Page 1 of 1

Struggling with new iOS client 3.4+

Posted: Sat Dec 02, 2023 11:54 pm
by rlmalisz
We have what has been a stable VPN setup. Main use case is gaining access to the home network from outside, less often for protection on public wifi.

I found the other day that OpenVPN Connect on my iPhone and iPad had gotten updated to 3.4.1 since the last time I'd used the VPN. And that it no longer worked. Launching the app would briefly give a splash screen, then just go black. Same on both device types. No getting past it.

Deleted and resinstalled the apps, loaded config files with two changes: commented out "comp-lzo" and replaced "tls-client" with client. We have two distinct OpenVPN servers with outward facing ports. Tried the first, didn't work, commented out "comp-lzo" on that server, restarted it, all good.

Did the same changes to the second. Connection happens, but the log is full of "Bad LZO decompression header byte: 69", which means the server is still expecting compressed data and the client isn't sending such. The server that is behaving is running 2.4.6, the one that isn't is running 2.4.4.

Was there a bug fixed between 2.4.4 and 2.4.6 that might explain this discrepancy?

And a different question: it seems "comp-lzo" got deprecated with predujice in the iOS apps at 3.4. I understand crypto applied to compressed data can weaken security. But what have others done? Is there some better compression option we should be using on both ends of this equation?

Thanks in advance for any insight or direction.


Re: Struggling with new iOS client 3.4+

Posted: Sun Dec 03, 2023 9:09 pm
by rlmalisz
WRT to the two servers behaving differently, disregard. I had removed comp-lzo from the 2.4.4 machine's config file and restarted the service, or at least, told it to, with no effect. Decided I'd get brave and upgrade Ubuntu on that box and bring up a later/greater OpenVPN. First had to upgrade a pile of packages that apt-get had ben holding back. Got those done, rebooted the machine...and OpenVPN,which hadn't gotten updated, started behaving as expected...sans comp-lzo. Perhaps my "service openvpn restart" commands on that machine were not happening, but a reboot...

Having dragged a workhorse OSX box up to Sonoma from Ventura this morning and fixed all the HTTPD, Perl, PHP, CouchDB gotchas that accompany every major OSX update for us, I decided not to press my luck further. Will let a week's worth of backups pile up before burning any bridges. But things are working.


Re: Struggling with new iOS client 3.4+

Posted: Thu May 23, 2024 8:44 pm
by maloph
Hello, got the issue about the compression after I upgrade OpenVPN client to version 3.4.2. I and realized that I cannot only comment the LZO option but need to be removed the lines from server and client configuration. I was then able to connect to the server but I was unable to connect to any of my app server. Tried many protocol. Then I use a sniffer and realized that the communication is going well on both direction except that nothing is showing up on my iPhone apps. It look like the OpenVPN is well connecting to the vpn server but the data is not going back from OpenVPN client to the app.

I decide to use another vpn app and it work well using the same ovpn file on the two different client