OpenVPN supports on-the-fly compression of the traffic that is sent over the VPN tunnel. This can improve the performance over a slow network line, but it does add a little overhead. When transferring uncompressible data (such as ZIP files), the performance actually decreases slightly.
If the compression is enabled on the server but not on the client, then the VPN connection will fail.
Set up the client and server certificates using the Setting up public and private keys recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client was running Fedora 22 Linux and OpenVPN 2.3.11. Keep the configuration file, basic-udp-server.conf
, from the Server-side routing recipe from Chapter 2, Client-server IP-only Networks, as well as the client configuration file, basic-udp-client.conf
, at hand.
basic-udp-server.conf
:comp-lzo
Save it as example6-3-server.conf
.
[root@server]# openvpn --config example6-3-server.conf
[root@client]# openvpn --config basic-udp-client.conf
The connection will initiate, but when data is sent over the VPN connection, the following messages will appear:
Initialization Sequence Completed ... write to TUN/TAP : Invalid argument (code=22) ... write to TUN/TAP : Invalid argument (code=22)
During the connection phase, no compression is used to transfer information between the client and the server. One of the parameters that is negotiated is the use of compression for the actual VPN payload. If there is a configuration mismatch between the client and the server, then both the sides will get confused by the traffic that the other side is sending.
This error can easily be fixed for all the clients by just adding another line:
push "comp-lzo"
3.142.40.56