Re: [Openvpn-users] migrating from lzo to lz4

[Jan Just Keijser]

On 16/11/17 11:45, Ralf Hildebrandt wrote:

* Jan Just Keijser <janj...@nikhef.nl>:

yes, pretty much: all clients that have 'comp-lzo' in the client config and
that support LZ4 can be told to use LZ4 compression by adding
   push "compress lz4"
in the server config.

I have a mix of Windows (openvpn 2.3 and 2.4)
and Mac (openvpn 2.3 only, I wonder why TunnelBlick shuns 2.4?) clients
out in the field.

So you say, I can simply

push "compress lz4"

to all client (?) and then

a) either the client will accept and use lz4 (2.4 I guess)
b) or the client will fail, ignore the push and use lzo instead?

then I'd put "comp-lzo yes" on all clients (2.3 clients don't recognize 
"compress").

"push-peer-info" will tell you whether a client supports LZ4 or not.

How do I use that?

This makes a very nice example for a future cookbook :)
You'd use OpenVPN 2.4+ on the server with a client-connect script like this:
====
#!/bin/bash

env | grep IV_

if [ "${IV_LZ4:-0}" -eq 1 ]
then
    echo "Enabling LZ4 compression for client $common_name"
    echo "compress lz4" > $1
    echo "push \"compress lz4\"" >> $1
else
    echo "Enabling LZO compression for client $common_name"
    echo "comp-lzo" >> $1
    echo "push \"comp-lzo\"" >> $1
fi

====

my server log file shows:

Thu Nov 16 13:53:58 2017 192.168.0.49:55089 [client2] Peer Connection Initiated 
with [AF_INET]192.168.0.49:55089
Thu Nov 16 13:53:58 2017 client2/192.168.0.49:55089 MULTI_sva: pool returned 
IPv4=10.200.0.2, IPv6=2001:610:120::200:0:1001
IV_COMP_STUBv2=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_LZ4=1
IV_PLAT=linux
IV_PROTO=2
IV_LZO=1
IV_TCPNL=1
IV_NCP=2
IV_VER=2.4.4
Enabling LZ4 compression for client client2
Thu Nov 16 13:54:04 2017 192.168.0.180:43459 peer info: IV_VER=2.3.7
Thu Nov 16 13:54:04 2017 192.168.0.180:43459 peer info: IV_PLAT=linux
Thu Nov 16 13:54:04 2017 192.168.0.180:43459 peer info: IV_PROTO=2
Thu Nov 16 13:54:04 2017 192.168.0.180:43459 [client1] Peer Connection 
Initiated with [AF_INET]192.168.0.180:43459
Thu Nov 16 13:54:04 2017 client1/192.168.0.180:43459 MULTI_sva: pool returned 
IPv4=10.200.0.3, IPv6=2001:610:120::200:0:1002
IV_PLAT=linux
IV_PROTO=2
IV_VER=2.3.7
Enabling LZO compression for client client1


and yes, the server is able to simultaneously use LZO for client1 and LZ4 for 
client2.

HTH,

JJK


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users