Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Bad compression stub 2.4.5-rc

    Development
    3
    11
    1882
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokoman
      kiokoman LAYER 8 last edited by

      After upgrading today from 2.4.5-something... to 2.4.5-rc my openvpn was not working anymore. pfsense with 2.5.0-devel as server and pfsense 2.4.5-rc as client.

      message started after upgrade in the log is ->

      Feb  7 10:24:45 172.17.0.254 openvpn[74628]: Bad compression stub (swap) decompression header byte: 96

      both had -> Compression = "Disable compression, retain compression packet framing"

      to make it work i had to select something else, now i have lzo on both and it work, can't go back to "disable"

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        What hardware are you using? The SG-3100 crypto hardware was broken until the most recent snap.
        Working good here for me now.

        Steve

        1 Reply Last reply Reply Quote 0
        • kiokoman
          kiokoman LAYER 8 last edited by kiokoman

          2.4.5-rc is a VM qemu/kvm no crypto hardware
          2.5.0-devel is an assembled machine, AMD Athlon 200GE with Radeon Vega Graphics
          4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
          AES-NI CPU Crypto: Yes (active) -> OpenVPN say Hardware Crypto: Intel RDRAND engine - RAND

          Immagine.jpg

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            Hmm, I guess something changed there then. We don't often see that selected.
            Most are 'omit preference', which I know does work. I assume that works with your tunnel?

            Steve

            1 Reply Last reply Reply Quote 0
            • kiokoman
              kiokoman LAYER 8 last edited by

              indeed, omit preferences (use openvpn default) work

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • stephenw10
                stephenw10 Netgate Administrator last edited by stephenw10

                Hmm, well it should work if it gives you the option. Open a bug if there isn't one already.

                Was it this perhaps?: https://redmine.pfsense.org/issues/10235

                Steve

                1 Reply Last reply Reply Quote 0
                • kiokoman
                  kiokoman LAYER 8 last edited by

                  probably, yeah but the error message is different

                  ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                  Please do not use chat/PM to ask for help
                  we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                  Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                  1 Reply Last reply Reply Quote 0
                  • T
                    techpro2004 last edited by

                    I don't know much about amd based systems. I find they run hot and I usually stick to intel but it seems odd that a amd chip supports intel rdrand engine. I may be wrong though.

                    1 Reply Last reply Reply Quote 0
                    • kiokoman
                      kiokoman LAYER 8 last edited by

                      🤦
                      https://en.wikipedia.org/wiki/RDRAND
                      AMD added support for the instruction in June 2015

                      amd 200ge is a low power consumptio cpu that run at 30°C

                      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                      Please do not use chat/PM to ask for help
                      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                      1 Reply Last reply Reply Quote 0
                      • T
                        techpro2004 last edited by

                        Good to know. Thanks. Maybe netgate should change it from intel rdrand to just rdrand. As far as amd temps go, I had the original 64 bit dual core cpu from amd a number of years ago and it acted like a forced hot air heater. It heated up the room to 80-90 degrees f and then shut it self off from over heating. This is a decent size room too. I was not pushing the cpu ether.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10
                          stephenw10 Netgate Administrator last edited by

                          The devices / drivers are named after whatever first supports them and they are named that upstream. It would be confusing if we changed that. Hence x86-64 architecture is known as amd64.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post