Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Bad compression stub 2.4.5-rc

    Development
    3
    11
    463
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokoman
      kiokoman LAYER 8 last edited by

      After upgrading today from 2.4.5-something... to 2.4.5-rc my openvpn was not working anymore. pfsense with 2.5.0-devel as server and pfsense 2.4.5-rc as client.

      message started after upgrade in the log is ->

      Feb  7 10:24:45 172.17.0.254 openvpn[74628]: Bad compression stub (swap) decompression header byte: 96
      

      both had -> Compression = "Disable compression, retain compression packet framing"

      to make it work i had to select something else, now i have lzo on both and it work, can't go back to "disable"

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        What hardware are you using? The SG-3100 crypto hardware was broken until the most recent snap.
        Working good here for me now.

        Steve

        1 Reply Last reply Reply Quote 0
        • kiokoman
          kiokoman LAYER 8 last edited by kiokoman

          2.4.5-rc is a VM qemu/kvm no crypto hardware
          2.5.0-devel is an assembled machine, AMD Athlon 200GE with Radeon Vega Graphics
          4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
          AES-NI CPU Crypto: Yes (active) -> OpenVPN say Hardware Crypto: Intel RDRAND engine - RAND

          Immagine.jpg

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            Hmm, I guess something changed there then. We don't often see that selected.
            Most are 'omit preference', which I know does work. I assume that works with your tunnel?

            Steve

            1 Reply Last reply Reply Quote 0
            • kiokoman
              kiokoman LAYER 8 last edited by

              indeed, omit preferences (use openvpn default) work

              1 Reply Last reply Reply Quote 0
              • stephenw10
                stephenw10 Netgate Administrator last edited by stephenw10

                Hmm, well it should work if it gives you the option. Open a bug if there isn't one already.

                Was it this perhaps?: https://redmine.pfsense.org/issues/10235

                Steve

                1 Reply Last reply Reply Quote 0
                • kiokoman
                  kiokoman LAYER 8 last edited by

                  probably, yeah but the error message is different

                  1 Reply Last reply Reply Quote 0
                  • T
                    techpro2004 last edited by

                    I don't know much about amd based systems. I find they run hot and I usually stick to intel but it seems odd that a amd chip supports intel rdrand engine. I may be wrong though.

                    1 Reply Last reply Reply Quote 0
                    • kiokoman
                      kiokoman LAYER 8 last edited by

                      🤦
                      https://en.wikipedia.org/wiki/RDRAND
                      AMD added support for the instruction in June 2015

                      amd 200ge is a low power consumptio cpu that run at 30°C

                      1 Reply Last reply Reply Quote 0
                      • T
                        techpro2004 last edited by

                        Good to know. Thanks. Maybe netgate should change it from intel rdrand to just rdrand. As far as amd temps go, I had the original 64 bit dual core cpu from amd a number of years ago and it acted like a forced hot air heater. It heated up the room to 80-90 degrees f and then shut it self off from over heating. This is a decent size room too. I was not pushing the cpu ether.

                        1 Reply Last reply Reply Quote 0
                        • stephenw10
                          stephenw10 Netgate Administrator last edited by

                          The devices / drivers are named after whatever first supports them and they are named that upstream. It would be confusing if we changed that. Hence x86-64 architecture is known as amd64.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post

                          Products

                          • Platform Overview
                          • TNSR
                          • pfSense Plus
                          • Appliances

                          Services

                          • Training
                          • Professional Services

                          Support

                          • Subscription Plans
                          • Contact Support
                          • Product Lifecycle
                          • Documentation

                          News

                          • Media Coverage
                          • Press
                          • Events

                          Resources

                          • Blog
                          • FAQ
                          • Find a Partner
                          • Resource Library
                          • Security Information

                          Company

                          • About Us
                          • Careers
                          • Partners
                          • Contact Us
                          • Legal
                          Our Mission

                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                          Subscribe to our Newsletter

                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                          © 2021 Rubicon Communications, LLC | Privacy Policy