Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 16588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN and OpenVPN2.5 compatibility issue

DamoL

Hi,

Tunnelblick (Mac VPN program) is now giving me this warning when I use it to connect to UTM SSLVPN (remote access mode).

"Warning: This VPN may not connect in the future"
'comp-lzo' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5

Yes, I can remove this option from my own VPN config, but I'm not going to do it for 100 of my users. Will Sophos remove it or add an option so its not included in the config file users download? 

Regards
Damien



This thread was automatically locked due to age.
Parents Reply
  • +1 in reply to DamoL

    Do not do the following without explicit approval in an email from Sophos Support!

    As root at the command line:

    cp /var/sec/chroot-openvpn/etc/openvpn/openvpn.conf /var/sec/chroot-openvpn/etc/openvpn/openvpn.conf.bak
    cp /var/sec/chroot-openvpn/etc/openvpn/openvpn.conf-default /var/sec/chroot-openvpn/etc/openvpn/openvpn.conf-default.bak

    edit /var/sec/chroot-openvpn/etc/openvpn/openvpn.conf

    Delete the line containing comp-lzo and write.

    edit /var/sec/chroot-openvpn/etc/openvpn/openvpn.conf-default

    Delete the line containing comp-lzo [<DISABLE_COMP>] and write.

    Reboot.

    No changing of the client configs is required.

    You should be OK going forward unless Sophos changes openvpn.conf-default without removing comp-lzo.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML