Project

General

Profile

Feature #8788

Disable compression by default for OpenVPN

Added by James Dekker 7 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
08/15/2018
Due date:
% Done:

100%

Estimated time:

Description

In light of the voracle attack, this feature request is to disable compression by default for OpenVPN in pfSense.

Associated revisions

Revision 38922574 (diff)
Added by Jim Pingle 7 months ago

Disable OpenVPN compression for new instances by default. Fixes #8788

Also add warning text that cautions against enabling compression.

While here, also add missing "stub-v2" compression mode.

History

#1 Updated by Jim Pingle 7 months ago

  • Status changed from New to In Progress
  • Assignee set to Jim Pingle

#2 Updated by Jim Pingle 7 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

Applied in changeset 3892257442d732c601c9f5e889327fb59d375437.

#3 Updated by James Dekker 7 months ago

On 2.4.4.a.20180815.1003 (gitsync'd to master), OpenVPN (server and client) default to "Disable Compression, retain compression packet framing [compress]". Looks good.

#4 Updated by Jim Pingle 7 months ago

  • Status changed from Feedback to Resolved

#5 Updated by Jim Pingle 7 months ago

  • Private changed from Yes to No

Also available in: Atom PDF