Re: [Openvpn-devel] [Openvpn-users] disabling compression on the fly?
Am 09.10.18 um 14:34 schrieb Jan Just Keijser:
> Hi Ralf,
>
> On 09/10/18 13:35, Ralf Hildebrandt wrote:
>> Currently we're suppling our user with a charite.ovpn File containing:
>>
>> ...
>> compress lzo
>> ...
>>
>> In some cases, we're overriding this on the server side by using:
>>
>> if (defined $ENV{'IV_LZ4'}) {
>> $logger->info("$username lz4: available");
>> push @outline, 'compress lz4';
>> push @outline, 'push "compress lz4"';
>> # push old style and new style options!
>> }
>>
>> Now a recent version of openvpn.connect on IOS (3.0.2) has broken
>> this, by disabling compression by default.
>>
>> My idea: Since the client config already enables framing for
>> compression, why not turn compression off - on the fly - for every
>> client?
>>
>> How would I push an "empty" compression parameter?
>> Is this feasible at all?
>>
> very interesting question... and I had to dive into the source code to
> find the following:
>
> 7420 VERIFY_PERMISSION(OPT_P_COMP);
> 7421 if (p[1])
> 7422 {
> 7423 if (streq(p[1], "stub"))
> 7424 {
> 7425 options->comp.alg = COMP_ALG_STUB;
> 7426 options->comp.flags =
> (COMP_F_SWAP|COMP_F_ADVERTISE_STUBS_ONLY);
> 7427 }
> 7428 else if (streq(p[1], "stub-v2"))
> 7429 {
> 7430 options->comp.alg = COMP_ALGV2_UNCOMPRESSED;
> 7431 options->comp.flags = COMP_F_ADVERTISE_STUBS_ONLY;
> 7432 }
>
> which means that if you would use
> compress stub-v2
> then you'd basically end up with bogus compression - this does not seem
> to be documented and I have no idea what the main difference is between
> 'stub' and 'stub-v2'.
>
stub-v2 is almost identical to no framing. It only add 0x50 0x?? (I
forgot what exactly) if the packet begins with 0x50 which would be IPv5)
so compress stub-v2 and push "compress stub-v2" is a good idea. See also
https://community.openvpn.net/openvpn/wiki/VORACLE
Arne
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [Openvpn-users] disabling compression on the fly?
Hi Ralf,
On 09/10/18 13:35, Ralf Hildebrandt wrote:
Currently we're suppling our user with a charite.ovpn File containing:
...
compress lzo
...
In some cases, we're overriding this on the server side by using:
if (defined $ENV{'IV_LZ4'}) {
$logger->info("$username lz4: available");
push @outline, 'compress lz4';
push @outline, 'push "compress lz4"';
# push old style and new style options!
}
Now a recent version of openvpn.connect on IOS (3.0.2) has broken
this, by disabling compression by default.
My idea: Since the client config already enables framing for
compression, why not turn compression off - on the fly - for every
client?
How would I push an "empty" compression parameter?
Is this feasible at all?
very interesting question... and I had to dive into the source code to
find the following:
7420 VERIFY_PERMISSION(OPT_P_COMP);
7421 if (p[1])
7422 {
7423 if (streq(p[1], "stub"))
7424 {
7425 options->comp.alg = COMP_ALG_STUB;
7426 options->comp.flags =
(COMP_F_SWAP|COMP_F_ADVERTISE_STUBS_ONLY);
7427 }
7428 else if (streq(p[1], "stub-v2"))
7429 {
7430 options->comp.alg = COMP_ALGV2_UNCOMPRESSED;
7431 options->comp.flags = COMP_F_ADVERTISE_STUBS_ONLY;
7432 }
which means that if you would use
compress stub-v2
then you'd basically end up with bogus compression - this does not seem
to be documented and I have no idea what the main difference is between
'stub' and 'stub-v2'.
YMMV,
JJK
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
