comp-lzo not working?

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
therealjmc
OpenVpn Newbie
Posts: 6
Joined: Mon Jan 28, 2013 4:51 pm

comp-lzo not working?

Post by therealjmc » Mon Jan 28, 2013 4:54 pm

Hi,

I've tested the new iOS app against my working Openvpn-Server. It seems that comp-lzo is not supported by the Client, since i can establish a Connection but get the following error messages on the server and can't use the connection actualy from the client.

Code: Select all

Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Sun Jan 27 19:45:50 2013 Client2/xx.xx.xx.xx:xxxx Bad LZO decompression header byte: 65
Is there a way to get comp-lzo to work or do i have to disable it?
Top
User avatar
jamesyonan
OpenVPN Inc.
Posts: 169
Joined: Thu Jan 24, 2013 12:13 am

Re: comp-lzo not working?

Post by jamesyonan » Mon Jan 28, 2013 9:43 pm

comp-lzo does work. Which comp-lzo directives are you using on client and server side?
Top
therealjmc
OpenVpn Newbie
Posts: 6
Joined: Mon Jan 28, 2013 4:51 pm

Re: comp-lzo not working?

Post by therealjmc » Tue Jan 29, 2013 6:50 am

Server Config (using 2.2.1)

Code: Select all

port 1394
proto udp
dev tun0
log /var/log/openvpn.log
#client-to-client
ca /etc/openvpn/ca.crt
client-config-dir /etc/openvpn/ccd
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
dh /etc/openvpn/dh2048.pem
server 10.7.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
push "route 10.7.0.0 255.255.255.0"
push "route 10.10.11.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo
max-clients 8
persist-key
persist-tun
verb 3
tun-mtu 1500
fragment 1300
mssfix
I've imported the following config to the iOS Client:

Code: Select all

client
proto udp
dev tun
remote host 1394
resolv-retry infinite
pull
nobind
persist-key
persist-tun
ca ca.crt
ns-cert-type server
cert client2.crt
key client2.key
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
tun-mtu 1500
fragment 1300
mssfix
The Connection Log on the app says:
Tunnel Options: V4,dev-type tun, link-mtu 1558, tun-mtu 1500, proto UDPv4, comp-lzo,keydir 1,cipher AES-256-CBC,keysize 256,tls-auth,key-method 2,tls-client

After the Push from the server there is a line in the logfile again regarding LZO:
LZO-ASYM init swap=0 asym=1
Top
therealjmc
OpenVpn Newbie
Posts: 6
Joined: Mon Jan 28, 2013 4:51 pm

Re: comp-lzo not working?

Post by therealjmc » Tue Jan 29, 2013 7:55 am

I've the same problem described here:

topic11979.html

I'll try my luck there ;)
Top
User avatar
jamesyonan
OpenVPN Inc.
Posts: 169
Joined: Thu Jan 24, 2013 12:13 am

Re: comp-lzo not working?

Post by jamesyonan » Tue Jan 29, 2013 9:37 am

comp-lzo may be a red herring here.

Try removing "fragment" from both client and server configs.
Top
therealjmc
OpenVpn Newbie
Posts: 6
Joined: Mon Jan 28, 2013 4:51 pm

Re: comp-lzo not working?

Post by therealjmc » Tue Jan 29, 2013 12:26 pm

Spending some time to reconfigure my clients to work without fragment etc...

Working fine now!

Took the opportunity to renew my certificates, only 2 Years left till they run invalid... Means i've been too lazy to replace them the last 8 years :roll:
Top
jurev
OpenVpn Newbie
Posts: 3
Joined: Tue Jan 29, 2013 12:33 pm

Re: comp-lzo not working?

Post by jurev » Tue Jan 29, 2013 5:48 pm

therealjmc wrote:Working fine now!
Therealjmc, could you please post your working client configuration (and server too)? My non working config is driving me crazy! Thanks.
Top
therealjmc
OpenVpn Newbie
Posts: 6
Joined: Mon Jan 28, 2013 4:51 pm

Re: comp-lzo not working?

Post by therealjmc » Tue Jan 29, 2013 7:12 pm

Server:

Code: Select all

port 1394
proto udp
dev tun0
log /var/log/openvpn.log
ca /etc/openvpn/ca.crt
client-config-dir /etc/openvpn/ccd
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0
crl-verify /etc/openvpn/keys/crl.pem
cipher AES-256-CBC
dh /etc/openvpn/dh2048.pem
server 10.7.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
keepalive 10 120
comp-lzo adaptive
max-clients 8
persist-key
persist-tun
verb 3
Client (iPhone)

Code: Select all

client
proto udp
dev tun
remote host.org 1394
resolv-retry infinite
pull
nobind
persist-key
persist-tun
ns-cert-type server
key-direction 1
cipher AES-256-CBC
comp-lzo
verb 3

<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>
Top
Post Reply

Return to “OpenVPN Connect (iOS)”