I’m setting up my internal infrastructure to use OpenVPN since I want to be able to do a lot of monitoring on the Notiffi system I’m working on and I didn’t want to use an SSH tunnel and I definitely did not want to be sending instrumentation data across the Internet without protection. So I decided to use OpenVPN.
But I had a problem. I was able to connect relatively easily but I could not ping the machines. Routing seemed to be working properly
ip -s route get 192.168.1.1 192.168.1.1 via 192.168.1.5 dev tun0 src 192.168.1.6
and tcpdump was showing traffic over the main eth.
1 2 3 4
tcpdump -nnel -i eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 16:26:18.860693 90:6e:bb:82:ec:38 > 00:18:4d:7b:a8:1f, ethertype IPv4 (0x0800), length 95: 126.96.36.199.43655 > 192.168.15.2.1194: UDP, length 53
But pings were not working. Tried to figure this out for hours, but I just couldn’t find the solution. Then as I was checking the errors logs (after reducing the log level to 1) and I saw this
Oct 18 16:14:58 localhost openvpn: 188.8.131.52:43648 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
That was on the server. I checked the logs on the client and I saw
Oct 18 16:19:58 li114-69 openvpn: Bad LZO decompression header byte: 42
And it got me wondering if there was just a communication problem due to one side expecting compression and the other side not. In other words, that it wasn’t negotiated. I made the configuration change on BOTH ides this time, tried the ping again and it worked.
1 2 3
ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=63 time=0.208 ms