Page 1 of 1

Resoved: iPhone OpenVPN Connect "server pushed compression settings that are not allowed and will result in a non-work"

Posted: Tue Nov 14, 2023 5:25 am
by SomeGuy
Hello,

I have had compression disabled in the server configuration and client configurations explicitly as an application configuration for a long time.
(Side note: Issues with doing compression with encryption "right" has been a problem for decades in many applications: often safest to not combine them.)

When I upgraded to OpenVPN Connect on iPhone a while back, my client was presented with:
"server pushed compression settings that are not allowed and will result in a non-working connection. "

A work-around to allow configuration-based compression disabling in newer versions of OpenVPN Connect (as of 2023):
OpenVPN Connect (App) -> Hamburger (top-left hamburger/sandwich/3-horizontal-bars-in-a-square) -> Settings -> "Advanced Settings" -> "Security Level" set to "Legacy" (default was "Preferred")

Without that this error would be presented in the client and refuse to connect:
"server pushed compression settings that are not allowed and will result in a non-working connection. "

I thought I would follow-up with changes to address this...

I included a (mostly useless) server push disabling compression to the client on-connect with an idea, maybe a default push for compression was being included. Nope.

I disabled all compression in server config and even tried to clear all push, and then only push compression disabled to clients on connect. Nope.

I even rebuilt openvpn from source and disabled compression (--disable-lzo --disable-lz4 --disable-comp-stub) which requires not just specifying compression should be disabled, but not even mentioned in server configuration file, or at least commented-out. Nope.

I also tested with "--disable-dco" ... nope.

Even after compression mentions were removed from all of the server configs, and any CCD etc., the latest iPhone OpenVPN Connect (as of Nov 2023) client still reported the server was pushing compression settings.

It appears this "error" complaining about by the OpenVPN Connect client about the *server* pushing compression settings is a bad attribution.

If you import an *OVPN configuration file into iPhone OpenVPN Connect application which has "comp-lzo no" or probably "comp-lzo 'anything'" *this* is what OpenVPN Connect claims is a "server pushed compression setting"

Once the client OVPN config was altered to remove all reference to "comp-lzo" (commented out) then re-imported to the iPhone OpenVPN Connect application, and the server no longer mentions it, and the server was built with compression disabled at config/build-from-source time, I was able to:

OpenVPN Connect (App) -> Hamburger (top-left hamburger/sandwich/3-horizontal-bars-in-a-square) -> Settings -> "Advanced Settings" -> "Security Level" set to "Preferred (Recommended)"

... and no more "error" claiming the "server" is pushing compression.

I hope this saves any other OpenVPN server admins the hassle of trying to diagnose this false claim from a client that their server is pushing compression, when it is not.

Good luck!