Jump to content
Not connected, Your IP: 216.73.216.47
karnuvap

ANSWERED Config Generator using deprecated OpenVPN commands?

Recommended Posts

Hi,

 

I just tested this with a freshly generated config after I received the same error message with an older one.

 

Tunnelblick gives me the following message:

 

Warning: This VPN may not connect in the future.

 
The OpenVPN configuration file for 'AirVPN_Europe_UDP-443' contains these OpenVPN options:
 
'comp-lzo' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5
 
You should update the configuration so it can be used with modern versions of OpenVPN.
 
Tunnelblick will use OpenVPN 2.4.4 - OpenSSL v1.0.2n to connect this configuration.
 
However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options

Share this post


Link to post

Interesting point.  According to:

 

https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--comp-lzo

 

--comp-lzo
Status	Planned for removal
Deprecated in:	OpenVPN v2.4
To be removed in:	(not decided)
Affects:	Client and server
Result if used:	OpenVPN will ignore the option and provide a warning
Replaced by:	--compress
Examples:	--compress
--compress lzo
--compress lz4
The --comp-lzo option would only enable the LZO compression algorithm. The --compress option allows also to use the improved LZ4 algorithm instead. Providing just --compress without an algorithm is the equivalent of --comp-lzo no which disables compression but enables the packet framing for compression. This will allow --compress to be pushed by the server on a per-client basis.

Share this post


Link to post

Hello!

 

That's correct, we still use comp-lzo and we will keep using it for some time. Change with "compress" will be done in due time or not at all. Compression is disabled on all servers, so in the current configuration it makes no difference, but the future incompatibility is kept under consideration, of course.

 

In the near future we might be testing again compression or maybe we will keep it completely off in order to have compatibility with the whole OpenVPN 2 branch (because "compress" is not supported in OpenVPN 2.3.x or older, while "comp-lzo" might be dropped in OpenVPN 2.5 and higher). No definitive decision has been taken.

 

Kind regards

Share this post


Link to post

I'm a little confused: all of the configurations I've generated specify comp-lzo no.

 

Isn't this the same as omitting entirely any mention of a compression option from the configuration file? That is, if I were to want to use OpenVPN 2.5 with Tunnelblick now, couldn't I simply remove the --comp-lzo option?

 

This does, in fact, work with the one AirVPN server I tested.

Share this post


Link to post

I'm a little confused: all of the configurations I've generated specify comp-lzo no.

 

Isn't this the same as omitting entirely any mention of a compression option from the configuration file? That is, if I were to want to use OpenVPN 2.5 with Tunnelblick now, couldn't I simply remove the --comp-lzo option?

 

 

No, it's not equivalent. In most OpenVPN versions. omitting "comp-lzo no" when comp-lzo is specified (even when excluded) on server side will cause connection failure. This is an OpenVPN questionable implementation but that's the way it is. We confirm anyway that we will keep into account all the problems raised in this thread to maximize retro-compatibility whenever possible.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...