Today, I applied the latest Tunnelblick security update (3.7.5 build 5010) on my Mac High Sierra. After doing so, I reconnected to my pfsense box (2.4.2-RELEASE-p1), and got the following message from Tunnelblick:
Warning: This VPN may not connect in the future.
The OpenVPN configuration file for 'pfSense-UDP4-1194-vpnuser-config' contains these OpenVPN options:
'comp-lzo' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5
You should update the configuration so it can be used with modern versions of OpenVPN.
Tunnelblick will use OpenVPN 2.4.4 - OpenSSL v1.0.2n to connect this configuration.
However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.
I downloaded a new client config from pfsense, and applied it (there were some slightly different settings in the newest version) the same result.
Just thought I should bring it up, in case it is important!
Just a bump to get some attention and a question.
If the option comp-lzo is to be removed from the clients config, how much would this affect the tunnel?
With the current high bandwidth available, is this still an issue?
While I do not have a solution to this problem, I can confirm that I also have received this message. I would hope that anyone with knowledge of this could shed more light.
Same thing here but with a different option:
'ns-cert-type' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5