'no'
+                    obj['data_ciphers_fallback'] = 'AES-256-GCM'
+                    obj.pop('compression')
+                    obj.pop('compression_push')
+                else:
+                    self.module.warn("DCO option specified but not supported on CE versions, ignoring...")
+
         return obj
 
     def _validate_params(self):
diff --git a/plugins/module_utils/pfsense.py b/plugins/module_utils/pfsense.py
index 339d7f4f..191817e4 100644
--- a/plugins/module_utils/pfsense.py
+++ b/plugins/module_utils/pfsense.py
@@ -744,9 +744,13 @@ def get_version():
         return version
 
     @staticmethod
-    def is_ce_version(version):
+    def is_ce_version(version=None):
         """ return True if version is a CE version (for now, we only have 2.x patterns) """
-        return version[0] == 2
+        if isinstance(version, list):
+            return version[0] == 2
+        if version is None:
+            version = PFSenseModule.get_version()
+        return len(version.split('.')[0]) == 1
 
     def is_version(self, version, or_more=True):
         """ check target pfSense version """
diff --git a/plugins/modules/pfsense_openvpn_server.py b/plugins/modules/pfsense_openvpn_server.py
index badcff8f..f0e7e7be 100644
--- a/plugins/modules/pfsense_openvpn_server.py
+++ b/plugins/modules/pfsense_openvpn_server.py
@@ -29,6 +29,12 @@
     description: The server mode.
     choices: ["p2p_tls", "p2p_shared_key", "server_tls", "server_tls_user", "server_user"]
     type: str
+  dco:
+    description: Enable Data Channel Offload (Supported on Plus versions only)
+    default: false
+    required: false
+    type: bool
+    version_added: 0.7.1
   authmode:
     description:
       - Authentication servers. Required if mode == server_tls_user.