Open lyoneel opened 1 year ago
merlijn-sebrechts
commented
1 year ago Actually, it seems like allow-compression asym and compress no is what we want for server configs, and compression turned off for new client configs. That way, we can support existing clients and new clients.
So then my requested changes are to switch to compress asym server-side, no compression client-side, and remove the option to change compression.
merlijn-sebrechts
commented
1 year ago We might need to upgrade to core22 for this to work.
lyoneel
commented
1 year ago I'm having a lot of trouble trying to test changes, at the moment Im editing manually config files, because snapcraft is not working for me, cant build the snap.
I got additional changes that are not tested yet, Ill take a look you suggestions whenever have a little time.
Sorry for the delays
lyoneel
commented
1 year ago Actually, it seems like
allow-compression asymandcompress nois what we want for server configs, and compression turned off for new client configs. That way, we can support existing clients and new clients.So then my requested changes are to switch to
compress asymserver-side, no compression client-side, and remove the option to change compression.
Let me know If I misunderstood something.
1-. set on server template allow-compress asym 2-. set on client template compress no 3-. remove get_compress function 4-. upgrade to core22
Regarding point 3, my ovpn client complains when compress is set to "no", Ill remove the line instead.
When this PR is done, I would like to you or someone try this snap from the snap, because I cannot build in my pc right now, snapcraft command refuses to work.
Disable by default to avoid Compression oracle attacks
Note: this also includes mauerr upgrade to core20 https://github.com/IBCNServices/easy-openvpn-server/pull/24/commits/e9720a830d8ae9f913fd8d139830169b5947cb18