Re: [Openvpn-devel] [PATCH] Configurable installation directories
On 24/09/2024 15:26, Petr Portnov wrote: Hi there! Continuing the packaging of the latest OpenVPN-linux for NixOS, I would like to propose the following addition to the build system. What it does is it allows you to customize the installation paths for DBus and systemd services and adds the option to disable the generation of `openvpn3_statedir / 'configs'` directory (which is not always desired, e.g. when the OS takes this responsibility). That's again, Petr! I'm going to pull this into the coming v24 release. I'll keep you posted on the progress here. Your changes makes sense, so I don't expect any issues here. Going to test it a bit first, though. -- kind regards, David Sommerseth OpenVPN Inc ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [L] Change in openvpn[master]: Remove support for compression on send
Attention is currently required from: flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/755?usp=email ) Change subject: Remove support for compression on send .. Patch Set 5: Code-Review+2 -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/755?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I402ba016b75cfcfec4fc8b2b01cc4eca7e2bcc60 Gerrit-Change-Number: 755 Gerrit-PatchSet: 5 Gerrit-Owner: flichtenheld Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: flichtenheld Gerrit-Comment-Date: Mon, 30 Sep 2024 08:43:54 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [M] Change in openvpn[master]: pass link_socket object to i/o functions
Attention is currently required from: its_Giaan, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/758?usp=email ) Change subject: pass link_socket object to i/o functions .. Patch Set 1: (1 comment) File src/openvpn/forward.h: http://gerrit.openvpn.net/c/openvpn/+/758/comment/bd7de7d5_c8dd6740 : PS1, Line 75: void process_io(struct context *ci, struct link_socket *ls); Stray "i" -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/758?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I8eae2d3356bbcc5d632eeb4fbe80de8009d9b40d Gerrit-Change-Number: 758 Gerrit-PatchSet: 1 Gerrit-Owner: its_Giaan Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: ordex Gerrit-Reviewer: plaisthos Gerrit-CC: openvpn-devel Gerrit-Attention: plaisthos Gerrit-Attention: its_Giaan Gerrit-Comment-Date: Mon, 30 Sep 2024 09:58:46 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH v5] Remove support for compression on send
We can't disable compression support on receive because
that would break too many configurations out there. But
we can remove the support for compressing outgoing traffic,
it was disabled by default anyway.
Makes "--allow-compression yes" an alias for
"--allow-compression asym" and removes all resulting dead code.
Change-Id: I402ba016b75cfcfec4fc8b2b01cc4eca7e2bcc60
Signed-off-by: Frank Lichtenheld
Acked-by: Arne Schwabe
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/755
This mail reflects revision 5 of this Change.
Acked-by according to Gerrit (reflected above):
Arne Schwabe
diff --git a/Changes.rst b/Changes.rst
index 439352a..b9287ce 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -46,6 +46,12 @@
Support for building with OpenSSL 1.0.2 has been removed. The minimum
supported OpenSSL version is now 1.1.0.
+Compression on send
+OpenVPN 2.7 will never compress data before sending. Decompression of
+received data is still supported.
+``--allow-compression yes`` is now an alias for
+``--allow-compression asym``.
+
Overview of changes in 2.6
==
diff --git a/doc/man-sections/protocol-options.rst
b/doc/man-sections/protocol-options.rst
index 8b061d2..b78ce6d 100644
--- a/doc/man-sections/protocol-options.rst
+++ b/doc/man-sections/protocol-options.rst
@@ -30,7 +30,9 @@
framing (stub).
:code:`yes`
- OpenVPN will send and receive compressed packets.
+ **DEPRECATED** This option is an alias for :code:`asym`. Previously
+ it did enable compression for uplink packets, but OpenVPN never
+ compresses uplink packets now.
--auth alg
Authenticate data channel packets and (if enabled) ``tls-auth`` control
@@ -135,48 +137,26 @@
entirely sure that the above does not apply to your traffic, you are
advised to *not* enable compression.
+ For this reason compression support was removed from current versions
+ of OpenVPN. It will still decompress compressed packets received via
+ a VPN connection but it will never compress any outgoing packets.
+
--comp-lzo mode
**DEPRECATED** Enable LZO compression algorithm. Compression is
generally not recommended. VPN tunnels which uses compression are
suspectible to the VORALCE attack vector.
- Use LZO compression -- may add up to 1 byte per packet for incompressible
- data. ``mode`` may be :code:`yes`, :code:`no`, or :code:`adaptive`
- (default).
+ Allows the other side of the connection to use LZO compression. Due
+ to difference in packet format this may add 1 additional byte per packet.
+ With current versions of OpenVPN no actual compression will happen.
- In a server mode setup, it is possible to selectively turn compression
- on or off for individual clients.
+ ``mode`` may be :code:`yes`, :code:`no`, or :code:`adaptive`
+ but there is no actual change in behavior anymore.
- First, make sure the client-side config file enables selective
- compression by having at least one ``--comp-lzo`` directive, such as
- ``--comp-lzo no``. This will turn off compression by default, but allow
- a future directive push from the server to dynamically change the
- :code:`on`/:code:`off`/:code:`adaptive` setting.
-
- Next in a ``--client-config-dir`` file, specify the compression setting
- for the client, for example:
- ::
-
-comp-lzo yes
-push "comp-lzo yes"
-
- The first line sets the ``comp-lzo`` setting for the server side of the
- link, the second sets the client side.
--comp-noadapt
- **DEPRECATED** When used in conjunction with ``--comp-lzo``, this option
- will disable OpenVPN's adaptive compression algorithm. Normally, adaptive
- compression is enabled with ``--comp-lzo``.
-
- Adaptive compression tries to optimize the case where you have
- compression enabled, but you are sending predominantly incompressible
- (or pre-compressed) packets over the tunnel, such as an FTP or rsync
- transfer of a large, compressed file. With adaptive compression, OpenVPN
- will periodically sample the compression process to measure its
- efficiency. If the data being sent over the tunnel is already
- compressed, the compression efficiency will be very low, triggering
- openvpn to disable compression for a period of time until the next
- re-sample test.
+ **DEPRECATED** This option does not have any effect anymore since current
+ versions of OpenVPN never compress outgoing packets.
--key-direction
Alternative way of specifying the optional direction parameter for the
diff --git a/src/openvpn/comp-lz4.c b/src/openvpn/comp-lz4.c
index ac020a4..b35df4a 100644
--- a/src/openvpn/comp-lz4.c
+++ b/src/openvpn/comp-lz4.c
@@ -55,129 +55,40 @@
{
}
-static bool
-do_lz4_compress(struct buffer *buf,
-struct buffer *work,
-struct compress_context *compctx,
-const struct fra
[Openvpn-devel] [L] Change in openvpn[master]: Implement support for larger packet counter sizes
plaisthos has abandoned this change. ( http://gerrit.openvpn.net/c/openvpn/+/507?usp=email ) Change subject: Implement support for larger packet counter sizes .. Abandoned New version coming. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/507?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2 Gerrit-Change-Number: 507 Gerrit-PatchSet: 11 Gerrit-Owner: plaisthos Gerrit-Reviewer: flichtenheld Gerrit-Reviewer: stipa Gerrit-CC: openvpn-devel Gerrit-MessageType: abandon ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Configurable installation directories
Glad to hear it, thanks for your response! As for the release: is there any planned date for v24? Or, as an alternative, could the previous asio-related patch (75abb7dc9366ba85fb1a144d88f02a1e8a62f538) and this one be cherry-picked on top of v23 tag and be release as something like v23.1 so that there is no need to wait for v24 to have this specific changes? PS: accidentally sent it to personal mail only without sending it to the mailing list, thus resending it. пн, 30 сент. 2024 г. в 13:35, David Sommerseth : > On 24/09/2024 15:26, Petr Portnov wrote: > > Hi there! > > Continuing the packaging of the latest OpenVPN-linux for NixOS, I would > > like to propose the following addition to the build system. > > > > What it does is it allows you to customize the installation paths for > > DBus and systemd services and adds the option to disable the generation > > of `openvpn3_statedir / 'configs'` directory (which is not always > > desired, e.g. when the OS takes this responsibility). > > That's again, Petr! > > I'm going to pull this into the coming v24 release. I'll keep you > posted on the progress here. > > Your changes makes sense, so I don't expect any issues here. Going to > test it a bit first, though. > > > -- > kind regards, > > David Sommerseth > OpenVPN Inc > > > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
