Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,025

    Default

    The attack vector you're referring to basically requires the Untangle server to be compromised to execute. And honestly, if your Untangle has been hacked, you've got larger problems.

    Disabling the compression reduces performance for no real gains, but if you're using iOS clients... it might just be easiest to go that route until the app authors get their brains screwed in.

    But be aware that this change on the server means any working clients are now not working, as they are trying to use compression when they can't anymore. You'll need to edit the configuration files on the clients manually, or redistribute the client to fix them.
    Last edited by sky-knight; 08-08-2019 at 10:22 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Untangler
    Join Date
    Aug 2019
    Posts
    39

    Default

    its OK, i only installed untangle yesterday and im the only person that uses VPN!

    once again, thanks for the info. first time I’ve used OpenVPN and getting to grips with untangle, already got it mostly doing everything that my Unifi USG was doing and more. Bought a license within a few hours of playing!
    Last edited by fizzyade; 08-08-2019 at 12:12 PM.

  3. #13
    Untangler
    Join Date
    Dec 2015
    Posts
    34

    Default

    So for Android users the fix is this:

    1. On the OPENVPN client settings user the SETTINGS do the following:
    2. Make sureAES-CBC cipher algorythm is CHECKED (not unchecked)
    untangle uses this option by default and the client does not
    3. Turn OFF compression on the OPENVPN client settings as compression is turned off by default.
    I am sure you can enable it if you make sure it matches but I have not tested yet.

    Once you make those two changes, you should be able to connect and hit resources behind the VPN.

    ** As a side note, I unchecked use google's DNS servers as a backup as I use the internal DNS to find local resources. I don't think this is critical.
    jcoffin likes this.

  4. #14
    Newbie
    Join Date
    Oct 2019
    Posts
    1

    Default

    I was having the same issue and located this thread. I fixed my problems a little easier. In the OpenVPN client on android, under the settings, there is an option to "Allow Compression (insecure)". It was set to "NO". Two other options, FULL and DOWNLINK ONLY. I used the DOWNLINK ONLY option and that allowed the connection to work normally without changing settings in Untangle. As Sky-Knight says above, the attack vector on the compression requires the Untangle box to be compromised.

  5. #15
    Newbie
    Join Date
    Nov 2019
    Posts
    2

    Default

    I had this same issues that's for the help I thought I was losing my mind coming from pfsense and not having this issue
    .

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,025

    Default

    You can solve the mobile client issue either by enabling compression on the client, or disabling compression on the server. I do the latter, BUT, doing so means redistributing all your OpenVPN clients, so it's not always ideal.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2