Hi Ralf,

On 17/11/17 14:04, Ralf Hildebrandt wrote:
* David Sommerseth <open...@sf.lists.topphemmelig.net>:
On 16/11/17 09:42, Илья Шипицин wrote:
just "compression" is somewhat not clearly covered by documentation. is
it "stub" ? or is it "enable both lzo and lz4" ?
My man page says:

       --compress [algorithm]
        [...snip...]

        If  the  algorithm  parameter is empty, com‐
        pression will be turned off, but the  packet
        framing   for   compression  will  still  be
        enabled, allowing a different setting to  be
        pushed later.

If this is not clear enough, how could we improve that?

But JJK is most likely right that lzo and lz4 cannot be mixed between
clients.  But you can have some clients which gets a 'push "compress
$ALGORITHM", where $ALGORITHM is either lzo or lz4 [1].

Code wise, --comp-lzo yes is the same as --compress lzo.
And --comp-lzo no is the same as just --compress.  But --compress is the
only one allowing different compression algorithms.


[1] Valid values are actually: stub, stub-v2, lzo, lz4, lz4-v2 - but the
various differences seems poorly documented outside the source code.
I tried implementing this; my server config uses:

compress lzo

which is backwards compatible to all my clients which use "comp-lzo".
This works fine.


Now I tried pushing individual compression algorithms to clients,
testing with my own account:

if (defined $ENV{'IV_LZ4'} && ($username eq "hildeb") ) {
         $logger->info("$username LZ4 available");
         push @outline, 'push "compress lz4"';

and that results a major FUBAR:

Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 SENT CONTROL [hildeb]: 
'PUSH_REPLY,dhcp-option DNS 141.42.1.1,dhcp-option DOMAIN
charite.de,sndbuf 393216,rcvbuf 393216,route-gateway 172.29.0.1,topology 
subnet,ping 10,ping-restart 30,route 10.28.0.0
255.254.0.0,route 10.32.0.0 255.224.0.0,route 172.16.0.0 255.254.0.0,route 
192.168.192.0 255.255.192.0,route 141.42.0.0
255.255.0.0,route 193.175.72.0 255.255.255.0,route 193.175.74.0 
255.255.254.0,route 194.94.4.0 255.255.254.0,compress lz4,ifconfig
172.29.0.91 255.255.192.0,peer-id 124,cipher AES-256-GCM' (status=1)
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Data Channel: using 
negotiated cipher 'AES-256-GCM'
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Outgoing Data Channel: 
Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Incoming Data Channel: 
Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 17 13:42:01 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression 
header byte: 251
Nov 17 13:42:02 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression 
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression 
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression 
header byte: 251
Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression 
header byte: 251

I'm using openvpn for mac (2.4.4)...
keep in mind that you also need to tell the server to use LZ4 for your client; in my original script I was writing out
  compress lz4
  push "compress lz4"

your server seems "stuck" on "compress lzo".

HTH,

JJK


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to