www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

OpenVPN disable Comp-LZO

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Fri Jun 19, 2009 9:21 am    Post subject: OpenVPN disable Comp-LZO Reply with quote

Hello!
I need to disable the Comp-LZO option on my openvpn server running on a ZS beta11. I have a client that doesn't support it, so it needs to be disabled globally or for the specific one. Any ideas how can it be done? I haven't found any option to remove this functionality, it is added by default.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Thu Jul 09, 2009 3:44 pm    Post subject: Reply with quote

Anyone?
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
vadimka



Joined: 29 Jun 2009
Posts: 10
Location: Romania

PostPosted: Mon Jul 20, 2009 3:37 pm    Post subject: Reply with quote

It seems it cannot be done. Openvpn is compiled with this option, so you will have to re-compile OpenVpn without LZO , and integrate it into zeroshell. It might work like this, but i don't know if it is possible.
Back to top
View user's profile Send private message
zevlag



Joined: 14 Jul 2009
Posts: 27

PostPosted: Mon Jul 20, 2009 5:20 pm    Post subject: Reply with quote

Just for reference, what client are you using that doesn't support LZO Compression?
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Wed Jul 22, 2009 11:35 am    Post subject: Reply with quote

vadimka:
It doesn't matter if OpenVPN is compiled with LZO. It can be disabled with the option
Code:
--comp-lzo no
. However the script that runs OpenVPN adds it by default. I am afraid that adding it on the command line parameters will conflict and wonder if there is a way to change the startup script.

zevlag:
Nabilosat Darkstar 2 with OpenVPN for DM500 (due to limited flash space)
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
zevlag



Joined: 14 Jul 2009
Posts: 27

PostPosted: Wed Jul 22, 2009 3:02 pm    Post subject: Reply with quote

Ok, here's the process for you:
  1. At a shell as root# mkdir /Database/patches
  2. # vi /Database/patches/vpn_start-nocomplzo.patch
  3. Paste the large block of code below in to the patch file. Save. Quit.
  4. In webinterface, setup menu, startup/cron tab, in the preboot script put:

Code:
/usr/bin/patch -p0 -d /root < /Database/patches/vpn_start-nocomplzo.patch


Code:
--- kerbynet.cgi/scripts/vpn_start   2009-05-26 18:01:00.000000000 +0200
+++ kerbynet.cgi/scripts/vpn_start.new   2009-07-22 08:24:44.000000000 +0200
@@ -70,5 +70,5 @@
      fi
    fi
    MGT=34099
-     bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L --comp-lzo $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER'  --push '$PUSHNETS0' $PUSHNETS  --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
+     bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER'  --push '$PUSHNETS0' $PUSHNETS  --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
 fi
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Fri Jul 24, 2009 8:46 am    Post subject: Reply with quote

The patch didn't seem to work.
Code:
root@zeroshell patches> /usr/bin/patch -p0 -d /root/ < /Database/patches/vpn_start-nocomplzo.patch
patching file kerbynet.cgi/scripts/vpn_start
Hunk #1 FAILED at 70.
1 out of 1 hunk FAILED -- saving rejects to file kerbynet.cgi/scripts/vpn_start.rej


However now that I found where the script is, I altered the original vpn_start script and removed the --comp-lzo parameter and it works like a charm.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
zevlag



Joined: 14 Jul 2009
Posts: 27

PostPosted: Fri Jul 24, 2009 3:41 pm    Post subject: Reply with quote

Are you on beta 11 or 12? This patch is for beta 12. It could also be due to copy and paste in this forum.
Back to top
View user's profile Send private message
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Sun Jul 26, 2009 6:21 am    Post subject: Reply with quote

b12
I am not sure if the fault is on the forum. However the job is done.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
ppalias



Joined: 17 Dec 2008
Posts: 1151
Location: Athens, Greece

PostPosted: Thu Aug 06, 2009 11:02 am    Post subject: Reply with quote

Here is a script that worked for me:

Code:

73c73
<      bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L --comp-lzo $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER'  --push '$PUSHNETS0' $PUSHNETS  --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"
---
>      bash -c "vpn --dev-type tap --dev VPN99 --mode server --tls-server --proto $PROTO --port $PORT --dh /etc/ssl/dh.pem --ca $REGISTER/system/openvpn/Auth/X509/CAFile --cert $REGISTER/system/openvpn/TLS/cert.pem --key $REGISTER/system/openvpn/TLS/key.pem $NOCERTREQ $AUTHSCRIPT --daemon VPN99_H2L $POOL --push '$PUSHGW' --push '$REDIRECTGW' --push '$RESOLVER'  --push '$PUSHNETS0' $PUSHNETS  --client-connect $SCRIPTS/ov_connect --client-disconnect $SCRIPTS/ov_disconnect --mute 3 --management 127.0.0.1 $MGT --keepalive 5 60 --duplicate-cn $PARAM"


This one goes to /Database/patches/vpn_start-nocomplzo.patch and is meant for ZSbeta12.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
marcus@richters-it.de



Joined: 07 Mar 2012
Posts: 34

PostPosted: Wed Aug 23, 2017 8:35 am    Post subject: Reply with quote

push

This option is needed in the gui ...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group