Page 1 of 1

Mikrotik Bad compression stub decompression header byte

Posted: Mon Mar 20, 2017 6:03 pm
by chris2017
Hi,

I tried my best to resolve & research my issue but could not find the solution. I am running OpenVPN Access Server v. 2.1.4b and trying to connect my Mikrotik with RouterOS 6.37rc12.

I have generated the autologin certificates for the user and imported it to Mikrotik. I am able to estabish the vpn connection but there is no traffic.
This is caused by (i assume) a compression error.

Code: Select all

2017-03-20 17:24:37+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:37 2017 TCP connection established with [AF_INET]XX.XX.XXX.XXX:53003'
2017-03-20 17:24:37+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:37 2017 XX.XX.XXX.XXX:53003 TLS: Initial packet from [AF_INET]XX.XX.XXX.XXX:53003, sid=cfc8efa7 1f12463d'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 VERIFY OK: depth=1, /CN=OpenVPN CA'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 VERIFY OK: nsCertType=CLIENT'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 VERIFY OK: depth=0, /CN=USER'
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: "Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 1'"
2017-03-20 17:24:39+0000 [-] OVPN 1 OUT: "Mon Mar 20 17:24:39 2017 XX.XX.XXX.XXX:53003 WARNING: 'tls-auth' is present in local config but missing in remote config, local='tls-auth'"
2017-03-20 17:24:40+0000 [-] AUTH SUCCESS {'status': 0, 'reason': 'PAM auth succeeded', 'serial_list': [], 'user': u'USER', 'proplist': {u'prop_autologin': u'true', u'type': u'user_connect', u'prop_autogenerate': u'true'}, 'common_name': u'USER', 'serial': '2'} cli=''/''
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: "Mon Mar 20 17:24:40 2017 MANAGEMENT: CMD 'client-auth 0 0'"
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 XX.XX.XXX.XXX:53003 Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 XX.XX.XXX.XXX:53003 [USER] Peer Connection Initiated with [AF_INET]XX.XX.XXX.XXX:53003'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 OPTIONS IMPORT: compression parms modified'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 MULTI: Learn: 172.27.228.2 -> USER/XX.XX.XXX.XXX:53003'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 MULTI: primary virtual IP for USER/XX.XX.XXX.XXX:53003: 172.27.228.2'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 send_push_reply(): safe_cap=940'
2017-03-20 17:24:40+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:40 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
2017-03-20 17:24:41+0000 [-] OVPN 1 OUT: 'Mon Mar 20 17:24:41 2017 USER/XX.XX.XXX.XXX:53003 Bad compression stub decompression header byte: 69'
I made this changes to Server Directives.

Code: Select all

-opt-verify
-tls-auth
-comp-lzo no
auth none
mssfix

This is my Mikrotik configuration:

This is the PPP profile:

Code: Select all

Flags: * - default 
 0 * name="default" remote-ipv6-prefix-pool=*0 use-ipv6=yes use-mpls=default use-compression=no use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default 
     address-list="" on-up="" on-down="" 
This is my ovpn client interface:

Code: Select all

Flags: X - disabled, R - running 
 0 X  name="ovpn-out1" mac-address=XX:XX:XX:XX:XX:XX max-mtu=1500 connect-to=XX.XXX.XXX.XXX port=443 mode=ip user="USER" password="XXXXXXXXX" profile=default 
      certificate=client.crt_0 auth=null cipher=blowfish128 add-default-route=yes 


Maybe this question is already answered but i couldnt find anything :oops: :( :( :o :o :shock:

Please point me to the right direction.

Thanks and BR

Chris

Re: Mikrotik Bad compression stub decompression header byte

Posted: Tue Mar 21, 2017 1:09 am
by TinCanTech
chris2017 wrote:I am running OpenVPN Access Server v. 2.1.4b and trying to connect my Mikrotik with RouterOS 6.37rc12.
:mrgreen:

Re: Mikrotik Bad compression stub decompression header byte

Posted: Tue Mar 21, 2017 7:48 am
by novaflash
If I recall correcty, compression stub errors usually indicate the packets are being cut off unexpectedly due to MTU being too low. So I'd suggest trying mssfix 1420 or something to see what happens then.

You can also try disabling compression and see what happens then.