diff options
| author | Magnus Kroken <mkroken@gmail.com> | 2020-12-01 11:03:55 +0100 |
|---|---|---|
| committer | Rosen Penev <rosenp@gmail.com> | 2020-12-01 13:04:38 -0800 |
| commit | e4376793b4e093089543cb1bad64eef34ed25eca (patch) | |
| tree | feb61b67241a47090be35c084c4dfe045d1793f5 /net | |
| parent | 2e55fc8b2d42682cd1c26e9827b7b6f47fb51398 (diff) | |
openvpn: disable LZO support by default
OpenVPN recommends disabling compression, as it may weaken the security
of the connection. For users who need compression, we build with LZ4
support by default. LZO in OpenVPN pulls in liblzo at approx. 32 kB.
OpenWrt users will no longer be able to connect to OpenVPN peers that
require LZO compression, unless they build the OpenVPN package themselves.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/openvpn/Config-mbedtls.in | 2 | ||||
| -rw-r--r-- | net/openvpn/Config-openssl.in | 2 | ||||
| -rw-r--r-- | net/openvpn/files/openvpn.config | 6 |
3 files changed, 3 insertions, 7 deletions
diff --git a/net/openvpn/Config-mbedtls.in b/net/openvpn/Config-mbedtls.in index 2a2f303c4..3cf233b8f 100644 --- a/net/openvpn/Config-mbedtls.in +++ b/net/openvpn/Config-mbedtls.in @@ -2,7 +2,7 @@ if PACKAGE_openvpn-mbedtls config OPENVPN_mbedtls_ENABLE_LZO bool "Enable LZO compression support" - default y + default n config OPENVPN_mbedtls_ENABLE_LZ4 bool "Enable LZ4 compression support" diff --git a/net/openvpn/Config-openssl.in b/net/openvpn/Config-openssl.in index 7a7be74db..335bbaa2c 100644 --- a/net/openvpn/Config-openssl.in +++ b/net/openvpn/Config-openssl.in @@ -2,7 +2,7 @@ if PACKAGE_openvpn-openssl config OPENVPN_openssl_ENABLE_LZO bool "Enable LZO compression support" - default y + default n config OPENVPN_openssl_ENABLE_LZ4 bool "Enable LZ4 compression support" diff --git a/net/openvpn/files/openvpn.config b/net/openvpn/files/openvpn.config index f6278836e..09d504da2 100644 --- a/net/openvpn/files/openvpn.config +++ b/net/openvpn/files/openvpn.config @@ -293,9 +293,7 @@ config openvpn sample_server # # LZ4 requires OpenVPN 2.4+ client and server # option compress lz4 - # LZO is compatible with most OpenVPN versions - # (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients) -# option compress lzo + # Control how OpenVPN handles peers using compression # # Do not allow any connections using compression @@ -487,8 +485,6 @@ config openvpn sample_client # # LZ4 requires OpenVPN 2.4+ on server and client # option compress lz4 - # LZO is compatible with most OpenVPN versions -# option compress lzo # Set log file verbosity. option verb 3 |