(In reply to Manoharan from comment #0)
> I am using NetworkManager OpenVPN plugin version 1.2.4 (in Arch Linux)
> 
> I have the LZO compression disabled (as the remote doesnt support it). But
> when I try to connect, It gives me a warning, that the local config has
> comp-lzo enabled. It works well with the version 1.2.2 though

Having comp-lzo=no is not the same as disabling LZO, but it means "turn off compression by default, but allow a future directive push from the server to dynamically change" according to 'man openvpn'. So I think you should remove altogether the comp-lzo=no option from VPN configuration. With nm-connection-editor you can simply uncheck the "use LZO data compression" flag.

Probably there was a change in behavior between 1.2.2 and 1.2.4, but I think the new way of handling the LZO option is more correct as it matches openvpn's options.

(In reply to Beniamino Galvani from comment #1)
> (In reply to Manoharan from comment #0)
> > I am using NetworkManager OpenVPN plugin version 1.2.4 (in Arch Linux)
> > 
> > I have the LZO compression disabled (as the remote doesnt support it). But
> > when I try to connect, It gives me a warning, that the local config has
> > comp-lzo enabled. It works well with the version 1.2.2 though
> 
> Having comp-lzo=no is not the same as disabling LZO, but it means "turn off
> compression by default, but allow a future directive push from the server to
> dynamically change" according to 'man openvpn'. So I think you should remove
> altogether the comp-lzo=no option from VPN configuration. With
> nm-connection-editor you can simply uncheck the "use LZO data compression"
> flag.
> 
> Probably there was a change in behavior between 1.2.2 and 1.2.4, but I think
> the new way of handling the LZO option is more correct as it matches
> openvpn's options.

I have the option "use LZO data compression" option disabled in the connection configuration as well.

Hi,

this is an issue in Fedora and Debian as well:

https://bugzilla.redhat.com/show_bug.cgi?id=1355688
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833166

I have attached my syslog in the Debian bugreport

(In reply to Manoharan from comment #2)

> I have the option "use LZO data compression" option disabled in the
> connection configuration as well.

Just to confirm, does the output of 'nmcli connection show <con-name>' still have the comp-lzo option? And if it's there, can you please remove it from /etc/NetworkManager/system-connections/<con-name>, perform a 'nmcli connection reload' and try to connect again?


(In reply to Erbureth from comment #3)
> Hi,
> 
> this is an issue in Fedora and Debian as well:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1355688
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833166
> 
> I have attached my syslog in the Debian bugreport

Same question, can you please paste the output of 'nmcli -f vpn.data connection show <con-name>' and try to remove the the comp-lzo option if it's in there?

(In reply to Beniamino Galvani from comment #4)

> Same question, can you please paste the output of 'nmcli -f vpn.data
> connection show <con-name>'

$ nmcli -f vpn.data connection show Seznam\ VPN 
vpn.data:                               cert = /home/kriho/VPN/jan.kriho.pem, key = /home/kriho/VPN/jan.kriho.key, ca = /home/kriho/VPN/cacert.pem, dev-type = tun, mssfix = no, proto-tcp = no, cert-pass-flags = 1, comp-lzo = no, remote = {vpnserver}, connection-type = tls, remote-random = no

> and try to remove the the comp-lzo option if
> it's in there?

$ nmcli -f vpn.data connection show Seznam\ VPN 
vpn.data:                               cert = /home/kriho/VPN/jan.kriho.pem, key = /home/kriho/VPN/jan.kriho.key, ca = /home/kriho/VPN/cacert.pem, dev-type = tun, mssfix = no, cert-pass-flags = 1, proto-tcp = no, remote = {vpnserver}, connection-type = tls, remote-random = no

After the workaround the connection is working again.

(In reply to Beniamino Galvani from comment #4)
> (In reply to Manoharan from comment #2)
> 
> > I have the option "use LZO data compression" option disabled in the
> > connection configuration as well.
> 
> Just to confirm, does the output of 'nmcli connection show <con-name>' still
> have the comp-lzo option? And if it's there, can you please remove it from
> /etc/NetworkManager/system-connections/<con-name>, perform a 'nmcli
> connection reload' and try to connect again?
> 

Yes, the output shows "comp-lzo=no" option (and with that the VPN connection doesnt work). Once I remove that manually from /etc/NetworkManager/system-connections/<name> and did a reload and the connection started to work. The below output is after removal of the option (the workaround config that works)

vpn.data:                               ca = /home/xxx/root.ca, username = xxx, mssfix = no, port = 1194, tunnel-mtu = 1300, proto-tcp = no, cipher = AES-128-CBC, remote = yyy.com, password-flags = 1, auth = SHA1, connection-type = password, remote-random = no


> 
> (In reply to Erbureth from comment #3)
> > Hi,
> > 
> > this is an issue in Fedora and Debian as well:
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1355688
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833166
> > 
> > I have attached my syslog in the Debian bugreport
> 
> Same question, can you please paste the output of 'nmcli -f vpn.data
> connection show <con-name>' and try to remove the the comp-lzo option if
> it's in there?

this is now fixed in nm-openvpn upstream to restore the old meaning:

https://git.gnome.org/browse/network-manager-openvpn/commit/?id=62bdd278d69cc396479af9d05a0b776d5ad386bf




plasma-nm should also be fixed, so that it sets "no-by-default" instead of "no" after https://quickgit.kde.org/?p=plasma-nm.git&a=commit&h=31bcd5f2cffd1c19fbd10ab0f4172f2d82eff194

(In reply to Thomas Haller from comment #7)
> plasma-nm should also be fixed, so that it sets "no-by-default" instead of
> "no" after
> https://quickgit.kde.org/?p=plasma-nm.
> git&a=commit&h=31bcd5f2cffd1c19fbd10ab0f4172f2d82eff194

For the record: the bug against plasma-nm: https://bugs.kde.org/show_bug.cgi?id=366640