LZS decompression failed: File too large

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 31 July 2018 at 23:54, Daniel Lenski <dlenski at gmail.com> wrote:
> On Tue, Jul 31, 2018 at 5:32 AM, Jeroen Balduyck
> <jeroen.balduyck at gmail.com> wrote:
>> On Opnsense (Freebsd) I'm running Openconnect in client mode. I get
>> this unusual error:
>>
>> LZS decompression failed: File too large.
>
> openconnect --compression=none should provide an immediate workaround,
> by disabling compression of tunneled packets.
>
> It looks like you're connecting to an ocserv server. Can you include
> the full output of openconnect --version, ocserv --version, including
> the libraries?
>
> Dan

Hi Daniel,

I have already tried -D,--no-deflate but that highly impacted the
throughput (went from 70 Mbps to 10-ish Mbps). I'll try with
--compression=none. Not sure what the difference between those 2 is?

Anyway, here is the version information:

Version info on the Opnsense box:
-----------------------------------------------
openconnect --version
OpenConnect version v7.08-unknown
Using OpenSSL. Features present: TPM (OpenSSL ENGINE not present),
HOTP software token, TOTP software token, DTLS


I'm sorry but I'm not sure about what you meant by 'including
libraries'. So I guessed you want the version of the OpenSSL-library?

openssl version -a
OpenSSL 1.0.2k-freebsd  26 Jan 2017
built on: date not available
platform: FreeBSD-amd64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: clang
OPENSSLDIR: "/etc/ssl"

Version info on ocserv server:
------------------------------------------
Pending request. I know they are running 0.11.9 but they don't seem to
forthcoming on giving me more info:-)

Some other remarks:
---------------------------

1) On my Macbook Pro the negotiated encr. algo is AES-256-GCM. On
Opnsense it is AES256-CBC-SHA. Not sure why as the Opnsense box also
supports the GCM-cipher. But that is probably just a setting somewhere
or a difference in the TLS cipher negotiation. I do know the server
prefers the GCM-ciphers as it is in the online documentation. Still,
it appears strange to me the GCM cipher is not being selected?
2) On the Macbook GnuTLS is used instead of OpenSSL
3) Version info lacks "-unknown" suffix on the Macbook
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux