PfSense OpenVPN server + Mikrotik client. Decompress LZO even if no compression
-
If you know Microtik routers OpenVPN implementation doesn't uses compression.
But when I setup pfSense OpenVPN server I was able to connect, but I was unable to see the remote subnet, system log showed error "Bad LZO decompression header byte: 69".
I had to manually remove line "comp-lzo no" from pfSense OpenVPN server config in /var/etc/openvpn, after that I could see the remote subnet.
So what is wrong with "comp-lzo no" line and why setup can't just don't use it if no compression? -
Older and specialized versions of OpenVPN don't quite cope with that. Especially if they were deliberately compiled without LZO.
The GUI has options that correspond to all possible combinations. "No Preference" leaves it out of the configuration, but on newer versions of OpenVPN that defaults to actually being on with adaptive compression. On 2.3.3 we now have an option "No Preference and Adaptive Compression Disabled" which helps when dealing with picky clients.
-
On 2.3.3 we now have an option "No Preference and Adaptive Compression Disabled" which helps when dealing with picky clients.
Which will remove accurance of this option in config?
Thank you for response. -
On 2.3.3 we now have an option "No Preference and Adaptive Compression Disabled" which helps when dealing with picky clients.
Which will remove accurance of this option in config?
Thank you for response.When this option is selected, "comp-lzo" is not in the config, and it adds "comp-noadapt" to disable adaptive compression.
OpenVPN can be picky in how the client and server interact across versions and when LZO is not compiled in.
If you have no compression options in the configuration at all, it still enables it with adaptive compression because that's the current OpenVPN default (it wasn't always). And if you use "comp-lzo no" the far side won't understand that if it does not have LZO compiled in.