Messages Warning vs Error during connection
Posted: Thu Dec 15, 2011 9:53 am
I've seen that over the many years of running openvpn servers serving thousands of users, there are still weird things that I don't quite understand. Hopefully someone can shed a light on this. In all my servers, the statement comp-lzo is purposely omitted since compression doesn't really work to speed up the transfer in modern internet, most contents are already being compressed.
However some new firmwares of routers auto-generated scripts has added this comp-lzo no in its config files instead of omitting the line. But from the openvpn manual, it seems the default is comp-lzo disabled. Does it meant that if I start a server which does not contain the line comp-lzo no, is the same as config with the line comp-lzo no?
It said default is disabled, but when you connect a client which has a 'comp-lzo no' statement to a server that does not have that line, a warning will come out in your log file, however even tho its a warning, the connection will fail to transfer any traffic.
Thus the question, a warning message that actually is an error but in another case, if a client has a tun-ipv6 statement tries to connect to a server without a tun-ipv6, a warning will again come out in the log, except in this case, all traffic still passing thru on that connection. In this case, the warning is just a warning while in the comp-lzo, the warning is actually an error.
For those users using dd-wrt with latest firmware, you can use the gui to connect to your vpn servers but make sure that the servers you are connected to has a comp-lzo statement, else you will be connected but no routing whatsoever due to the missing lzo headers.
My suggestion for the next release, is to include 'comp-lzo no' as default, whether you omit the line or not in your server config. A 'comp-lzo yes' or adaptive will overwrite the default.
However some new firmwares of routers auto-generated scripts has added this comp-lzo no in its config files instead of omitting the line. But from the openvpn manual, it seems the default is comp-lzo disabled. Does it meant that if I start a server which does not contain the line comp-lzo no, is the same as config with the line comp-lzo no?
It said default is disabled, but when you connect a client which has a 'comp-lzo no' statement to a server that does not have that line, a warning will come out in your log file, however even tho its a warning, the connection will fail to transfer any traffic.
Thus the question, a warning message that actually is an error but in another case, if a client has a tun-ipv6 statement tries to connect to a server without a tun-ipv6, a warning will again come out in the log, except in this case, all traffic still passing thru on that connection. In this case, the warning is just a warning while in the comp-lzo, the warning is actually an error.
For those users using dd-wrt with latest firmware, you can use the gui to connect to your vpn servers but make sure that the servers you are connected to has a comp-lzo statement, else you will be connected but no routing whatsoever due to the missing lzo headers.
My suggestion for the next release, is to include 'comp-lzo no' as default, whether you omit the line or not in your server config. A 'comp-lzo yes' or adaptive will overwrite the default.