Android + OpenVPN 3.4.0 + SSL VPN = No Traffic

Hello,

Began experiencing an issue with our SSL VPN connections when some Android tablets updated OpenVPN Connect app from 3.3.4 to 3.4.0.

Symptom:
SSL VPN connections are made successfully in 3.4.0 but no traffic flows. OpenVPN 3.4.0 is configured to use the 'Legacy' setting. I tried the others to no avail. OpenVPN log will show this error repeating every minute or so:

"TUN write exception: write_some: Invalid argument"

Workaround:
After removing various deprecated options (according to OpenVPN log) and lots of trial and error with no success I eventually stumbled on a workaround. Despite "Compress SSL VPN traffic" being disabled in SSL VPN global settings the Sophos Firewall still seems to be doing something regarding compression. Only when I manually change the 'comp-lzo' parameter to 'yes' in the ovpn file does the connection start passing traffic again. This message is then displayed in the OpenVPN log:

"EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue.' trans=TO_DISCONNECTED

Clearly this is not a good workaround with lots of devices/users. Is Sophos aware of this issue and will it be fixed?

Working OpenVPN 3.4.0 Config:

client
dev tun
proto udp
nobind
(keys removed)
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo yes
verb 3
reneg-sec 86400
remote x.x.x.x 8443 udp




Added V19.5 MR4 TAG
[edited by: Erick Jan at 1:42 AM (GMT -8) on 30 Jan 2024]