-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/05/11 11:55, Jan Just Keijser wrote:
>> - From a quick brain storm, for --comp-lzo, the only compatible/valid
>> combinations are:
>>
>> Client Server
>> (no --comp-lzo) (no --comp-lzo)
>> --comp-lzo {,adaptive} (*) --comp-lzo {,adaptive}
>> --comp-lzo yes (*) --comp-lzo yes
>> --comp-lzo no (*) --comp-lzo no
>>
>> (*) In these combinations, comp-lzo should be pushable which can change the
>> client setting. If client does not have comp-lzo in its config, it should
>> disconnect from the server if the server pushes --comp-lzo settings, as the
>> wire protocol from the server will be different from what the client
>> expects.
>>
>>
> please remember the reason for this patch: bug
> https://community.openvpn.net/openvpn/ticket/128
>
> if there is a 'comp-lzo' mismatch and the server pushes out 'push "comp-lzo
> yes"' then upon reconnecting it works all of a sudden - this inconsistency
> needs to be addressed one way or the other.
> If we don't want to change the 'comp-lzo' behaviour then at the very least
> this "reconnect-makes-it-work" feature/bug should be fixed in a different
> manner.
Hi Jan,
Yeah, that is the reason why I think a disconnect should happen when the
client is not using comp-lzo (no --comp-lzo defined), while the server
pushes it. This is a misconfiguration to start with. However, when the
client disconnects and stops running, it should give a sensible error
message - to help solve this issue.
Why it "works" with a reconnect, is that the first connect fails because
client config is not using --comp-lzo. But the server managed to get a
- --comp-lzo push through, which then enables it on the client on the next
reconnect. This is actually a the real misbehaviour, and is a bug.
When this bug is fixed, we can consider an "auto-fix feature", where it
will reconnect with '--comp-lzo no' in this kind of situation, without
giving odd errors in the log files. This auto-fix feature should probably
be possible to disable, for those wanting more control over what's happening.
kind regards,
David Sommerseth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3WQjAACgkQDC186MBRfroqZQCeOMiuIGsYgze9omfQpjiL9Zfg
6IQAn1ffLU1b1LV9a5nhmuWCWm4XCoKH
=dILR
-----END PGP SIGNATURE-----
