Project

General

Profile

« Previous | Next » 

Revision 56e031a7

Added by Jim Pingle almost 5 years ago

OpenVPN compression options update. Issue #11020

  • Add new "Allow Compression" option for OpenVPN 2.5.0. Defaults to asymmetric
    (Decompress incoming packets, do not compress outgoing packets) for a more
    secure and smooth transition to disabling compression entirely.
  • Rearrange compression options so that the options to disable (or not actively
    use) compression are first.
  • Disable compression for new instances, upgraded instances will use asymmetric
    mode.
  • Mark compression option as Deprecated (per the OpenVPN documentation)

View differences:

src/etc/inc/openvpn.inc
123 123 
	'p2p_tls' => gettext("Peer to Peer ( SSL/TLS )"),
124 124 
	'p2p_shared_key' => gettext("Peer to Peer ( Shared Key )"));
125 125 

  		




  
  126
  
    
global $openvpn_allow_compression;


  		




  
  127
  
    
$openvpn_allow_compression = array(


  		




  
  128
  
    
	'asym' => gettext("Decompress incoming, do not compress outgoing (Asymmetric)"),


  		




  
  129
  
    
	'no'   => gettext("Refuse any non-stub compression (Most secure)"),


  		




  
  130
  
    
	'yes'  => gettext("Compress packets (WARNING: Potentially dangerous!)"),


  		




  
  131
  
    
);


  		




  
  132
  
    

  		




  126
  133
  
    
global $openvpn_compression_modes;


  		




  127
  134
  
    
$openvpn_compression_modes = array(


  		




  
  135
  
    
	'' => gettext("Disable Compression [Omit Preference]"),


  		




  128
  136
  
    
	'none' => gettext("Disable Compression, retain compression packet framing [compress]"),


  		




  
  137
  
    
	'stub' => gettext("Enable Compression (stub) [compress stub]"),


  		




  
  138
  
    
	'stub-v2' => gettext("Enable Compression (stub v2) [compress stub-v2]"),


  		




  129
  139
  
    
	'lz4' => gettext("LZ4 Compression [compress lz4]"),


  		




  130
  140
  
    
	'lz4-v2' => gettext("LZ4 Compression v2 [compress lz4-v2]"),


  		




  131
  141
  
    
	'lzo' => gettext("LZO Compression [compress lzo, equivalent to comp-lzo yes for compatibility]"),


  		




  132
  
  
    
	'stub' => gettext("Enable Compression (stub) [compress stub]"),


  		




  133
  
  
    
	'stub-v2' => gettext("Enable Compression (stub v2) [compress stub-v2]"),


  		




  134
  
  
    
	'' => gettext("Omit Preference (Use OpenVPN Default)"),


  		




  135
  142
  
    
	'noadapt' => gettext("Omit Preference, + Disable Adaptive LZO Compression [Legacy style, comp-noadapt]"),


  		




  136
  143
  
    
	'adaptive' => gettext("Adaptive LZO Compression [Legacy style, comp-lzo adaptive]"),


  		




  137
  144
  
    
	'yes' => gettext("LZO Compression [Legacy style, comp-lzo yes]"),


  		




  ......




  1319
  1326
  
    
			break;


  		




  1320
  1327
  
    
	}


  		




  1321
  1328
  
    

  		




  
  1329
  
    
	if (!empty($settings['allow_compression'])) {


  		




  
  1330
  
    
		$conf .= "allow-compression {$settings['allow_compression']}\n";


  		




  
  1331
  
    
	}


  		




  
  1332
  
    

  		




  1322
  1333
  
    
	$compression = "";


  		




  1323
  1334
  
    
	switch ($settings['compression']) {


  		




  1324
  1335
  
    
		case 'none':


  		












Also available in:  Unified diff