Hi Ralf,
On 17/11/17 14:04, Ralf Hildebrandt wrote:
* David Sommerseth <open...@sf.lists.topphemmelig.net>:
On 16/11/17 09:42, Илья Шипицин wrote:
just "compression" is somewhat not clearly covered by documentation. is
it "stub" ? or is it "enable both lzo and lz4" ?
My man page says:
--compress [algorithm]
[...snip...]
If the algorithm parameter is empty, com‐
pression will be turned off, but the packet
framing for compression will still be
enabled, allowing a different setting to be
pushed later.
If this is not clear enough, how could we improve that?
But JJK is most likely right that lzo and lz4 cannot be mixed between
clients. But you can have some clients which gets a 'push "compress
$ALGORITHM", where $ALGORITHM is either lzo or lz4 [1].
Code wise, --comp-lzo yes is the same as --compress lzo.
And --comp-lzo no is the same as just --compress. But --compress is the
only one allowing different compression algorithms.
[1] Valid values are actually: stub, stub-v2, lzo, lz4, lz4-v2 - but the
various differences seems poorly documented outside the source code.
I tried implementing this; my server config uses:
compress lzo
which is backwards compatible to all my clients which use "comp-lzo".
This works fine.
Now I tried pushing individual compression algorithms to clients,
testing with my own account:
if (defined $ENV{'IV_LZ4'} && ($username eq "hildeb") ) {
$logger->info("$username LZ4 available");
push @outline, 'push "compress lz4"';
and that results a major FUBAR:
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 SENT CONTROL [hildeb]:
'PUSH_REPLY,dhcp-option DNS 141.42.1.1,dhcp-option DOMAIN
charite.de,sndbuf 393216,rcvbuf 393216,route-gateway 172.29.0.1,topology
subnet,ping 10,ping-restart 30,route 10.28.0.0
255.254.0.0,route 10.32.0.0 255.224.0.0,route 172.16.0.0 255.254.0.0,route
192.168.192.0 255.255.192.0,route 141.42.0.0
255.255.0.0,route 193.175.72.0 255.255.255.0,route 193.175.74.0
255.255.254.0,route 194.94.4.0 255.255.254.0,compress lz4,ifconfig
172.29.0.91 255.255.192.0,peer-id 124,cipher AES-256-GCM' (status=1)
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Data Channel: using
negotiated cipher 'AES-256-GCM'
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Outgoing Data Channel:
Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Incoming Data Channel:
Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 17 13:42:01 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:02 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression
header byte: 251
I'm using openvpn for mac (2.4.4)...
keep in mind that you also need to tell the server to use LZ4 for your
client; in my original script I was writing out
compress lz4
push "compress lz4"
your server seems "stuck" on "compress lzo".
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
