Problems with compress lz4-v2
Posted: Fri Nov 24, 2017 7:29 am
I just tried switching my OpenVPN server away from the legacy LZO compression, and I figured I'd use LZ4 v2, since it apparently has better packet data alignment than LZ4. However, when I do, Viscosity is unable to send data over the connection and eventually tries to disconnect/reconnect. LZ4 works fine, but LZ4 v2 seems to be having some trouble.
Here's what I'm seeing in my Viscosity log (redacting IP addresses and such):
2017-11-23 12:14:43: Viscosity Mac 1.7.5 (1420)
2017-11-23 12:14:43: Viscosity OpenVPN Engine Started
2017-11-23 12:14:43: Running on macOS 10.13.1
2017-11-23 12:14:43: ---------
2017-11-23 12:14:43: State changed to Connecting
2017-11-23 12:14:43: Checking reachability status of connection...
2017-11-23 12:14:43: Connection is reachable. Starting connection attempt.
2017-11-23 12:14:44: Unrecognized option or missing or extra parameter(s) in /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.GrQFcA/config.conf:26: block-outside-dns (2.4.4)
2017-11-23 12:14:44: OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 27 2017
2017-11-23 12:14:44: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
2017-11-23 12:15:04: TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1194
2017-11-23 12:15:04: UDP link local (bound): [AF_INET][undef]:0
2017-11-23 12:15:04: UDP link remote: [AF_INET]1.1.1.1:1194
2017-11-23 12:15:04: State changed to Authenticating
2017-11-23 12:15:04: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-11-23 12:15:04: [vpnServer] Peer Connection Initiated with [AF_INET]1.1.1.1:1194
2017-11-23 12:15:06: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.4.4)
2017-11-23 12:15:06: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: register-dns (2.4.4)
2017-11-23 12:15:06: Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2017-11-23 12:15:06: Opened utun device utun1
2017-11-23 12:15:06: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2017-11-23 12:15:06: /sbin/ifconfig utun1 delete
2017-11-23 12:15:06: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-11-23 12:15:06: /sbin/ifconfig utun1 192.168.0.1 192.168.0.2 netmask 255.255.128.0 mtu 1500 up
2017-11-23 12:15:06: Initialization Sequence Completed
2017-11-23 12:15:06: DNS mode set to Full
2017-11-23 12:15:07: State changed to Connected
2017-11-23 12:16:06: [vpnServer] Inactivity timeout (--ping-restart), restarting
2017-11-23 12:16:06: SIGUSR1[soft,ping-restart] received, process restarting
2017-11-23 12:16:06: Viscosity Mac 1.7.5 (1420)
2017-11-23 12:16:06: Viscosity OpenVPN Engine Started
2017-11-23 12:16:06: Running on macOS 10.13.1
2017-11-23 12:16:06: ---------
2017-11-23 12:16:06: State changed to Connecting
2017-11-23 12:16:06: TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1194
It goes on from there through a full connection attempt.
That's with compress lz4-v2. Using compress lz4 (along with the appropriate server setting) works fine, though. Traffic passes just fine and the connection doesn't time out. Am I doing something wrong here, or is this a bug of some sort?
Here's what I'm seeing in my Viscosity log (redacting IP addresses and such):
2017-11-23 12:14:43: Viscosity Mac 1.7.5 (1420)
2017-11-23 12:14:43: Viscosity OpenVPN Engine Started
2017-11-23 12:14:43: Running on macOS 10.13.1
2017-11-23 12:14:43: ---------
2017-11-23 12:14:43: State changed to Connecting
2017-11-23 12:14:43: Checking reachability status of connection...
2017-11-23 12:14:43: Connection is reachable. Starting connection attempt.
2017-11-23 12:14:44: Unrecognized option or missing or extra parameter(s) in /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.GrQFcA/config.conf:26: block-outside-dns (2.4.4)
2017-11-23 12:14:44: OpenVPN 2.4.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 27 2017
2017-11-23 12:14:44: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
2017-11-23 12:15:04: TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1194
2017-11-23 12:15:04: UDP link local (bound): [AF_INET][undef]:0
2017-11-23 12:15:04: UDP link remote: [AF_INET]1.1.1.1:1194
2017-11-23 12:15:04: State changed to Authenticating
2017-11-23 12:15:04: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-11-23 12:15:04: [vpnServer] Peer Connection Initiated with [AF_INET]1.1.1.1:1194
2017-11-23 12:15:06: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.4.4)
2017-11-23 12:15:06: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: register-dns (2.4.4)
2017-11-23 12:15:06: Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2017-11-23 12:15:06: Opened utun device utun1
2017-11-23 12:15:06: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2017-11-23 12:15:06: /sbin/ifconfig utun1 delete
2017-11-23 12:15:06: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-11-23 12:15:06: /sbin/ifconfig utun1 192.168.0.1 192.168.0.2 netmask 255.255.128.0 mtu 1500 up
2017-11-23 12:15:06: Initialization Sequence Completed
2017-11-23 12:15:06: DNS mode set to Full
2017-11-23 12:15:07: State changed to Connected
2017-11-23 12:16:06: [vpnServer] Inactivity timeout (--ping-restart), restarting
2017-11-23 12:16:06: SIGUSR1[soft,ping-restart] received, process restarting
2017-11-23 12:16:06: Viscosity Mac 1.7.5 (1420)
2017-11-23 12:16:06: Viscosity OpenVPN Engine Started
2017-11-23 12:16:06: Running on macOS 10.13.1
2017-11-23 12:16:06: ---------
2017-11-23 12:16:06: State changed to Connecting
2017-11-23 12:16:06: TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1194
It goes on from there through a full connection attempt.
That's with compress lz4-v2. Using compress lz4 (along with the appropriate server setting) works fine, though. Traffic passes just fine and the connection doesn't time out. Am I doing something wrong here, or is this a bug of some sort?