OpenVPN Bad compression stub 2.4.5-rc

kiokoman · Feb 7, 2020, 10:47 PM

After upgrading today from 2.4.5-something... to 2.4.5-rc my openvpn was not working anymore. pfsense with 2.5.0-devel as server and pfsense 2.4.5-rc as client.

message started after upgrade in the log is ->

Feb  7 10:24:45 172.17.0.254 openvpn[74628]: Bad compression stub (swap) decompression header byte: 96

both had -> Compression = "Disable compression, retain compression packet framing"

to make it work i had to select something else, now i have lzo on both and it work, can't go back to "disable"

stephenw10 · Feb 8, 2020, 3:48 PM

What hardware are you using? The SG-3100 crypto hardware was broken until the most recent snap.
Working good here for me now.

Steve

kiokoman · Feb 8, 2020, 4:35 PM

2.4.5-rc is a VM qemu/kvm no crypto hardware
2.5.0-devel is an assembled machine, AMD Athlon 200GE with Radeon Vega Graphics
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (active) -> OpenVPN say Hardware Crypto: Intel RDRAND engine - RAND

login-to-view

stephenw10 · Feb 8, 2020, 7:13 PM

Hmm, I guess something changed there then. We don't often see that selected.
Most are 'omit preference', which I know does work. I assume that works with your tunnel?

Steve

kiokoman · Feb 8, 2020, 7:34 PM

indeed, omit preferences (use openvpn default) work

stephenw10 · Feb 8, 2020, 8:40 PM

Hmm, well it should work if it gives you the option. Open a bug if there isn't one already.

Was it this perhaps?: https://redmine.pfsense.org/issues/10235

Steve

kiokoman · Feb 8, 2020, 8:42 PM

probably, yeah but the error message is different

techpro2004 · Feb 9, 2020, 2:01 PM

I don't know much about amd based systems. I find they run hot and I usually stick to intel but it seems odd that a amd chip supports intel rdrand engine. I may be wrong though.

kiokoman · Feb 9, 2020, 2:22 PM

https://en.wikipedia.org/wiki/RDRAND
AMD added support for the instruction in June 2015

amd 200ge is a low power consumptio cpu that run at 30°C

techpro2004 · Feb 9, 2020, 2:44 PM

Good to know. Thanks. Maybe netgate should change it from intel rdrand to just rdrand. As far as amd temps go, I had the original 64 bit dual core cpu from amd a number of years ago and it acted like a forced hot air heater. It heated up the room to 80-90 degrees f and then shut it self off from over heating. This is a decent size room too. I was not pushing the cpu ether.

stephenw10 · Feb 9, 2020, 9:02 PM

The devices / drivers are named after whatever first supports them and they are named that upstream. It would be confusing if we changed that. Hence x86-64 architecture is known as amd64.

Steve