Bug #10177
closed
OpenVPN Server Compression option missing (No compression)
0%
Description
Hi,
I was just wondering why the deactivate compression option within the OpenVpn Server config does not disable compression at all?
If I'm not mistaken, there should be an option to totally avoid the "compression" statement in the OpenVPN Server config.
Why: If I controll all my clients and the server, I can totally disable compression by leaving the statement from my server and client config. This is under other options recommended by OpenVPN: https://community.openvpn.net/openvpn/wiki/VORACLE
Would be nice to incorporate this option.
Thanks for your great work
Updated by Cullen Trey over 4 years ago
Sorry it is the "compress" statement:
"Community edition: OpenVPN 2.3.x and OpenVPN 2.4.x
If a soft migration is not needed you can remove all comp-lzo and compress from all clients and server configs to disable compression."
Updated by Jim Pingle over 4 years ago
- Status changed from New to Not a Bug
- Target version deleted (
2.4.5)
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .
See Reporting Issues with pfSense Software for more information.
Updated by Viktor Gurov over 4 years ago
- Status changed from Not a Bug to New
That seems correct,
From openvpn(8):
If the algorithm parameter is empty, compression will be turned off, but the packet framing for compression will
still be enabled, allowing a different setting to be pushed later.
PR for 'disable' option:
https://github.com/pfsense/pfsense/pull/4161
Updated by Cullen Trey over 4 years ago
After reading your patch and the complete file, I got the fealing that the "default" value Line 135: '' => gettext("Omit Preference (Use OpenVPN Default)"), disables compression at all:
Line 1331: default:
/* Add nothing to the configuration */
break;
Is this by intention? Then from my point of view, this option is really confusing. It does not use the "OpenVPN Default" compression, it disables compression.
Therefore, an easyier fix would be to rename "Omit Preference (Use OpenVPN Default)" to something like your suggestion "Fully Disable Compression, prevent from pushing settings later."
Thanks for the effort
Updated by Jim Pingle over 4 years ago
- Status changed from New to Not a Bug
Omitting the directive uses the OpenVPN default, which is what the option already says, and that was an intentional choice. The behavior beyond that depends on the OpenVPN version and what it does, which is NOT to disable. The very first option in the drop-down says to disable, and that's what it does.
This is not a bug but a support/discussion issue, which belongs on the forum and not here.
--compress [algorithm]
Enable a compression algorithm.
The algorithm parameter may be "lzo", "lz4", or empty. LZO and
LZ4 are different compression algorithms, with LZ4 generally of-
fering the best performance with least CPU usage. For backwards
compatibility with OpenVPN versions before 2.4, use "lzo" (which
is identical to the older option "--comp-lzo yes").
If the algorithm parameter is empty, compression will be turned
off, but the packet framing for compression will still be en-
abled, allowing a different setting to be pushed later.