OpenVPN disable Comp-LZO

Home Page Forums Network Management ZeroShell OpenVPN disable Comp-LZO

This topic contains 9 replies, has 0 voices, and was last updated by  ppalias 1 year, 8 months ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #41732

    ppalias
    Member

    Hello!
    I need to disable the Comp-LZO option on my openvpn server running on a ZS beta11. I have a client that doesn’t support it, so it needs to be disabled globally or for the specific one. Any ideas how can it be done? I haven’t found any option to remove this functionality, it is added by default.

    #48277

    ppalias
    Member

    Anyone?

    #48278

    vadimka
    Member

    It seems it cannot be done. Openvpn is compiled with this option, so you will have to re-compile OpenVpn without LZO , and integrate it into zeroshell. It might work like this, but i don’t know if it is possible.

    #48279

    zevlag
    Member

    Just for reference, what client are you using that doesn’t support LZO Compression?

    #48280

    ppalias
    Member

    vadimka:
    It doesn’t matter if OpenVPN is compiled with LZO. It can be disabled with the option

    --comp-lzo no

    . However the script that runs OpenVPN adds it by default. I am afraid that adding it on the command line parameters will conflict and wonder if there is a way to change the startup script.

    zevlag:
    Nabilosat Darkstar 2 with OpenVPN for DM500 (due to limited flash space)

    #48281

    zevlag
    Member

    Ok, here’s the process for you:

    1. At a shell as root# mkdir /Database/patches
    2. # vi /Database/patches/vpn_start-nocomplzo.patch
    3. Paste the large block of code below in to the patch file. Save. Quit.
    4. In webinterface, setup menu, startup/cron tab, in the preboot script put:

    /usr/bin/patch -p0 -d /root < /Database/patches/vpn_start-nocomplzo.patch
    --- kerbynet.cgi/scripts/vpn_start	2009-05-26 18:01:00.000000000 +0200
    +++ kerbynet.cgi/scripts/vpn_start.new 2009-07-22 08:24:44.000000000 +0200
    @@ -70,5 +70,5 @@
    fi
    fi
    MGT=34099
    - bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L --comp-lzo $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER' --push '$PUSHNETS0' $PUSHNETS --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
    + bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER' --push '$PUSHNETS0' $PUSHNETS --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
    fi
    #48282

    ppalias
    Member

    The patch didn’t seem to work.

    root@zeroshell patches> /usr/bin/patch -p0 -d /root/ < /Database/patches/vpn_start-nocomplzo.patch
    patching file kerbynet.cgi/scripts/vpn_start
    Hunk #1 FAILED at 70.
    1 out of 1 hunk FAILED -- saving rejects to file kerbynet.cgi/scripts/vpn_start.rej

    However now that I found where the script is, I altered the original vpn_start script and removed the –comp-lzo parameter and it works like a charm.

    #48283

    zevlag
    Member

    Are you on beta 11 or 12? This patch is for beta 12. It could also be due to copy and paste in this forum.

    #48284

    ppalias
    Member

    b12
    I am not sure if the fault is on the forum. However the job is done.

    #48285

    ppalias
    Member

    Here is a script that worked for me:


    73c73
    < bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L --comp-lzo $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER' --push '$PUSHNETS0' $PUSHNETS --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
    ---
    > bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER' --push '$PUSHNETS0' $PUSHNETS --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"

    This one goes to /Database/patches/vpn_start-nocomplzo.patch and is meant for ZSbeta12.

    #48286

    push

    This option is needed in the gui …

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.