comp-lzo warning

1,120 views
Skip to first unread message

James Gordon

unread,
Jun 6, 2019, 9:32:22 AM6/6/19
to tunnelblick-discuss
Hi,

When users open Tunnelblick in our organization, we get this warning message:

"Warning: This VPN may not connect in the future.
The OpenVPN configuration file for '<account details here>' contains these OpenVPN options:
 • 'comp-lzo' was deprecated in OpenVPN 2.4 and has been or will be removed in a later version

You should update the configuration so it can be used with modern versions of OpenVPN.
Tunnelblick will use OpenVPN 2.4.7 - OpenSSL v1.0.2r to connect this configuration.
However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options."

Is this something to be worried about? As in... Are we using outdated technology? Is anyone else experiencing this as well?

Thank you 

Tunnelblick developer

unread,
Jun 6, 2019, 10:32:18 AM6/6/19
to tunnelblick-discuss
My impression is that many people use comp-lzo, even though there are arguments that in most cases such as typical web browsing, it is better and more secure to not have OpenVPN do the compression, and leave it to the server and browser to use gzip.

There's not much more to say about the error message. OpenVPN 2.4 is the current "stable" OpenVPN, and the OpenVPN folks haven't decided (as far as I know) whether or not to remove comp-lzo from 2.5.

pitam...@googlemail.com

unread,
Jun 27, 2019, 3:27:32 PM6/27/19
to tunnelblick-discuss
Hi, can someone explain whats the matter here is ?
i am connecting to a synology nas with tunnelblick and open vpn on the nas. so did i understand right, when the openvpn version on the server does not change, everything is ok ?

Tunnelblick developer

unread,
Jun 27, 2019, 4:37:30 PM6/27/19
to tunnelblick-discuss
You are correct: if the OpenVPN version on the server doesn't change, there won't be any problem.

However, a firmware update on your NAS could include a new version of OpenVPN, so keep this in mind. If that happens, I would expect Synology would inform you, and you would simply get a new OpenVPN configuration for your Mac from the NAS. But that's up to Synology.

pitam...@googlemail.com

unread,
Jul 1, 2019, 6:28:27 AM7/1/19
to tunnelblick-discuss
thank you for that important information !

Ralf Hildebrandt

unread,
Jul 17, 2019, 9:31:18 AM7/17/19
to tunnelblick-discuss
Basically it would prefer "compress lzo" instead of "comp-lzo"
That's all.

Reply all
Reply to author
Forward
0 new messages