Tunnelblick 3.7.5



  • Today, I applied the latest Tunnelblick security update (3.7.5 build 5010) on my Mac High Sierra. After doing so, I reconnected to my pfsense box (2.4.2-RELEASE-p1), and got the following message from Tunnelblick:
    Warning: This VPN may not connect in the future.
    The OpenVPN configuration file for 'pfSense-UDP4-1194-vpnuser-config' contains these OpenVPN options:
    'comp-lzo' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5
    You should update the configuration so it can be used with modern versions of OpenVPN.
    Tunnelblick will use OpenVPN 2.4.4 - OpenSSL v1.0.2n to connect this configuration.
    However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.

    I downloaded a new client config from pfsense, and applied it (there were some slightly different settings in the newest version) the same result.

    Just thought I should bring it up, in case it is important!



  • Just a bump to get some attention and a question.

    If the option comp-lzo is to be removed from the clients config, how much would this affect the tunnel?
    With the current high bandwidth available, is this still an issue?



  • Hi necron,

    While I do not have a solution to this problem, I can confirm that I also have received this message. I would hope that anyone with knowledge of this could shed more light.



  • Same thing here but with a different option:

    'ns-cert-type' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5


Log in to reply