Support OpenVPN 2.4 and 2.5 'compress' options
OpenVPN 2.4 introduced 'stub-v2' as a compression mode which disables compression but retains compression framing (note that for some reason, 'stub-v2' was not listed in the manpage until 2.5, but it was added in the first alpha of 2.4).
With the introduction of OpenVPN 2.5 and the VORACLE attack, OpenVPN is suggesting using 'stub-v2' as part of the "soft-migration" process to move clients off of compression. See VORACLE for a reference.
We attempted to do this switchover for our team, and it is working with other openvpn clients. However, our teammates using the GNOME network manager find themselves unable to parse config files that contain compress stub-v2
, even when they are running the newest versions of the libraries.
I believe this is happening because the GNOME network manager is doing its own validation on the 'compress' values, and it's only allowing lzo
, lz4
, and lz4-v2
. The relevant line is here: https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/blob/717a1d41be0b039778b4eb85bca57f9356bb87aa/properties/import-export.c#L1027-1028
Wondering what the rationale is behind not supporting the full gamut of 2.4 compression options, especially when recommended for migrations such as this. Would it be possible to add stub-v2
support?