Disable compression on client from server.

[oaon]

I have an OpenVPN 2.4.6 server with both 2.3 and 2.4 clients in the field. Currently lzo compression is configured on the server and clients via their respective options in their config files.

I want to disable compression without having to recall all of the clients. To that end I have configured my server with

View OriginalServer Config

# Disable compression
compress

Which should disable compression of the server side.
By using a client-connect script and inspecting the IV_VER environment variable (or lack thereof) I can determine the client version and if I need to push 'compress' or ' comp-lzo no' to it. This works in as much as I can see the relevant options being pushed from the server

e.g. for a 2.3 client

Code: Select all

...
PUSH_REPLY,redirect-gateway, ... ping-restart 60,comp-lzo ...
...
OPTIONS IMPORT: compression parms modified
...

or for a 2.4 client

Code: Select all

...
PUSH_REPLY,redirect-gateway, ... ping-restart 60,compress ...
...
OPTIONS IMPORT: compression parms modified
...

This works as expected for a 2.4 client. The client connects and data passes through the tunnel. However, for a 2.3 client a connection is made but no data passes through the tunnel. My server logs show

Code: Select all

Bad compression stub (swap) decompression header byte: 250

and my client logs

Code: Select all

Bad LZO decompression header byte: 251

I have searched for these log messages and they seem to suggest that there is a compression mismatch between the client and server.

Is there a way for a 2.4 server with compression disabled to disable the compression on 2.3 and 2.4 clients with push commands and if so what are they ?

Cheers

[TinCanTech]

these log messages and they seem to suggest that there is a compression mismatch between the client and server

Correct.

Is there a way for a 2.4 server with compression disabled to disable the compression on 2.3

You have already fixed this for 2.4 clients.

2.3 clients need on the server:

Code: Select all

comp-lzo no
push 'comp-lzo no'

2.3 does not support --compress

[oaon]

Hi, thanks. I already tried this and yes it does allow the 2.3 clients to connect and work however the 2.4 clients now break.
e.g. 2.4 client log

Code: Select all

PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 ... ping-restart 60,compress,...
...
OPTIONS IMPORT: compression parms modified
...
 Bad compression stub (swap) decompression header byte: 250

and the server logs

Code: Select all

 Bad compression stub decompression header byte: 251

If I place both 'compress' and 'comp-lzo' in the server config then the last one defined wins so with

View OriginalServer Config

compress
comp-lzo no

then 2.3 clients will work and

View OriginalServer Config

comp-lzo no
compress

allows 2.4 clients to work. I have tried lots of different combinations. My server always correctly identifies the clients and pushes the correct directive however it seems that I can only satisfy one group of clients 2.4 or 2.3 but not both.

[TinCanTech]

This can only be used on a per client basis in a --client-config-dir file