Bug 372086 - Make configuration option for LZO compression of OpenVPN connection tri-state
Summary: Make configuration option for LZO compression of OpenVPN connection tri-state
Status: RESOLVED DUPLICATE of bug 366640
Alias: None
Product: systemsettings
Classification: Applications
Component: kcm_networkmanagement (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR normal
Target Milestone: ---
Assignee: Lukáš Tinkl
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-04 17:44 UTC by Matthias Nagel
Modified: 2024-12-23 18:27 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Nagel 2016-11-04 17:44:00 UTC 
The graphical editor has a checkbox to either enable or disable the LZO compression of OpenVPN connections. This option is translats to "comp-lzo=no" or "comp-lzo=yes" respectively in the corresponding configuration file under /etc/NetworkManager/. At the level of OpenVPN this corresponds to the equally named option.

Howerver, this option is tri-state and can be left unconfigured which has a different meaning than "yes" or "no". See man page of OpenVPN.

If at the client side either "comp-lzo=no" or "comp-lzo=yes" and at the server side the configuration is left unspecified under certain conditions the connection can be successfully established but become useless due to LZO errors

Nov 03 21:09:56 nm-openvpn[17410]: OpenVPN 2.3.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 30 2016
Nov 03 21:09:56 nm-openvpn[17410]: library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.08
Nov 03 21:09:57 nm-openvpn[17410]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 03 21:09:57 nm-openvpn[17410]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Nov 03 21:09:57 nm-openvpn[17410]: Attempting to establish TCP connection with [AF_INET]193.197.62.25:1194 [nonblock]
Nov 03 21:09:58 nm-openvpn[17410]: TCP connection established with [AF_INET]193.197.62.25:1194
Nov 03 21:09:58 nm-openvpn[17410]: TCPv4_CLIENT link local: [undef]
Nov 03 21:09:58 nm-openvpn[17410]: TCPv4_CLIENT link remote: [AF_INET]193.197.62.25:1194
Nov 03 21:09:59 nm-openvpn[17410]: WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Nov 03 21:09:59 nm-openvpn[17410]: [openvpn.scc.kit.edu] Peer Connection Initiated with [AF_INET]193.197.62.25:1194
Nov 03 21:10:01 nm-openvpn[17410]: TUN/TAP device tap0 opened
Nov 03 21:10:01 nm-openvpn[17410]: /usr/libexec/nm-openvpn-service-openvpn-helper --debug 0 17403 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_1 --tap -- tap0 1500 1592 141.3.200.95 255.255.255.0 init
Nov 03 21:10:01 nm-openvpn[17410]: GID set to nm-openvpn
Nov 03 21:10:01 nm-openvpn[17410]: UID set to nm-openvpn
Nov 03 21:10:01 nm-openvpn[17410]: Initialization Sequence Completed
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 255
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 255
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 255
Nov 03 21:10:01 nm-openvpn[17410]: Bad LZO decompression header byte: 51
....

This behaviour is expected and reproducible.

If one edits the configuration file under /etc/NetworkManager/ manually be means of a text editor and removes the "comp-lzo=<yes|no>" directive from the configuration file, everything works as expected. However, as soon as one opens the connection in the graphical connection editor again, the "comp-lzo" directive is re-inserted into the configuration file and set to whatever the checkbox state is in. After that the OpenVPN connection does not work and one must edit the configuration file again.

Proposed solution: Make the checkbox tri-state.
Comment 1 Jan Grulich 2016-11-06 14:27:42 UTC 

*** This bug has been marked as a duplicate of bug 366640 ***