With this change the value of '--allow-compression' is set to 'no'.
Therefore compression is not enabled by default and cannot be enabled
by the server either.
This change is in line with the current trend of not recommending
compression over VPN tunnels for security reasons (check Voracle).
Of top of that compression is mostly useless nowadays, therefore
there is not real reason to enable it.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <
20210904095629.6273-4-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22797.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This option mainly served a role as debug option when NCP was first
introduced. It should now no longer be necessary.
+Compression no longer enabled by default
+ Unless an explicit compression option is specified in the configuration,
+ ``--allow-compression`` defaults to ``no`` in OpeNVPN 2.6.0.
+ By default, OpenVPN 2.5 still allowed a server to enable compression by
+ pushing compression related options.
+
User-visible Changes
--------------------
Note: Using this option reverts defaults to no longer recommended
values and should be avoided if possible.
+ The following table details what defaults are changed depending on the
+ version specified.
+
+ - 2.5.x or lower: ``--allow-compression asym`` is automatically added
+ to the configuration if no other compression options are present.
+
--config file
Load additional config options from ``file`` where each line corresponds
to one command line option, but with the leading '--' removed.
#define COMP_F_ALLOW_STUB_ONLY (1<<4) /* Only accept stub compression, even with COMP_F_ADVERTISE_STUBS_ONLY
* we still accept other compressions to be pushed */
#define COMP_F_MIGRATE (1<<5) /* push stub-v2 or comp-lzo no when we see a client with comp-lzo in occ */
+#define COMP_F_ALLOW_ASYM (1<<6) /* Compression was explicitly set to allow asymetric compression */
/*
static void
options_set_backwards_compatible_options(struct options *o)
{
+ /* Compression is deprecated and we do not want to announce support for it
+ * by default anymore, additionally DCO breaks with compression.
+ *
+ * Disable compression by default starting with 2.6.0 if no other
+ * compression related option has been explicitly set */
+ if (!comp_non_stub_enabled(&o->comp) && !need_compatibility_before(o, 20600)
+ && (o->comp.flags == 0))
+ {
+ o->comp.flags = COMP_F_ALLOW_STUB_ONLY|COMP_F_ADVERTISE_STUBS_ONLY;
+ }
}
static void
else if (streq(p[1], "asym"))
{
options->comp.flags &= ~COMP_F_ALLOW_COMPRESS;
+ options->comp.flags |= COMP_F_ALLOW_ASYM;
}
else if (streq(p[1], "yes"))
{
projects / thirdparty / openvpn.git / commitdiff
