Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Compression "comp-lzo no" in openVPN client file not supported

Hi there.

Using XG Home with latest SFOS 19.5.3 MR-3-Build652 exporting the openVPN SSL file and using it on iOS 17.0.3 openVPN App V. 3.4.0. In advanced settings of the openvpn is an option of recommended secuity level. If I choose it, I get an error message: 

server pushed compression settings that are not allowed and will result in a non-working connection

and the connection fails. I had try to delete this line (comp-lzo no) in the openvpn-file and achieve to connect without an error but there is no connection. I've also tried to put a semicolon before this line in client-config-template.ovpn over ssh. Again no chance to connect properly.

Any point to the solution would be fine.

Thanks

btw: Some more info regarding the comp-lzo option.



This thread was automatically locked due to age.
Parents
  • Hello, I got rid of this message after changing the security level in the openvpn app (3.4.1) to "Legacy".

    It's under settings -> advanced settings -> security level

    Sophos should remove deprecated seetings or implament Wireguard :-)

    SFOS v20

Reply
  • Hello, I got rid of this message after changing the security level in the openvpn app (3.4.1) to "Legacy".

    It's under settings -> advanced settings -> security level

    Sophos should remove deprecated seetings or implament Wireguard :-)

    SFOS v20

Children
  • We are looking into this actively, currently “comp-lzo” is the attribute causing some issues in making it work with the “preferred” security level.

    With the latest release of Android (3.4.0), there seems some issue with “comp-lzo no” and legacy mode too, which is highlighted in the OpenVPN community at https://forums.openvpn.net/viewtopic.php?t=43571.

    The current workaround to make Android-based OpenVPN connect clients to work is by enabling “compression” on SFOS global settings and reimport of configuration.

    Openvpn Connect version

    Security Level

    Compression on SFOS

    Tunnel status

    Data plane

    Android Phone
    Openvpn Connect 3.4.0

    Legacy

    ON

    Up

    Up

    OFF

    Up

    Down

    Error: 2024-01-30 10:18:08Z [7565]   user1/xx:

    35854 Bad compression stub decompression

    header byte:251

    iOS Phone
    Openvpn Connect 3.4.1

    Legacy

    ON/OFF

    Up

    Up

    MacOS
    Openvpn Connect 3.4.8

    Legacy

    ON/OFF

    Up

    Up

    Windows
    Openvpn Connect 3.4.3

    Legacy

    ON/OFF

    Up

    Up

    Windows
    Sophos Connect Client

     -

    ON/OFF

    Up

    Up