Home Network Community > Wi-Fi Routers > Disable compression in OpenVPN
< Wi-Fi Routers

Disable compression in OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Disable compression in OpenVPN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Disable compression in OpenVPN
Disable compression in OpenVPN
2021-05-07 11:32:38
Model: Archer AX50  
Hardware Version: V1
Firmware Version: 1.0.9 Build 20200708 rel.55037(5553)

I have a AX50 router and enabled the OpenVPN server, so that I can connect to my home network securely. I noticed that by default the server uses compression and I read that that compression is a security risk and that you should disable compression completely.

 

https://openvpn.net/security-advisories/ (See section The VORACLE attack vulnerability)

 

I can't find an option to disable it in the routers settings. How do I disable compression?

 

Thanks!

Carlos Eduardo Commim
  0      
 
  0      
 
#1
Options
5 Reply
Re:Disable compression in OpenVPN
2021-05-07 15:35:55

@ccommim 

 

See if your can disable compression from the client side.

 

I just checked on this the OpenVPN clients from openvpn.net for Windows and Android and they have compression disabled as the default setting.

 

  0  
  0  
#2
Options
Re:Disable compression in OpenVPN
2021-05-08 04:46:45 - last edited 2021-05-08 04:58:58

Hi @woozle 

 

If you remove the compression settings, it connects, but it doesn't work, because the OpenVPN Server (AX50) compression set is enabled.

 

 

For this reason, when we export the AX50 configuration file, in the configuration file the compression parameter is enabled, because in the AX50 it is enabled.

 

Thanks for the help.

Carlos Eduardo Commim
  0  
  0  
#3
Options
Re:Disable compression in OpenVPN
2021-05-08 16:35:40

@ccommim 

 

If you are using the VPN connection for things that could make you a potential target for an attacker and you need this solved urgently, then you could consider this:

Ask one of the TP-Link reps to send you one of the beta firmware that exist for the AX50. After flashing the beta firmware onto the AX50 you will be able to log into the router's Linux operating system via Telnet and then you can edit the configuration files directly on your own. The file "/etc/config/openvpn" contains the line [ option comp_lzo 'yes' ]. Modifying this to [ option comp_lzo 'no' ] should disable compression. Further adding the line [ list push 'comp-lzo no' ] should push this setting to the client as well.
The exported OpenVPN configuration file will still say "comp-lzo adaptive", but adaptive doesn't necessarily mean "on".

  0  
  0  
#4
Options
Re:Disable compression in OpenVPN
2021-05-09 00:04:15

Hi @woozle 

 

I'm going to send an email to TP-Link asking for a copy of this beta firmware, who knows, they might send it to me.

 

Thanks!

Carlos Eduardo Commim
  0  
  0  
#5
Options
Re:Disable compression in OpenVPN
2021-05-10 18:04:56
TP-Link in Brazil reported that it is not aware of the vulnerability. I was not asked if I need help, very bad support in Brazil, disappointingly.
Carlos Eduardo Commim
  0  
  0  
#6
Options

Information

Helpful: 0

Views: 3433

Replies: 5

Related Articles
Disable compression i OpenVPN
1438 0
OpenVPN disable compression MR600 v3
960 1
Bad compression stub decompression header byte: 102 on Ax6000 v1 with openvpn server
830 0
OpenVpn server unsecure
190 1
Disable "allow guests to access my local network" has no effect for guest
3347 0
Need to repalce L2TP with OpenVPN
225 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.