Mikrotik Bad compression stub decompression header byte

chris2017
OpenVpn Newbie
Posts: 1
Joined: Mon Mar 20, 2017 12:43 pm

Mikrotik Bad compression stub decompression header byte

Postby chris2017 » Mon Mar 20, 2017 6:03 pm

Hi,

I tried my best to resolve & research my issue but could not find the solution. I am running OpenVPN Access Server v. 2.1.4b and trying to connect my Mikrotik with RouterOS 6.37rc12.

I have generated the autologin certificates for the user and imported it to Mikrotik. I am able to estabish the vpn connection but there is no traffic.
This is caused by (i assume) a compression error.

Code: Select all

2017-03-20 17:24:37+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:37 2017 TCP connection established with [AF_INET]XX.XX.XXX.XXX:53003'
2017-03-20 17:24:37+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:37 2017 XX.XX.XXX.XXX:53003 TLS: Initial packet from [AF_INET]XX.XX.XXX.XXX:53003, sid=cfc8efa7 1f12463d'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 VERIFY OK: depth=1, /CN=OpenVPN CA'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 VERIFY OK: nsCertType=CLIENT'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 VERIFY OK: depth=0, /CN=USER'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: "Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 1'"
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: "Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 WARNING: 'tls-auth' is present in local config but missing in remote config, local='tls-auth'"
2017-03-20 17:24:40+0000 [-] AUTH SUCCESS {'status': 0, 'reason': 'PAM auth succeeded', 'serial_list': [], 'user': u'USER', 'proplist': {u'prop_autologin': u'true', u'type': u'user_connect', u'prop_autogenerate': u'true'}, 'common_name': u'USER', 'serial': '2'} cli=''/''
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: "Mon Mar 20 17:24:40 2017 MANAGEMENT: CMD 'client-auth 0 0'"
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 XX.XX.XXX.XXX:53003 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 XX.XX.XXX.XXX:53003 [USER] Peer Connection Initiated with [AF_INET]XX.XX.XXX.XXX:53003'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 OPTIONS IMPORT: compression parms modified'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 MULTI: Learn: 172.27.228.2 -> USER/XX.XX.XXX.XXX:53003'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 MULTI: primary virtual IP for USER/XX.XX.XXX.XXX:53003: 172.27.228.2'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 send_push_reply(): safe_cap=940'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'


I made this changes to Server Directives.

Code: Select all

-opt-verify
-tls-auth
-comp-lzo no
auth none
mssfix



This is my Mikrotik configuration:

This is the PPP profile:

Code: Select all

Flags: * - default
 0 * name="default" remote-ipv6-prefix-pool=*0 use-ipv6=yes use-mpls=default use-compression=no use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default
     address-list="" on-up="" on-down=""


This is my ovpn client interface:

Code: Select all

Flags: X - disabled, R - running
 0 X  name="ovpn-out1" mac-address=XX:XX:XX:XX:XX:XX max-mtu=1500 connect-to=XX.XXX.XXX.XXX port=443 mode=ip user="USER" password="XXXXXXXXX" profile=default
      certificate=client.crt_0 auth=null cipher=blowfish128 add-default-route=yes




Maybe this question is already answered but i couldnt find anything :oops: :( :( :o :o :shock:

Please point me to the right direction.

Thanks and BR

Chris

User avatar
TinCanTech
I should be on the dev team.
Posts: 1890
Joined: Fri Jun 03, 2016 1:17 pm

Re: Mikrotik Bad compression stub decompression header byte

Postby TinCanTech » Tue Mar 21, 2017 1:09 am

chris2017 wrote:I am running OpenVPN Access Server v. 2.1.4b and trying to connect my Mikrotik with RouterOS 6.37rc12.
:mrgreen:

novaflash
OpenVPN Expert
Posts: 317
Joined: Fri Apr 13, 2012 8:43 pm

Re: Mikrotik Bad compression stub decompression header byte

Postby novaflash » Tue Mar 21, 2017 7:48 am

If I recall correcty, compression stub errors usually indicate the packets are being cut off unexpectedly due to MTU being too low. So I'd suggest trying mssfix 1420 or something to see what happens then.

You can also try disabling compression and see what happens then.


Return to “Access Server”

Who is online

Users browsing this forum: Bing [Bot] and 1 guest