OpenVPN Bad compression stub 2.4.5-rc
-
After upgrading today from 2.4.5-something... to 2.4.5-rc my openvpn was not working anymore. pfsense with 2.5.0-devel as server and pfsense 2.4.5-rc as client.
message started after upgrade in the log is ->
Feb 7 10:24:45 172.17.0.254 openvpn[74628]: Bad compression stub (swap) decompression header byte: 96both had -> Compression = "Disable compression, retain compression packet framing"
to make it work i had to select something else, now i have lzo on both and it work, can't go back to "disable"
-
What hardware are you using? The SG-3100 crypto hardware was broken until the most recent snap.
Working good here for me now.Steve
-
2.4.5-rc is a VM qemu/kvm no crypto hardware
2.5.0-devel is an assembled machine, AMD Athlon 200GE with Radeon Vega Graphics
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (active) -> OpenVPN say Hardware Crypto: Intel RDRAND engine - RAND
-
Hmm, I guess something changed there then. We don't often see that selected.
Most are 'omit preference', which I know does work. I assume that works with your tunnel?Steve
-
indeed, omit preferences (use openvpn default) work
-
Hmm, well it should work if it gives you the option. Open a bug if there isn't one already.
Was it this perhaps?: https://redmine.pfsense.org/issues/10235
Steve
-
probably, yeah but the error message is different
-
I don't know much about amd based systems. I find they run hot and I usually stick to intel but it seems odd that a amd chip supports intel rdrand engine. I may be wrong though.
-
https://en.wikipedia.org/wiki/RDRAND
AMD added support for the instruction in June 2015amd 200ge is a low power consumptio cpu that run at 30°C
-
Good to know. Thanks. Maybe netgate should change it from intel rdrand to just rdrand. As far as amd temps go, I had the original 64 bit dual core cpu from amd a number of years ago and it acted like a forced hot air heater. It heated up the room to 80-90 degrees f and then shut it self off from over heating. This is a decent size room too. I was not pushing the cpu ether.
-
The devices / drivers are named after whatever first supports them and they are named that upstream. It would be confusing if we changed that. Hence x86-64 architecture is known as amd64.
Steve
