OpenVPN Remote access client Warnings

xlameee

pfSense Verion 2.4.4_2

Tue Jan 15 04:45:34 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

For this warning I've read that only security risk is if hacker get hands of my memory dump file and if he does my vpn password will be the last thing I should be worried about :)

Tue Jan 15 04:45:34 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1570'

Here I am not sure why I have mtu mismatch !!!!

Tue Jan 15 04:45:34 2019 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

For this Warning my settings on pfSense is lz4-v2 and I have ticked also Push Compression
I am not sure why this option is not exported into my client config file

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-disable
auth SHA256
tls-client
client
resolv-retry infinite
remote 10.10.10.1 1194 udp
setenv opt block-outside-dns
auth-user-pass
ca openvpn-ca.crt
tls-crypt openvpn-tls.key
remote-cert-tls server

jagradang

I'm getting the same 2 errors with my setup as well.

From what i have read with the client at v2.4+ the compression should be pushed to the client without having to set it hence there should be a warning message but i'm getting the compress-lzo warning message as above.

xlameee

@jagradang There is an option to push compression

Push Compression
Push the selected Compression setting to connecting clients.

I have ticked it I am not sure why I am getting this warning and why my client config does not have this option in it.

Thank you

jagradang

@xlameee said in OpenVPN Remote access client Warnings:

@jagradang There is an option to push compression

Push Compression
Push the selected Compression setting to connecting clients.

I have ticked it I am not sure why I am getting this warning and why my client config does not have this option in it.

Thank you

I figured it out after hours and hours of testing and digging. So the way to fix these errors is to add a 'compress' flag to your client config.

And here's the reasoning from what I've read... The new compression algorithm allows client to decide if they want compression or not. As a result what we had before were warning us that no commission is enabled but the connection will still work.

To get rid of the errors, either manually edit your config and add 'compress' or add it to the advanced config section for the client esporter.

Hope that helps. It worked for me..

Pippin

It could be better to turn off compression completely, see Voracle:
https://community.openvpn.net/openvpn/wiki/VORACLE

jagradang

@pippin said in OpenVPN Remote access client Warnings:

It could be better to turn off compression completely, see Voracle:
https://community.openvpn.net/openvpn/wiki/VORACLE

Thanks for this information.. Didnt know about this. Just disabling compression now as we speak!

xlameee

@pippin I am turning off the compression as well, but I hope they will fix that soon
doesn't make much difference with compression on anyway :)

justping

@jagradang Thanks, your solution worked fine.