Page 1 of 1
OpenVPN AS + Mikrotik Bad compression stub decompression header byte
Posted: Tue Aug 13, 2019 1:56 pm
by Dmitry
Hello
I installed OpenVPN Access Server (ver. 2.7.4) and i cannot connect to it from mikrotik router (RouterOS ver. 6.45.3) as OpenVPN clinet.
More precisely, the connection passes, but the traffic through the tunnel does not go
In server logs i've got an errors like that (username and IP address changed):
Code: Select all
2019-08-13T14:35:01+0300 [stdout#info] [OVPN 0] OUT: 'Tue Aug 13 11:35:01 2019 client/192.168.0.105:57668 Bad compression stub decompression header byte: 69'
From linux and windows clients connects without any problems and traffic goes.
In OpenVPN AS Configuration:
Network Settings => Protocol =
TCP
Advanced VPN => Default Compression Settings =
OFF
Advanced VPN => Default TLS Auth Settings =
OFF
PS
Prior to this set up Mikrotiks as clients and everything worked well, but there was the usual (OpenSource) OpenVPN server (
NOT Access Server).
I have been looking for information about this error on the Internet and on this forum, but I have not found any working solution.
Re: OpenVPN AS + Mikrotik Bad compression stub decompression header byte
Posted: Tue Aug 20, 2019 3:18 am
by Dmitry
Logs from OpenVPN Access Server^
Code: Select all
Bad compression stub decompression header byte: 42'
Code: Select all
Bad compression stub decompression header byte: 69'
Correct me if I'm wrong.As far as I understand, such errors are due to not agreeing the traffic compression settings, but on the server compression is disabled at all, mikrotik as the client does not support compression at all.
When checking on windows\linux clients the configuration with the switched-off compression also comes, but at the same time VPN normally works.
Even I tried to change the MTU setting on a mikrotik, but it wouldn't work.
Please point me to the right direction.
Re: OpenVPN AS + Mikrotik Bad compression stub decompression header byte
Posted: Fri Aug 23, 2019 11:01 am
by Dmitry
At all mikrotik(routeros) without problems works with openvpn access server?
Re: OpenVPN AS + Mikrotik Bad compression stub decompression header byte
Posted: Tue Aug 27, 2019 8:42 pm
by novaflash
From experience, I was able to get it to work by disabling compression and turning off TLS auth. But that was with a test I did with a Mikrotik device about a year ago.
Re: OpenVPN AS + Mikrotik Bad compression stub decompression header byte
Posted: Wed Aug 28, 2019 3:45 pm
by Dmitry
novaflash wrote: ↑Tue Aug 27, 2019 8:42 pm
From experience, I was able to get it to work by disabling compression and turning off TLS auth. But that was with a test I did with a Mikrotik device about a year ago.
Thanks for your reply.
As you can see in the first post TLS and LZO already disabled.
I know that mikrotik's doesn't support compression, TLS-auth and UDP over openvpn.
I've installed few instances with open sources version of openvpn server and mikrotiks as client and that configurations works fine.
Me and my clients wants to test the Openvpn Access Server and unfortunately we've ran into the error.
If there is any other methods to test compression settings besides web interface?
Or maybe someone knows how to explain what these errors means?
Code: Select all
Bad compression stub decompression header byte: 42'
Code: Select all
Bad compression stub decompression header byte: 69'
Thanks.
Re: OpenVPN AS + Mikrotik Bad compression stub decompression header byte
Posted: Wed Aug 28, 2019 3:50 pm
by Dmitry
UPD:
Upgraded to 2.7.5
Nothing changes. Error still there.
I have tried that:
Disable compression for a given user or group:
Code: Select all
./sacli --user "client1" --key "prop_lzo" --value "false" UserPropPut
got this:
Re: OpenVPN AS + Mikrotik Bad compression stub decompression header byte
Posted: Tue Oct 01, 2019 4:58 pm
by Dmitry
Code: Select all
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1559'"
WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'"