Nethserver's openVPN configuration not liked by TunnelBlick (comp-lzo depecrated)


Since some time now I receive this warning when connecting to an Nethserver OpenVPN server :

Warning: This VPN may not connect in the future.

The OpenVPN configuration file for ‘’ contains these OpenVPN options:

‘comp-lzo’ was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5

You should update the configuration so it can be used with modern versions of OpenVPN.

Tunnelblick will use OpenVPN 2.4.6 - OpenSSL v1.0.2o to connect this configuration.

However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.

Probably this config switch should be removed from the config files generated by Nethserver.



Oh. Just noticed it totally by chance :slight_smile:


This option can be removed i suppose.

1 Like


Use the newer --compress instead


Spot on ! :slight_smile:

We could add the new option (compress) for newly created server but not remove the old one, otherwise we will break all existing connections :wink:


reading this

--compress [algorithm]
    Enable a compression algorithm.

    The algorithm parameter may be "lzo", "lz4", or empty. LZO and LZ4 are different compression algorithms, with LZ4 generally offering the best performance with least CPU usage. For backwards compatibility with OpenVPN versions before v2.4, use "lzo" (which is identical to the older option "--comp-lzo yes").

    If the algorithm parameter is empty, compression will be turned off, but the packet framing for compression will still be enabled, allowing a different setting to be pushed later. 
--comp-lzo [mode]
    DEPRECATED This option will be removed in a future OpenVPN release. Use the newer --compress instead.

    Use LZO compression -- may add up to 1 byte per packet for incompressible data. mode may be "yes", "no", or "adaptive" (default).

    In a server mode setup, it is possible to selectively turn compression on or off for individual clients.

    First, make sure the client-side config file enables selective compression by having at least one --comp-lzo directive, such as --comp-lzo no. This will turn off compression by default, but allow a future directive push from the server to dynamically change the on/off/adaptive setting.

    Next in a --client-config-dir file, specify the compression setting for the client, for example:

    comp-lzo yes
    push "comp-lzo yes"

    The first line sets the comp-lzo setting for the server side of the link, the second sets the client side. 

I have the feeling that comp-lzo became compress lzo, for what I understood, it should be compatible. I suppose the setting became obsolete because you can use also LZ4


card created in need review

Issue created:


Just setup some VPN road warriors accounts and the client fails to load with compress lzo in the opvn file but does work with comp-lzo. I manually modified the opvn file and works great.:grinning:
Without that modification the VPN-GUI has a blank screen and the cli complains of the unknown option. compress