-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unfair treatment for "Stub" Compression push? #551
Comments
Please send a logfile showing the connection, PUSH_REPLY, and OpenVPN's reaction to it. (Also, this is not really a "DCO" issue, which is about the actual kernel code, and you see a userland effect - so I'll move this to "openvpn") |
We also implemented |
Here are 2 configuration files (one with "compress migrate" and one without) and +2 logs to them (with sensitive identifiers and IP's replaced by "X".s): I didn't want to spam these forums with questions and decided to just post the most important ones here as secondary side-issues, but I can move them to official OpenVPN Community forums if that's a better choice:
|
And on the second config without migrate. Either you modify the config to remove compression settings or NordVPN is pushing comp-stub to clients that do not support it. Either way it is all working like it should and there is no bugs or unexpected behaviour. Please sort that out with NordVPN support and have them update their configs/servers to modern standards. There are no plans to integrate wireguard into OpenVPN. |
I understand OVPN-DCO does not support any kind of compression, but it refuses to connect when compression stub is pushed by VPN provider that does not support compression. NordVPN stopped using compression as soon as VORACLE attack was discovered several years ago, but NordVPN does perform compression stub push. Pushing compression stub only enabled packet framing compression and that means there may only be a possibility compression push at a later time. NordVPN never pushes compression at any later time. Can it be that OVPN-DCO does not treat compression stub pushes fairly and just assumes that compression is eventually pushed? Why can't it just disconnect upon detecting actual compression instead of making such an assumption?
I'd also like to try some VPN providers that are known to fully support OVPN-DCO, but I don't know which ones do...
The text was updated successfully, but these errors were encountered: