Changes between Version 26 and Version 27 of Compression


Ignore:
Timestamp:
11/26/21 03:55:52 (2 years ago)
Author:
tct
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Compression

    v26 v27  
    77- The **[https://community.openvpn.net/openvpn/wiki/VORACLE VORACLE Attack]** proves that mixing **compression and encryption**, without great care, can have **disastrous side-effects**.
    88
    9 - OpenVPN is a **single threaded** process, ''which is very busy encrypting and decrypting data''.  Why does ''adding compressing and decompressing'' to the same process sound like a good idea ? Oh, wait .. No, I mean "why does that **not** sound like a good idea ?"[[br]]
    10  ........ confused ? **you will be**.
     9- OpenVPN is a **single threaded** process, ''which is very busy encrypting and decrypting data''.[[br]]  Why does ''adding compressing and decompressing data'' **to the same process** sound like a good idea ? [[br]]Oh, wait .. No, I mean "why does that **not** sound like a good idea ?"[[br]]
     10  Did you see that ? ........ confused ? **you will be**.
    1111
    1212The general consensus is that OpenVPN should not include compression, except under **''unusual circumstances''**.
     
    1818Because most data is already highly compressed and even optimised (eg. Video stream), there is no need for OpenVPN to sort through the entire data stream looking for compressible data .. that is wasting your CPU time on a totally pointless task.
    1919
    20 By "**''Unusual Circumstances''**" what I mean is this: **You control** both Server and Client nodes AND you know that you are transmitting a lot of uncompressed data (eg. Live video stream from a cheap "security" camera) over that VPN link.  In such a case, you can use compression to your advantage.  If you are just some "jock-on-the-road" then you do not need or want to use compression at your end.
     20By "**''Unusual Circumstances''**" what I mean is this: **You control** both Server and Client nodes AND you know that you are transmitting a lot of uncompressed data (eg. Live video stream from a cheap "security" camera) over that VPN link.  In such a case, you can use compression to your advantage.
     21
     22Otherwise, you do not need or want to use compression.
    2123
    2224`TL;DR` OpenVPN are not removing compression but it must be made secure. You do not need it.