I should add that (without altering the client config in Untangle) I was able to set "comp-lzo" line in pfSense to match what is in Untangle (so that they both read "comp-lzo" with no value and the behavior is the same (brief connecting with no traffic and disconnect).
the whole line has to go away on both sides.
you still have compression.
If you think I got Grumpy
In case it helps, with the comp-lzo matching I am still having the same issue as when it was "comp-lzo" on the client and "comp-lzo adaptive" on the server, here is a log section from the pfSense (server) side of the connection, this will keep repeating about once per minute and is basically the same logging I was seeing when I initially found the issue and had not done anything. Obviously I've redacted a few things such as IPs. Log verbosity is set to 4.
Code:Aug 30 01:16:49 openvpn 33451 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:4473 Aug 30 01:16:49 openvpn 33451 VERIFY SCRIPT OK: depth=1, CN=OpenVPN CA, C=US, ST=xxx, L=xxx, O=xxxxx Aug 30 01:16:49 openvpn 33451 VERIFY OK: depth=1, CN=OpenVPN CA, C=US, ST=xxx, L=xxx, O=xxxxx Aug 30 01:16:49 openvpn 33451 VERIFY SCRIPT OK: depth=0, C=US, ST=xxx, L=xxx, O=xxxxx, CN=xxxxx Aug 30 01:16:49 openvpn 33451 VERIFY OK: depth=0, C=US, ST=xxx, L=xxx, O=xxxxx, CN=xxxxx Aug 30 01:16:49 openvpn 33451 peer info: IV_VER=2.4.7 Aug 30 01:16:49 openvpn 33451 peer info: IV_PLAT=linux Aug 30 01:16:49 openvpn 33451 peer info: IV_PROTO=2 Aug 30 01:16:49 openvpn 33451 peer info: IV_NCP=2 Aug 30 01:16:49 openvpn 33451 peer info: IV_LZ4=1 Aug 30 01:16:49 openvpn 33451 peer info: IV_LZ4v2=1 Aug 30 01:16:49 openvpn 33451 peer info: IV_LZO=1 Aug 30 01:16:49 openvpn 33451 peer info: IV_COMP_STUB=1 Aug 30 01:16:49 openvpn 33451 peer info: IV_COMP_STUBv2=1 Aug 30 01:16:49 openvpn 33451 peer info: IV_TCPNL=1 Aug 30 01:16:49 openvpn 33451 WARNING: 'ifconfig' is present in local config but missing in remote config, local='ifconfig 173.22.1.1 173.22.1.2' Aug 30 01:16:49 openvpn 33451 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key Aug 30 01:16:49 openvpn 33451 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Aug 30 01:16:49 openvpn 33451 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key Aug 30 01:16:49 openvpn 33451 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Aug 30 01:16:49 openvpn 33451 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1 Aug 30 01:16:49 openvpn 33451 TLS: tls_multi_process: untrusted session promoted to semi-trusted Aug 30 01:16:49 openvpn 33451 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Aug 30 01:16:49 openvpn 33451 [UntangleClient] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:4473 Aug 30 01:16:50 openvpn 33451 PUSH: Received control message: 'PUSH_REQUEST' Aug 30 01:16:50 openvpn 33451 SENT CONTROL [UntangleClient]: 'PUSH_REPLY,route 192.168.22.0 255.255.255.0,peer-id 0' (status=1) Aug 30 01:16:57 openvpn 33451 MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Last edited by WizADSL; 08-29-2020 at 10:30 PM.
Sorry, I saw the other message first.
Originally Posted by WizADSL
Last edited by Jim.Alles; 08-29-2020 at 10:30 PM.
If you think I got Grumpy
Ok, I can remove the line. My question is, once I do, do I need to re-generate the client ZIP or will the change affect the already imported client?
you are editing the imported client .conf
that should do it.
If you think I got Grumpy
Posting Permissions
LinkBack URL
About LinkBacks