subject:"\[Openvpn\-devel\] how to migrate users to \"no compression\" config"

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-28 Thread Arne Schwabe

Am 28.06.19 um 10:26 schrieb Илья Шипицин:
> 
> 
> пт, 28 июн. 2019 г. в 12:49, Gert Doering  >:
> 
> Hi,
> 
> On Fri, Jun 28, 2019 at 12:14:40PM +0500,  ?? wrote:
> > by "high level" compression doc I mean something like that
> >
> > a) road warrior scenario (remote access for enterprise users) -
> should we
> > enable compression ? or traffic usually is compressed ? RDP is
> compressed ?
> > any way to estimate compression (like $gzip_ratio in nginx)
> > b) lz4, lzo, ... which one to choose ?
> > c) how to push compression settings, best practices on that
> >
> > @mattock, what do you think, should some such documentation present on
> > https://openvpn.net ?
> 
> The high level document should propably specify "do not use compression
> at all, unless you have a specific need".
> 
> 
> I agree with that. It might not be very obvious.

The async compression patch will introduce warnings and docs to tell you
not to use compression and will default to async compression effectively
disabling it when used on both ends.

Arne


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-28 Thread Илья Шипицин

пт, 28 июн. 2019 г. в 12:49, Gert Doering :

> Hi,
>
> On Fri, Jun 28, 2019 at 12:14:40PM +0500,  ?? wrote:
> > by "high level" compression doc I mean something like that
> >
> > a) road warrior scenario (remote access for enterprise users) - should we
> > enable compression ? or traffic usually is compressed ? RDP is
> compressed ?
> > any way to estimate compression (like $gzip_ratio in nginx)
> > b) lz4, lzo, ... which one to choose ?
> > c) how to push compression settings, best practices on that
> >
> > @mattock, what do you think, should some such documentation present on
> > https://openvpn.net ?
>
> The high level document should propably specify "do not use compression
> at all, unless you have a specific need".
>

I agree with that. It might not be very obvious.


>
> I'm fairly sure we did publish something along that lines already, but
> have no idea where to look for it.
>
> gert
> --
> "If was one thing all people took for granted, was conviction that if you
>  feed honest figures into a computer, honest figures come out. Never
> doubted
>  it myself till I met a computer with a sense of humor."
>  Robert A. Heinlein, The Moon is a Harsh
> Mistress
>
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-28 Thread Gert Doering

Hi,

On Fri, Jun 28, 2019 at 12:14:40PM +0500,  ?? wrote:
> by "high level" compression doc I mean something like that
> 
> a) road warrior scenario (remote access for enterprise users) - should we
> enable compression ? or traffic usually is compressed ? RDP is compressed ?
> any way to estimate compression (like $gzip_ratio in nginx)
> b) lz4, lzo, ... which one to choose ?
> c) how to push compression settings, best practices on that
> 
> @mattock, what do you think, should some such documentation present on
> https://openvpn.net ?

The high level document should propably specify "do not use compression
at all, unless you have a specific need".

I'm fairly sure we did publish something along that lines already, but
have no idea where to look for it.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-28 Thread Илья Шипицин

by "high level" compression doc I mean something like that

a) road warrior scenario (remote access for enterprise users) - should we
enable compression ? or traffic usually is compressed ? RDP is compressed ?
any way to estimate compression (like $gzip_ratio in nginx)
b) lz4, lzo, ... which one to choose ?
c) how to push compression settings, best practices on that

@mattock, what do you think, should some such documentation present on
https://openvpn.net ?

чт, 27 июн. 2019 г. в 12:39, Gert Doering :

> Hi,
>
> On Wed, Jun 26, 2019 at 11:14:34PM +0200, Arne Schwabe wrote:
> > My patch that enables asymmetrical compression by default adds a bit of
> > documentation in that regard iirc.
>
> Where did that get stuck?  Still in limbo between David and you?
>
> gert
> --
> "If was one thing all people took for granted, was conviction that if you
>  feed honest figures into a computer, honest figures come out. Never
> doubted
>  it myself till I met a computer with a sense of humor."
>  Robert A. Heinlein, The Moon is a Harsh
> Mistress
>
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-27 Thread Arne Schwabe

Am 27.06.19 um 09:39 schrieb Gert Doering:
> Hi,
> 
> On Wed, Jun 26, 2019 at 11:14:34PM +0200, Arne Schwabe wrote:
>> My patch that enables asymmetrical compression by default adds a bit of
>> documentation in that regard iirc.
> 
> Where did that get stuck?  Still in limbo between David and you?
> 

Basically, sent it to mailing list, never got any review or feedback. So
anyone could review/look at it.

Arne


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-27 Thread Gert Doering

Hi,

On Wed, Jun 26, 2019 at 11:14:34PM +0200, Arne Schwabe wrote:
> My patch that enables asymmetrical compression by default adds a bit of
> documentation in that regard iirc.

Where did that get stuck?  Still in limbo between David and you?

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-26 Thread Arne Schwabe

Am 26.06.2019 um 14:19 schrieb Илья Шипицин:
> Should we add some high level documentation on compression?

My patch that enables asymmetrical compression by default adds a bit of
documentation in that regard iirc.


Arne



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-26 Thread Arne Schwabe

Am 26.06.19 um 08:35 schrieb Gert Doering:
> Hi,
> 
> On Wed, Jun 26, 2019 at 01:48:34AM +0500,  ?? wrote:
>> 2) use push "compress empty" (if there's such an option) ?
> 
> you can do 
> 
>   push "compress"
> 
> with no arguments.  According to the docs, this will enable compression
> framing format, but no actual compression.
> 

Better use stub-v2 since that has no extra byte added and is also
compatible with clients that do not have a compress/comp-lzo directive.

(Unless you have packets that look like IPv5)

There is also a IV_STUB_V2=1 (or similar to detect if the client can do
this)

Arne


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-26 Thread Илья Шипицин

Should we add some high level documentation on compression?

On Wed, Jun 26, 2019, 5:05 PM Arne Schwabe  wrote:

> Am 26.06.19 um 08:35 schrieb Gert Doering:
> > Hi,
> >
> > On Wed, Jun 26, 2019 at 01:48:34AM +0500,  ?? wrote:
> >> 2) use push "compress empty" (if there's such an option) ?
> >
> > you can do
> >
> >   push "compress"
> >
> > with no arguments.  According to the docs, this will enable compression
> > framing format, but no actual compression.
> >
>
> Better use stub-v2 since that has no extra byte added and is also
> compatible with clients that do not have a compress/comp-lzo directive.
>
> (Unless you have packets that look like IPv5)
>
> There is also a IV_STUB_V2=1 (or similar to detect if the client can do
> this)
>
> Arne
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

2019-06-26 Thread Gert Doering

Hi,

On Wed, Jun 26, 2019 at 01:48:34AM +0500,  ?? wrote:
> 2) use push "compress empty" (if there's such an option) ?

you can do 

  push "compress"

with no arguments.  According to the docs, this will enable compression
framing format, but no actual compression.

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] how to migrate users to "no compression" config

2019-06-25 Thread Илья Шипицин

Hello,

for example, let us imagine we provisioned a lot of users with config files
containing "comp-lzo"
and we want to migrate them to server without compression.

I see two options

1) set up new server (actually, new udp/tcp ports on the same server) and
send new config to users

2) use push "compress empty" (if there's such an option) ?

Thanks,
Ilya Shipitsin
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

Re: [Openvpn-devel] how to migrate users to "no compression" config

[Openvpn-devel] how to migrate users to "no compression" config

11 matches

Site Navigation

Mail list logo

Footer information