Streisand: Tunnelblick / Warning: This VPN may not connect in the future

Created on 26 Apr 2018  路  4Comments  路  Source: StreisandEffect/streisand

Expected behavior:

Tunnelblick connects without warnings and errors.

Actual Behavior:

I see a warning on first connection

Warning: This VPN may not connect in the future.

The OpenVPN configuration file for '1.2.3.4-direct' contains these OpenVPN options:

'comp-lzo' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5

You should update the configuration so it can be used with modern versions of OpenVPN.

Tunnelblick will use OpenVPN 2.4.4 - OpenSSL v1.0.2o to connect this configuration.

However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.

Steps to Reproduce:

  1. Install latest Streisand (as of 26 April 2018)
  2. Try to create first connection with Tunnelblick
  3. See this warning

MacOS 10.11.6 (15G20015)
Tunnelblick 3.7.5a (build 5011)

areopenvpn kinbug kinupdate

All 4 comments

Quick googling says that we can use compress lzo at the cost of profile compatibility with OpenVPN v2.3. The only people I can think of stuck on 2.3 are OpenWrt CC 15.05 users, and they can fix the profiles by hand.

Could we enable LZ4 compression here as well?

I _think_ we might have broken compat already using tls-crypt but I'd have to go back and refresh my memory

@cpu tls-crypt implicitly assumes v2.4, no reason not to change to lz4 compression.

@dandaka Thanks for reporting this warning. It should be fixed in master as of #1310 :tada:

Was this page helpful?
0 / 5 - 0 ratings