ER8411 Client to site VPN not working because of compression

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER8411 Client to site VPN not working because of compression

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER8411 Client to site VPN not working because of compression
ER8411 Client to site VPN not working because of compression
2024-01-25 22:19:02 - last edited 2024-01-29 08:04:00
Tags: #VPN
Model: ER8411  
Hardware Version: V1
Firmware Version: 1.2.0

 

Hi,

 

I am using Omada Controller Omada_Controller_Windows_v5.13.23 to configure the VPN configuration.

OpenVPN is able to connect on the client client side, but no data is trasmited / received. Same issue when I tried SSL OpenVPN 

How can I solve the issues?

 

Cliend connection log:

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER8411 Client to site VPN not working because of compression-Solution
2024-01-26 11:55:24 - last edited 2024-01-29 08:04:00

@Clive_A 

I suppose this is related to the-voracle-attack-vulnerability, described by openvpn net wiki VORACLE

 

When I configure in OpenVPN 3.4.0 advance settings, from default mode lagacy to insecure, VPN works, but very slow, my ISP net should be 1Gbs, speed

 

 

Recommended Solution
  0  
  0  
#5
Options
5 Reply
Re:ER8411 Client to site VPN not working because of compression
2024-01-25 22:21:41
OpenVPN client file: client dev tun proto udp remote x.x.x.x 1194 resolv-retry infinite nobind persist-key persist-tun cipher AES-256-CBC comp-lzo no verb 3 mute 20 auth-user-pass remote-cert-tls server reneg-sec 0 explicit-exit-notify
  0  
  0  
#2
Options
Re:ER8411 Client to site VPN not working because of compression
2024-01-26 02:33:24

Hi @TheVendor 

Thanks for posting in our business forum.
1. What kind of controller do you use?

2. How do you verify that you are not connected to the other end?

3. What's the WAN IP address in controller > router (on the right page) > WAN status?

 

Please mosaic your sensitive information. Here is a list of information considered sensitive:

1. Public IP address on your WAN if your WAN is.

2. Real MAC address of your device.

3. Your personal information including address, domain name, and credentials.

For troubleshooting purposes, when a WAN IP is needed, please leave some values visible for identification.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#3
Options
Re:ER8411 Client to site VPN not working because of compression
2024-01-26 08:55:08

Hi @Clive_A

 

1: Controller: Omada Controller for Windows v5.13.23

2: On Omada Controiller "VPN Status" view, the client is connected,

- the Client vpn config file, was modified to have the DNS domain, that points to my public ip address of the network

- connection is done from Android phone, using mobile data to simulate a remote connection

- after some time connected using OpenVPN connection starts to work, but not expected speed 4MB, and not working all the time

3: My ER8411 Public IP address is 10.0.10.1, from provider modem traffic is redirected using DMZ redirect rule to the ER8411 router.

- to the ER8411 router I have configured a switch and a Wirless AP router and internet works

- WAN status is Online all the time, I have other devices in the network and internet works

 

  0  
  0  
#4
Options
Re:ER8411 Client to site VPN not working because of compression-Solution
2024-01-26 11:55:24 - last edited 2024-01-29 08:04:00

@Clive_A 

I suppose this is related to the-voracle-attack-vulnerability, described by openvpn net wiki VORACLE

 

When I configure in OpenVPN 3.4.0 advance settings, from default mode lagacy to insecure, VPN works, but very slow, my ISP net should be 1Gbs, speed

 

 

Recommended Solution
  0  
  0  
#5
Options
Re:ER8411 Client to site VPN not working because of compression
2024-01-29 07:57:41 - last edited 2024-01-29 08:05:19

Hi @TheVendor 

Thanks for posting in our business forum.

TheVendor wrote

@Clive_A 

I suppose this is related to the-voracle-attack-vulnerability, described by openvpn net wiki VORACLE

 

When I configure in OpenVPN 3.4.0 advance settings, from default mode lagacy to insecure, VPN works, but very slow, my ISP net should be 1Gbs, speed

 

Yes. That's the reason. Compression is disabled by 3.4.0 OVPN on Android. That's causing trouble for many users. Remove the string in the config or set up like your screenshot would resolve the issue.

 

1Gig symmetric? Do you have a screenshot of the speed test?

And how do you verify it? Methods and speed result screenshots, please.

 

BTW, you should use UDP if you want a faster speed.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#7
Options