reject compression by default

With this change the value of '--allow-compression' is set to 'no'.
Therefore compression is not enabled by default and cannot be enabled
by the server either.

This change is in line with the current trend of not recommending
compression over VPN tunnels for security reasons (check Voracle).

Of top of that compression is mostly useless nowadays, therefore
there is not real reason to enable it.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20210904095629.6273-4-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22797.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 6 insertions, 0 deletions

diff --git a/doc/man-sections/generic-options.rst b/doc/man-sections/generic-options.rst
index c746e23..114faa4 100644
--- a/doc/man-sections/generic-options.rst
+++ b/doc/man-sections/generic-options.rst
@@ -61,6 +61,12 @@ which mode OpenVPN is configured as.
   Note: Using this option reverts defaults to no longer recommended
   values and should be avoided if possible.
 
+  The following table details what defaults are changed depending on the
+  version specified.
+
+  - 2.5.x or lower: ``--allow-compression asym`` is automatically added
+    to the configuration if no other compression options are present.
+
 --config file
   Load additional config options from ``file`` where each line corresponds
   to one command line option, but with the leading '--' removed.