* David Sommerseth <open...@sf.lists.topphemmelig.net>:
> On 16/11/17 09:42, Илья Шипицин wrote:
> >
> > just "compression" is somewhat not clearly covered by documentation. is
> > it "stub" ? or is it "enable both lzo and lz4" ?
>
> My man page says:
>
> --compress [algorithm]
> [...snip...]
>
> If the algorithm parameter is empty, com‐
> pression will be turned off, but the packet
> framing for compression will still be
> enabled, allowing a different setting to be
> pushed later.
>
> If this is not clear enough, how could we improve that?
>
> But JJK is most likely right that lzo and lz4 cannot be mixed between
> clients. But you can have some clients which gets a 'push "compress
> $ALGORITHM", where $ALGORITHM is either lzo or lz4 [1].
>
> Code wise, --comp-lzo yes is the same as --compress lzo.
> And --comp-lzo no is the same as just --compress. But --compress is the
> only one allowing different compression algorithms.
>
>
> [1] Valid values are actually: stub, stub-v2, lzo, lz4, lz4-v2 - but the
> various differences seems poorly documented outside the source code.
I tried implementing this; my server config uses:
compress lzo
which is backwards compatible to all my clients which use "comp-lzo".
This works fine.
Now I tried pushing individual compression algorithms to clients,
testing with my own account:
if (defined $ENV{'IV_LZ4'} && ($username eq "hildeb") ) {
$logger->info("$username LZ4 available");
push @outline, 'push "compress lz4"';
and that results a major FUBAR:
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 SENT CONTROL [hildeb]:
'PUSH_REPLY,dhcp-option DNS 141.42.1.1,dhcp-option DOMAIN
charite.de,sndbuf 393216,rcvbuf 393216,route-gateway 172.29.0.1,topology
subnet,ping 10,ping-restart 30,route 10.28.0.0
255.254.0.0,route 10.32.0.0 255.224.0.0,route 172.16.0.0 255.254.0.0,route
192.168.192.0 255.255.192.0,route 141.42.0.0
255.255.0.0,route 193.175.72.0 255.255.255.0,route 193.175.74.0
255.255.254.0,route 194.94.4.0 255.255.254.0,compress lz4,ifconfig
172.29.0.91 255.255.192.0,peer-id 124,cipher AES-256-GCM' (status=1)
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Data Channel: using
negotiated cipher 'AES-256-GCM'
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Outgoing Data Channel:
Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Incoming Data Channel:
Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 17 13:42:01 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:02 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
I'm using openvpn for mac (2.4.4)...
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.de Campus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
