Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    disable openvpn compression

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spinx
      last edited by

      Hi,
      I have pfsense 2.4, and i would like to disable compress because of openvpn vulnerability.
      Now i have a question about hot to do that. I have several options to disable it:

      • Disable compression, retain compression packet framing
      • NO lzo compression .....

      Which is the best option for this?

      Regards

      P GertjanG 2 Replies Last reply Reply Quote 0
      • P
        pete35 @spinx
        last edited by

        @spinx

        i do it this way, if dealing with unknown clients:

        9c483bcc-88b0-423a-be7b-8a428fe8fa15-image.png

        <a href="https://carsonlam.ca">bintang88</a>
        <a href="https://carsonlam.ca">slot88</a>

        1 Reply Last reply Reply Quote 0
        • S
          spinx
          last edited by

          Hi,
          Tnx for info.
          Well i don't have "Allow Compression" i only have Compression section.
          With option "disable compression" Disable compression, retain compression packet framing

          Ideas?

          Regards

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @spinx
            last edited by

            @spinx said in disable openvpn compression:

            I have pfsense 2.4

            This might explain : 2.4 is years old .....

            @pete35 : Your using 2.5.0, right ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            P 1 Reply Last reply Reply Quote 0
            • P
              pete35 @Gertjan
              last edited by

              @gertjan

              i checked a 2.4 :
              disable compression, retain should be good.

              <a href="https://carsonlam.ca">bintang88</a>
              <a href="https://carsonlam.ca">slot88</a>

              1 Reply Last reply Reply Quote 0
              • S
                spinx
                last edited by

                Hi,
                Will this disable the warnings when users connect to OpenVPN and protect against vulnerabiltiy?

                Regards

                P 1 Reply Last reply Reply Quote 0
                • P
                  pete35 @spinx
                  last edited by

                  @spinx

                  i dont know, this depends on the client and its configuration. There may be other warnings.

                  <a href="https://carsonlam.ca">bintang88</a>
                  <a href="https://carsonlam.ca">slot88</a>

                  1 Reply Last reply Reply Quote 0
                  • S
                    spinx
                    last edited by

                    Hi,
                    i have disable compression on pfsense, but when i connect i still get warning "comp-lzo is present in remote config but missing in local config remote=comp-lzo"

                    Regards

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      pete35 @spinx
                      last edited by

                      @spinx
                      I guess you need to reconfigure the client for no compression.

                      <a href="https://carsonlam.ca">bintang88</a>
                      <a href="https://carsonlam.ca">slot88</a>

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.