Return to Level1Techs.com

[SOLVED - don't use compression] Enable compression server side OpenVPN

openvpn

#1

Hi everyone. I installed recently OpenVPN on my Raspberry Pi through the PiVPN script. Everything works well but I think performance could be boosted by a bit using compression. I’ve hit the VPN with a speedtest and found that, at worst, the VPN uses 60% of one core and 40% of another for a brief period of time so I wanted to use more CPU to try and saturate the 100Mbit port. Done some research and I’ll be honest I didn’t understand a damn thing. The only thing clear to me is that there are three types of compression lzo, lz4 and compress.
I don’t know how to check if one of them is enabled, I don’t know where the config file is and I don’t know how to enable it following the OpenVPN instructions.
Do you have any clear guide on how to do those things? Thanks!


#2

The server config file is usually at /etc/openvpn/server.conf, all you need to do is add the line comp-lzo to the config file. You will also need to enable compression on the client.


#3

Don’t. Using compression together with encrypted connections opens you up to security vulnerabilities.

See the VORACLE attack here: https://openvpn.net/security-advisories/

For now, it is advised that users of the OpenVPN Access Server and the OpenVPN Connect Client software disable the use of compression.


#4

I did that and my connection dropped to a couple kB/s so I guess it didn’t work.

@pFtpr Thanks for the useful insight, I didn’t know about that. So I don’t have to worry about that I guess. I’ll mark the thread as solved.