OpenVPN with mbed TLS: no warning for unsupported LZO compression — successfully connects without warning but not operable

[flhofer]

I tried the past days making a VPN connection work on a router using the same ovpn file and credentials which worked on the laptop. I tried to check all log outputs at high verbosity but could not figure out what it was, until I saw this:

Router :

OpenVPN 2.5.8 aarch64-openwrt-linux-gnu [SSL (mbed TLS)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

while the laptop says

OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]

There were no other differences comparing the logs with verb 4 and no warnings regarding data compression or delivery.

I would like to receive a warning, if not an error, when a compression type is not supported, especially if I explicitly set comp-lzo yes instead of compress.

System

• OS: openwrt 23.05
• OpenVPN version: 2.5.8

The problem is hard to detect as small packets happen to be correctly routed and delivered. E.g., a ping works just fine even to routed subnets on the deep end of the server's network. I only noticed that there is something wrong with the payload, as the max transmittable packet size differs on terminals but remains constant in time. For example, on the router no ping with payload greater than 71 byes was ever answered, while on a pc in its LAN the maximum was 297 bytes.

Once I replaced the binary with the OpenSSL-build version, the connection worked right away with all the initial settings from the ovpn file.

Thank you.