OpenVPN Remote access client Warnings



  • pfSense Verion 2.4.4_2

    Tue Jan 15 04:45:34 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

    For this warning I've read that only security risk is if hacker get hands of my memory dump file and if he does my vpn password will be the last thing I should be worried about :)

    Tue Jan 15 04:45:34 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1570'

    Here I am not sure why I have mtu mismatch !!!!

    Tue Jan 15 04:45:34 2019 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

    For this Warning my settings on pfSense is lz4-v2 and I have ticked also Push Compression
    I am not sure why this option is not exported into my client config file

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    ncp-disable
    auth SHA256
    tls-client
    client
    resolv-retry infinite
    remote 10.10.10.1 1194 udp
    setenv opt block-outside-dns
    auth-user-pass
    ca openvpn-ca.crt
    tls-crypt openvpn-tls.key
    remote-cert-tls server



  • I'm getting the same 2 errors with my setup as well.

    From what i have read with the client at v2.4+ the compression should be pushed to the client without having to set it hence there should be a warning message but i'm getting the compress-lzo warning message as above.



  • @jagradang There is an option to push compression

    Push Compression
    Push the selected Compression setting to connecting clients.

    I have ticked it I am not sure why I am getting this warning and why my client config does not have this option in it.

    Thank you



  • @xlameee said in OpenVPN Remote access client Warnings:

    @jagradang There is an option to push compression

    Push Compression
    Push the selected Compression setting to connecting clients.

    I have ticked it I am not sure why I am getting this warning and why my client config does not have this option in it.

    Thank you

    I figured it out after hours and hours of testing and digging. So the way to fix these errors is to add a 'compress' flag to your client config.

    And here's the reasoning from what I've read... The new compression algorithm allows client to decide if they want compression or not. As a result what we had before were warning us that no commission is enabled but the connection will still work.

    To get rid of the errors, either manually edit your config and add 'compress' or add it to the advanced config section for the client esporter.

    Hope that helps. It worked for me..



  • It could be better to turn off compression completely, see Voracle:
    https://community.openvpn.net/openvpn/wiki/VORACLE



  • @pippin said in OpenVPN Remote access client Warnings:

    It could be better to turn off compression completely, see Voracle:
    https://community.openvpn.net/openvpn/wiki/VORACLE

    Thanks for this information.. Didnt know about this. Just disabling compression now as we speak!



  • @pippin I am turning off the compression as well, but I hope they will fix that soon
    doesn't make much difference with compression on anyway :)


Log in to reply