psyberian 0 Posted ... I've recently read an article regarding a BlackHat presentation on a compression-related attack on some OpenVPN configurations. Are the AirVPN generated OpenVPN configurations or the Eddie client potentially vulnerable to such an attack? Or is compression disabled by default? Is there anything we should do as users to prevent any potential issues? Quote Share this post Link to post
go558a83nk 362 Posted ... comp-lzo is in configs because some devices don't seem to work with "comp-lzo no" in the config. But, AirVPN servers push a message that includes "comp-lzo no", which disables compression. 3 rickjames, psyberian and corrado reacted to this Quote Share this post Link to post
psyberian 0 Posted ... comp-lzo is in configs because some devices don't seem to work with "comp-lzo no" in the config. But, AirVPN servers push a message that includes "comp-lzo no", which disables compression. That's great, thanks for the information. Quote Share this post Link to post
corrado 100 Posted ... Once again AirVPN shines . The technical expertise of AirVPN is just extraordinary. I checked the configurations of five other providers: all use compression and are thus vulnerable. 2 psyberian and rickjames reacted to this Quote Share this post Link to post
rickjames 106 Posted ... I download the ovpn files via the config generator, at present all have "comp-lzo no" in them when choosing the linux versions. 1 psyberian reacted to this Quote Share this post Link to post
go558a83nk 362 Posted ... I download the ovpn files via the config generator, at present all have "comp-lzo no" in them when choosing the linux versions. Yeah, I see that now. But, I know I've seen Staff comment on this topic in the past and I'm just repeating what they said to the best my memory serves me. Shrug. I'll look for the past discussion. https://airvpn.org/topic/26051-config-generator-using-deprecated-openvpn-commands/?hl=comp-lzo&do=findComment&comment=70698 That's one of the threads I was thinking of. Looks like I remembered wrong. comp-lzo no must be specified or else there might be connection failure on some devices. 1 psyberian reacted to this Quote Share this post Link to post
wU4Z0L_GbE 0 Posted ... comp-lzo is in configs because some devices don't seem to work with "comp-lzo no" in the config. But, AirVPN servers push a message that includes "comp-lzo no", which disables compression.Just to be clear, when OpenVPN puts "LZO compression initialized" in the log, that doesn't mean compression is enabled? I have comp-lzo no in my config file and also pushed from the server so compression should be off but that message makes me wonder. Quote Share this post Link to post
corrado 100 Posted ... Just to be clear, when OpenVPN puts "LZO compression initialized" in the log, that doesn't mean compression is enabled? I don't see that message in my OpenVPN logs. Quote Share this post Link to post