Whilst fiddling around with the Edgemax Lite I came across a bit of an issue whilst connecting
it to my main OpenVPN hub server, the fact that it couldn’t do comp-lzo compression.
Whilst I don’t need to do compression, it’s switched on by default in most OpenVPN distributions
and without it, in my case it caused immense pain on the server end and refused to work.
I hunted high and low for the answer on Ubiquiti’s very good forum and googled the issue to the
Nth degree, but because it’s so new I don’t think anyone has come across this issue yet (or at
least documented it anywhere). So what to do – do I turn off comp-lzo on the server or do I
run another another copy of OpenVPN on it just for the Edgemax?
In the end, I had a bit of a brainwave and remembered it’s a Vyatta, so I googled for that instead
and that lead me to the answer which is :
openvpn-option --comp-lzo
Here’s my complete Openvpn vtun statement :
openvpn vtun0 {
mode client
openvpn-option --comp-lzo
protocol udp
remote-host endpoint-address.com
remote-port 1194
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/cert.crt
key-file /config/auth/cert.key
}
}
And literally that’s all you have to do (well apart from SCP the keys/certs into config/auth) to
get OpenVPN in default UDP flavour working on the box. I haven’t yet tried any other configs
but if the client config works this well I can’t imagine server/site-to-site won’t be too
complicated to get working.