WARNING: Compression for receiving enabled

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
embossbj
OpenVpn Newbie
Posts: 1
Joined: Thu Nov 18, 2021 2:38 am

WARNING: Compression for receiving enabled

Post by embossbj » Thu Nov 18, 2021 2:44 am

I've been able to remove some errors trying to configure Windows 10 OpenVPN client with a OpenVPN server running on Netgear Orbi LBR20.

It seems this error comes up a fair amount of times, but I do not find a particular solution for resolving the issue.

The error:
Wed Nov 17 21:39:20 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.


Does anyone know how to get this error resolved? Is there a config command you need to add or is this issue with the Netgear implementation?

OpenVPN client will not connect to the server.

Config file info:
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote ####blanked##### 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 0
sndbuf 393216
rcvbuf 393216
route-method exe

TinCanTech
OpenVPN Protagonist
Posts: 11135
Joined: Fri Jun 03, 2016 1:17 pm

Re: Orbi LBR20 - OpenVPN Windows

Post by TinCanTech » Thu Nov 18, 2021 2:06 pm

embossbj wrote:
Thu Nov 18, 2021 2:44 am
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
This is the Openvpn recommended setting and you should not change it.

Details:
  • There is a cyber-attack called VORACLE, which captures up-stream packets that have been compressed and is able to extract data from those packets.

    The setting above mitigates the VORACLE attack by not sending any packets upstream that have been compressed. Only down stream compression is allowed, which is not susceptible to this attack.

M4rt1n85
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 26, 2024 1:40 pm

Re: WARNING: Compression for receiving enabled

Post by M4rt1n85 » Sun Feb 11, 2024 4:58 pm

Hallo, is it possible to remove the warning since there is nothing to do (Sent packets are not compressed). It does confuse user.

TinCanTech
OpenVPN Protagonist
Posts: 11135
Joined: Fri Jun 03, 2016 1:17 pm

Re: WARNING: Compression for receiving enabled

Post by TinCanTech » Sun Feb 11, 2024 5:02 pm

M4rt1n85 wrote:
Sun Feb 11, 2024 4:58 pm
is it possible to remove the warning
Yes - Do not use compression.

User avatar
PetervdM
OpenVpn Newbie
Posts: 6
Joined: Fri Apr 08, 2022 8:59 am

Re: WARNING: Compression for receiving enabled

Post by PetervdM » Mon Feb 12, 2024 10:13 am

remove "comp-lzo" from the config file, preferably at both sides of the tunnel.

Post Reply