Re: [Openvpn-users] migrating from lzo to lz4

[Jan J. K. <ja...@ni...>]

Hi Ralf,

On 17/11/17 14:04, Ralf Hildebrandt wrote:
> * David Sommerseth <op...@sf...>:
>> On 16/11/17 09:42, Илья Шипицин wrote:
>>> just "compression" is somewhat not clearly covered by documentation. is
>>> it "stub" ? or is it "enable both lzo and lz4" ?
>> My man page says:
>>
>>        --compress [algorithm]
>>         [...snip...]
>>
>>         If  the  algorithm  parameter is empty, com‐
>>         pression will be turned off, but the  packet
>>         framing   for   compression  will  still  be
>>         enabled, allowing a different setting to  be
>>         pushed later.
>>
>> If this is not clear enough, how could we improve that?
>>
>> But JJK is most likely right that lzo and lz4 cannot be mixed between
>> clients.  But you can have some clients which gets a 'push "compress
>> $ALGORITHM", where $ALGORITHM is either lzo or lz4 [1].
>>
>> Code wise, --comp-lzo yes is the same as --compress lzo.
>> And --comp-lzo no is the same as just --compress.  But --compress is the
>> only one allowing different compression algorithms.
>>
>>
>> [1] Valid values are actually: stub, stub-v2, lzo, lz4, lz4-v2 - but the
>> various differences seems poorly documented outside the source code.
> I tried implementing this; my server config uses:
>
> compress lzo
>
> which is backwards compatible to all my clients which use "comp-lzo".
> This works fine.
>
>
> Now I tried pushing individual compression algorithms to clients,
> testing with my own account:
>
> if (defined $ENV{'IV_LZ4'} && ($username eq "hildeb") ) {
>          $logger->info("$username LZ4 available");
>          push @outline, 'push "compress lz4"';
>
> and that results a major FUBAR:
>
> Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 SENT CONTROL [hildeb]: 'PUSH_REPLY,dhcp-option DNS 141.42.1.1,dhcp-option DOMAIN
> charite.de,sndbuf 393216,rcvbuf 393216,route-gateway 172.29.0.1,topology subnet,ping 10,ping-restart 30,route 10.28.0.0
> 255.254.0.0,route 10.32.0.0 255.224.0.0,route 172.16.0.0 255.254.0.0,route 192.168.192.0 255.255.192.0,route 141.42.0.0
> 255.255.0.0,route 193.175.72.0 255.255.255.0,route 193.175.74.0 255.255.254.0,route 194.94.4.0 255.255.254.0,compress lz4,ifconfig
> 172.29.0.91 255.255.192.0,peer-id 124,cipher AES-256-GCM' (status=1)
> Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Data Channel: using negotiated cipher 'AES-256-GCM'
> Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
> Nov 17 13:41:59 openvpn udp[23345]: hildeb/10.31.111.66 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
> Nov 17 13:42:01 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression header byte: 251
> Nov 17 13:42:02 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression header byte: 251
> Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression header byte: 251
> Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression header byte: 251
> Nov 17 13:42:05 openvpn udp[23345]: hildeb/10.31.111.66 Bad LZO decompression header byte: 251
>
> I'm using openvpn for mac (2.4.4)...
keep in mind that you also need to tell the server to use LZ4 for your 
client; in my original script I was writing out
   compress lz4
   push "compress lz4"

your server seems "stuck" on "compress lzo".

HTH,

JJK