[eduVPN-deploy] issues with adaptive compression on OpenVPN clients
François Kooman
fkooman at tuxed.net
Fri Dec 15 12:09:51 CET 2017
Hi,
The past few days we noticed an issue with the eduVPN production service
which turned out was related to the "adaptive compression" support in
OpenVPN. Since a recent update, the server no longer pushed "comp-lzo
no" to the client to disable adaptive compression which resulted in the
client sometimes enabling compression and the server dropping this
compressed traffic. The problem can be triggered by sending (large)
pings to the gateway of your VPN, e.g. "ping -s 1400 10.11.12.1"
assuming 10.11.12.1 is the gateway of the VPN server, after some time
the OpenVPN client will enable compression which results in no longer
receiving ping responses.
You are affected if:
- you have/had vpn-server-node 1.0.5
- you have the `enableCompression` flag in vpn-server-api config set to
`true`, or it is missing from your configuration (default when missing
is `true`)
- you regenerated the server configuration (using
vpn-server-node-server-config) after installing 1.0.5 and restarted OpenVPN
In order to be sure your server is in the correct state:
- update all packages to their latest version
- run "sudo vpn-server-node-server-config"
- restart all OpenVPN processes ('sudo systemctl restart
"openvpn-server@*"') or restart your VPN server
Let me know if you have any questions!
Cheers,
François
More information about the eduVPN-deploy
mailing list