OpenVPN Support Forum

I understand that if the compression algorithm is different on the client than the server, things break. But this compression seems to change over time. First lzo, then lz4, now lz4-v2 seems most current. Given that I can get the clients to update to the latest version of openvpn, can I push which compression algorithm to use in the server.conf?

I tried this:


and nothing on the client with respect to compression.

However, when I do this, I see this in the log on the client side (I have underlined the interesting bits):

Sun Mar 18 12:01:59 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1543', remote='link-mtu 1544'
Sun Mar 18 12:01:59 2018 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sun Mar 18 12:01:59 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
...
Sun Mar 18 12:02:00 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Mar 18 12:02:00 2018 PUSH: Received control message: 'PUSH_REPLY,topology subnet,dhcp-option DNS 10.88.0.1,compress lzo,ping 10,ping-restart 120,ifconfig 10.88.1.1 255.255.0.0,peer-id 0,cipher AES-256-GCM'

1) The MTU inconsistency of 1543 versus 1544 is clear, it's because initially the client doesn't think it's going to do compression so it thinks there's going to be one less byte in the packets.
2) Then, the server pushes the 'compress lzo' directive

Is the client increasing the MTU to 1544 and use lzo compression when it gets the 'push compress lzo'? Or do I absolutely need to have 'compress lzo' in the client config files? In other words, is it impossible for me to push the compression type?

If this isn't the right way to do this, what's the proper way to control which compression to use from the server side?

An update..

I tried this:



and on the client:



I get no errors or warnings on either the client or the server. I gather that adding the 'compress' directive in the client configs tells the client we are going to use some yet to be specified compression so please increase your MTU by one.

The push then pushes the compression type. Does this work?

Remember, I'm not so worried about the clients being old, I can tell the clients they need to update to later software. But it's more difficult to send everyone a new config file.

Pushing --compress arg is the recommended method.

See --compress in The Manual v24x

mgrant wrote: ↑

Sun Mar 18, 2018 12:55 pm

I get no errors or warnings on either the client or the server. I gather that adding the 'compress' directive in the client configs tells the client we are going to use some yet to be specified compression so please increase your MTU by one.

The push then pushes the compression type. Does this work?

This behaviour is meant by

If the algorithm parameter is empty, compression will be turned off, but the packet framing for compression will still be enabled, allowing a different setting to be pushed later.

in OpenVPN 2.4 manual.