Disable compression in OpenVPN
I have a AX50 router and enabled the OpenVPN server, so that I can connect to my home network securely. I noticed that by default the server uses compression and I read that that compression is a security risk and that you should disable compression completely.
https://openvpn.net/security-advisories/ (See section The VORACLE attack vulnerability)
I can't find an option to disable it in the routers settings. How do I disable compression?
Thanks!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
See if your can disable compression from the client side.
I just checked on this the OpenVPN clients from openvpn.net for Windows and Android and they have compression disabled as the default setting.
- Copy Link
- Report Inappropriate Content
Hi @woozle
If you remove the compression settings, it connects, but it doesn't work, because the OpenVPN Server (AX50) compression set is enabled.
For this reason, when we export the AX50 configuration file, in the configuration file the compression parameter is enabled, because in the AX50 it is enabled.
Thanks for the help.
- Copy Link
- Report Inappropriate Content
If you are using the VPN connection for things that could make you a potential target for an attacker and you need this solved urgently, then you could consider this:
Ask one of the TP-Link reps to send you one of the beta firmware that exist for the AX50. After flashing the beta firmware onto the AX50 you will be able to log into the router's Linux operating system via Telnet and then you can edit the configuration files directly on your own. The file "/etc/config/openvpn" contains the line [ option comp_lzo 'yes' ]. Modifying this to [ option comp_lzo 'no' ] should disable compression. Further adding the line [ list push 'comp-lzo no' ] should push this setting to the client as well.
The exported OpenVPN configuration file will still say "comp-lzo adaptive", but adaptive doesn't necessarily mean "on".
- Copy Link
- Report Inappropriate Content
Hi @woozle
I'm going to send an email to TP-Link asking for a copy of this beta firmware, who knows, they might send it to me.
Thanks!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3655
Replies: 5
Voters 0
No one has voted for it yet.