Browse Source

openvpn: disable LZO support by default

OpenVPN recommends disabling compression, as it may weaken the security
of the connection. For users who need compression, we build with LZ4
support by default. LZO in OpenVPN pulls in liblzo at approx. 32 kB.

OpenWrt users will no longer be able to connect to OpenVPN peers that
require LZO compression, unless they build the OpenVPN package themselves.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
lilik-openwrt-22.03
Magnus Kroken 4 years ago
committed by Rosen Penev
parent
commit
e4376793b4
No known key found for this signature in database GPG Key ID: 36D31CFA845F0E3B
3 changed files with 3 additions and 7 deletions
  1. +1
    -1
      net/openvpn/Config-mbedtls.in
  2. +1
    -1
      net/openvpn/Config-openssl.in
  3. +1
    -5
      net/openvpn/files/openvpn.config

+ 1
- 1
net/openvpn/Config-mbedtls.in View File

@ -2,7 +2,7 @@ if PACKAGE_openvpn-mbedtls
config OPENVPN_mbedtls_ENABLE_LZO
bool "Enable LZO compression support"
default y
default n
config OPENVPN_mbedtls_ENABLE_LZ4
bool "Enable LZ4 compression support"


+ 1
- 1
net/openvpn/Config-openssl.in View File

@ -2,7 +2,7 @@ if PACKAGE_openvpn-openssl
config OPENVPN_openssl_ENABLE_LZO
bool "Enable LZO compression support"
default y
default n
config OPENVPN_openssl_ENABLE_LZ4
bool "Enable LZ4 compression support"


+ 1
- 5
net/openvpn/files/openvpn.config View File

@ -293,9 +293,7 @@ config openvpn sample_server
#
# LZ4 requires OpenVPN 2.4+ client and server
# option compress lz4
# LZO is compatible with most OpenVPN versions
# (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients)
# option compress lzo
# Control how OpenVPN handles peers using compression
#
# Do not allow any connections using compression
@ -487,8 +485,6 @@ config openvpn sample_client
#
# LZ4 requires OpenVPN 2.4+ on server and client
# option compress lz4
# LZO is compatible with most OpenVPN versions
# option compress lzo
# Set log file verbosity.
option verb 3


Loading…
Cancel
Save