disable openvpn compression

spinx · Feb 23, 2021, 6:43 AM

Hi,
I have pfsense 2.4, and i would like to disable compress because of openvpn vulnerability.
Now i have a question about hot to do that. I have several options to disable it:

Disable compression, retain compression packet framing
NO lzo compression .....

Which is the best option for this?

Regards

pete35 · Feb 23, 2021, 6:58 AM

@spinx

i do it this way, if dealing with unknown clients:

spinx · Feb 23, 2021, 7:03 AM

Hi,
Tnx for info.
Well i don't have "Allow Compression" i only have Compression section.
With option "disable compression" Disable compression, retain compression packet framing

Ideas?

Regards

Gertjan · Feb 23, 2021, 7:12 AM

@spinx said in disable openvpn compression:

I have pfsense 2.4

This might explain : 2.4 is years old .....

@pete35 : Your using 2.5.0, right ?

pete35 · Feb 23, 2021, 7:28 AM

@gertjan

i checked a 2.4 :
disable compression, retain should be good.

spinx · Feb 23, 2021, 7:31 AM

Hi,
Will this disable the warnings when users connect to OpenVPN and protect against vulnerabiltiy?

Regards

pete35 · Feb 23, 2021, 7:34 AM

@spinx

i dont know, this depends on the client and its configuration. There may be other warnings.

spinx · Feb 24, 2021, 7:37 AM

Hi,
i have disable compression on pfsense, but when i connect i still get warning "comp-lzo is present in remote config but missing in local config remote=comp-lzo"

Regards

pete35 · Feb 24, 2021, 7:38 AM

@spinx
I guess you need to reconfigure the client for no compression.