OpenVPN: Is LZO-Compression now effectively disabled?

I was having some trouble with a road-warrior configuration and determined that the client was trying to use comp-lzo but the server was not.I tried enabling it on the server (IPFire) on the OpenVPN Advanced Server Options page (stopping the service ahead of time). However, I can check the LZO-Compression box and click on ‘Saved advanced options,’ but when I go back to the page again, the box remains unchecked.

I took a look in the server configuration file, and sure enough, no comp-lzo line has been written there. So it appears that you can’t enable it through the IPFire GUI even if you want to.

I don’t need the compression, and I see that there is a security issue with it, so I won’t use it. But if IPFire is now “enforcing” its non-use, could the page be changed to make that clear? Thank you.

Web cache issue?

Good thought. I cleared the cache, and even tried another browser that I normally never use. Same behavior.

For what it’s worth, all of the other checkboxes on that page do “take” - lzo compression is the only one that doesn’t. Perhaps I have some setting that is mutually incompatible with compression? I can post my config file if that would help.

There is a typo in the cgi that not restore the checkbox from the configfile so lzo is always disabled.

in ovpmain.cgi change:
$vpnsettings{‘COMPLZO’} = $cgiparams{‘DCOMPLZO’};
to
$vpnsettings{‘DCOMPLZO’} = $cgiparams{‘DCOMPLZO’};

1 Like

Oh, that is a bad one. Good catch!

Hi all,
patch has been send --> https://patchwork.ipfire.org/patch/2627/ .

Best,

Erik

2 Likes