[Openvpn-users] Compression problems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ref: https://forums.openvpn.net/viewtopic.php?f=4&t=32100
Regarding compression, it is unclear what the best options are.
The server config above uses
{{{
allow-compression no
compress
comp-lzo no
push "comp-lzo no"
}}}
However the manual states:
--compress alg
Note: the `stub` (or empty) option is NOT compatible with the older option
--comp-lzo no.
My guess would be that the server config above is indeed an error because it
uses --compress
and pushes --comp-lzo no.
The server then randomly aborts with:
vpn-ext kernel: [15774] pid 46022 (openvpn), jid 0, uid 65534: exited on signal
11
Assuming that the client is using some combination of compression options which
cannot be changed,
or more likely that it is too much trouble to change all the clients, is there
a recommended setting to disable
all compression from the server only ?
Thanks
R
Sent with ProtonMail Secure Email.
-BEGIN PGP SIGNATURE-
Version: ProtonMail
wsBzBAEBCAAGBQJgayPpACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ3hogf9GAyQJbE/XrhmRbkVZkEcvcpKZdo/nAfAgevJvyuucbUWjrU1
e29MpATsYYT24IGwqfsBYCs/E4rx03JgztdzQPJwtRSK1JzjmEALDDflwYhK
iSLzNWSNyelgurSn4MywqnfnlsQQoSjorxMm7XU5xMcIbXa8Gr3jbIK0RoDJ
UPH3mFL/L5s/quYHFgoTD8UiKQOxOx7otUKgEctTVDKxdoLDNk4zAKRy9u58
sDYmF1MMjlVEnpuim0DAa1Dmj6ls5FlTJEwNC6AESfHLq9uw6vYRWcj26Bm8
62zUUfBAr63gBgywLRkX5A/BVaFex6et8l9TyiyXhMr78V666gBvBw==
=Q5hg
-END PGP SIGNATURE-
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Compression problems
Hi,
On Mon, Apr 05, 2021 at 02:51:23PM +, tincantech via Openvpn-users wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Ref: https://forums.openvpn.net/viewtopic.php?f=4&t=32100
>
> Regarding compression, it is unclear what the best options are.
>
> The server config above uses
> {{{
> allow-compression no
> compress
> comp-lzo no
> push "comp-lzo no"
> }}}
If you have no compelling use-case for using compression, then just
leave out anything that starts with "compression" or "comp-lzo" from
your config.
"comp-lzo no" is - due to historic mishaps - not the same as
"no compression"
> However the manual states:
> --compress alg
> Note: the `stub` (or empty) option is NOT compatible with the older option
> --comp-lzo no.
>
> My guess would be that the server config above is indeed an error because it
> uses --compress
> and pushes --comp-lzo no.
It also sets "comp-lzo no", which overrides the previous "compress"
statement anyway.
> The server then randomly aborts with:
> vpn-ext kernel: [15774] pid 46022 (openvpn), jid 0, uid 65534: exited on
> signal 11
This is not good, and needs debugging. OpenVPN should never SIGSEGV.
This is likely unrelated to compression setting, though. One would
need a verb 4 log to see what leads to this.
> Assuming that the client is using some combination of compression options
> which cannot be changed,
> or more likely that it is too much trouble to change all the clients, is
> there a recommended setting to disable
> all compression from the server only ?
compress migrate
this will push whatever the client understands to disable compression
(or nothing at all if the client has no compression in its config in
the first place).
Works with 2.2 and up clients (after the recent fixup patch).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Compression problems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Monday, 5 April 2021 18:34, Gert Doering wrote:
> Hi,
>
> On Mon, Apr 05, 2021 at 02:51:23PM +, tincantech via Openvpn-users wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > Ref: https://forums.openvpn.net/viewtopic.php?f=4&t=32100
> > Regarding compression, it is unclear what the best options are.
> > The server config above uses
> > {{{
> > allow-compression no
> > compress
> > comp-lzo no
> > push "comp-lzo no"
> > }}}
>
> If you have no compelling use-case for using compression, then just
> leave out anything that starts with "compression" or "comp-lzo" from
> your config.
>
> "comp-lzo no" is - due to historic mishaps - not the same as
> "no compression"
>
> > However the manual states:
> > --compress alg
> > Note: the `stub` (or empty) option is NOT compatible with the older option
> > --comp-lzo no.
> > My guess would be that the server config above is indeed an error because
> > it uses --compress
> > and pushes --comp-lzo no.
>
> It also sets "comp-lzo no", which overrides the previous "compress"
> statement anyway.
>
Ah right, thanks. That clears up the logic a little..
> > The server then randomly aborts with:
> > vpn-ext kernel: [15774] pid 46022 (openvpn), jid 0, uid 65534: exited on
> > signal 11
>
> This is not good, and needs debugging. OpenVPN should never SIGSEGV.
>
> This is likely unrelated to compression setting, though. One would
> need a verb 4 log to see what leads to this.
>
I'll see what I can do..
> > Assuming that the client is using some combination of compression options
> > which cannot be changed,
> > or more likely that it is too much trouble to change all the clients, is
> > there a recommended setting to disable
> > all compression from the server only ?
>
> compress migrate
>
> this will push whatever the client understands to disable compression
> (or nothing at all if the client has no compression in its config in
> the first place).
>
> Works with 2.2 and up clients (after the recent fixup patch).
Will that be included in version 2.5.2 ?
Thanks
-BEGIN PGP SIGNATURE-
Version: ProtonMail
wsBzBAEBCAAGBQJga1d5ACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ30ygf/XtOpB64STbC6USdSRbNGiGf61IafsQu//PZk1QAgm2+Oczuv
RQDXP05yUwE0ZwGggVPy+J8Re6SD+ylkaaAxXCQmI0ZBGFdpJsdUDGHEKAiN
JjgAMhL3olhUe6RkJ3mU3+ue/NVS+FO9kltUQmchvWKP8bCjZm4evDGRlNoa
y/yeWySPi7dp5JB0nboGOGHvxvnM1RArLNv7sUarAwO/bIK+Z6OpC6a9iMZG
MfYTq2r7cdu7rVP+72N/8P1rsN/b83vkOYOTz+iAeZ/4Sl7Gc4jsFdZ5UUVy
0FGse7q887Wer5KL7CH5qTjXwmFXX4VggTmBrMehKfFswUqz5piwAw==
=IcEe
-END PGP SIGNATURE-
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Compression problems
Hi,
On Mon, Apr 05, 2021 at 06:31:30PM +, tincantech wrote:
> > compress migrate
> >
> > this will push whatever the client understands to disable compression
> > (or nothing at all if the client has no compression in its config in
> > the first place).
> >
> > Works with 2.2 and up clients (after the recent fixup patch).
>
> Will that be included in version 2.5.2 ?
No. It's somewhat ugly and most setups can get along with a client-connect
script that just sets
comp-lzo no,
push "comp-lzo no"
or
compress stub-v2
push "compress stub-v2"
depending on whether the client sends IV_COMP_STUBv2 or not.
It will cause warnings about "I have comp-lzo in my client config but
there is no comp-lzo in the server configs", so there is a bit of extra
support effort (which "compress migrate" mitigates by rewriting OCC
option strings) but if a user *really* looks at their logs and sees
the warning, it can be easily explained ("we are migrating away from
using compression by default").
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Compression problems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Monday, 5 April 2021 20:00, Gert Doering wrote:
> Hi,
>
> On Mon, Apr 05, 2021 at 06:31:30PM +, tincantech wrote:
>
> > > compress migrate
> > > this will push whatever the client understands to disable compression
> > > (or nothing at all if the client has no compression in its config in
> > > the first place).
> > > Works with 2.2 and up clients (after the recent fixup patch).
> >
> > Will that be included in version 2.5.2 ?
>
> No. It's somewhat ugly and most setups can get along with a client-connect
> script that just sets
>
> comp-lzo no,
> push "comp-lzo no"
> or
> compress stub-v2
> push "compress stub-v2"
>
> depending on whether the client sends IV_COMP_STUBv2 or not.
>
> It will cause warnings about "I have comp-lzo in my client config but
> there is no comp-lzo in the server configs", so there is a bit of extra
> support effort (which "compress migrate" mitigates by rewriting OCC
> option strings) but if a user really looks at their logs and sees
> the warning, it can be easily explained ("we are migrating away from
> using compression by default").
>
I have tested this with 2.5.1 and 2.4.10 and it works well.
All that is required is to add --comp-lzo no and --push "comp-lzo no"
to the server config.
There are warnings about --link-mtu and --comp-lzo but the VPN is stable.
Thanks
R
-BEGIN PGP SIGNATURE-
Version: ProtonMail
wsBzBAEBCAAGBQJga34pACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ0EQggAmdm6hJEbqN5FhXHHrhanCtmGkx2zeJHWbt/e/JKQmeHOSmWT
Ydjp4xtnNfNwgNIFk2yKr8JmaSzNamcWTcc4nSyUwWBqaHbqBv9S/ckNdLBV
VWR7RTzcCeu44ivRfNvReiwn/4xLaTwO8in5SKYreyU1nO7azGGtwFYxfFAo
dIANoNuFFFtRBwi/SAmCJbGFoc6XvdE+gBq5DEl52pIcN1qqGcxoa5mgdQdR
lakZ8IJLLKxvNzlQhg5yovumkTw0kTwmO+Lnxs1AwxgvFIdYky7DeGLU5E2K
9Ubzn/0KEqClDqN7naiu/7LJdmSUeLnMrUhoflYnXUprMSw2Q/uCag==
=IwPt
-END PGP SIGNATURE-
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
