I've been able to remove some errors trying to configure Windows 10 OpenVPN client with a OpenVPN server running on Netgear Orbi LBR20.
It seems this error comes up a fair amount of times, but I do not find a particular solution for resolving the issue.
The error:
Wed Nov 17 21:39:20 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Does anyone know how to get this error resolved? Is there a config command you need to add or is this issue with the Netgear implementation?
OpenVPN client will not connect to the server.
Config file info:
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote ####blanked##### 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 0
sndbuf 393216
rcvbuf 393216
route-method exe
WARNING: Compression for receiving enabled
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Nov 18, 2021 2:38 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Orbi LBR20 - OpenVPN Windows
This is the Openvpn recommended setting and you should not change it.
Details:
- There is a cyber-attack called VORACLE, which captures up-stream packets that have been compressed and is able to extract data from those packets.
The setting above mitigates the VORACLE attack by not sending any packets upstream that have been compressed. Only down stream compression is allowed, which is not susceptible to this attack.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Jan 26, 2024 1:40 pm
Re: WARNING: Compression for receiving enabled
Hallo, is it possible to remove the warning since there is nothing to do (Sent packets are not compressed). It does confuse user.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
- PetervdM
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Apr 08, 2022 8:59 am
Re: WARNING: Compression for receiving enabled
remove "comp-lzo" from the config file, preferably at both sides of the tunnel.
-
- OpenVPN User
- Posts: 39
- Joined: Tue Sep 01, 2020 1:27 pm
Re: WARNING: Compression for receiving enabled
But you will have to remove comp-lzo from server and all client configs!
Connecting may otherwise be impossible and a hard to diagnose issue (leads to incompatible packet formats I think).
Also, if the client can not connect to the server this is likely not the issue, just a hint to use a better setup.
Connecting may otherwise be impossible and a hard to diagnose issue (leads to incompatible packet formats I think).
Also, if the client can not connect to the server this is likely not the issue, just a hint to use a better setup.