Category Archives: Howto Tutorials (EN)

Knowledge Network for Tutorials, Howto’s, Workaround, DevOps Code for Professionals.

OpenVPN Connection fails on iOS and Android

Here my experience using OpenVPN connection on iOS and Android mobile device. When you try to start a connection with the OpenVPN Connect App.

When you try to start a connection with OpenVPN Connect on your iOS or Android device, the VPN connection is established but no network resources can be reached, also you may find the error message in the OpenVPN server log;

Bad compression stub (swap) decompression header

Error openvpn_server1 user1/10.11.0.2:38767 Bad compression stub (swap) decompression header byte: 250

How to solve this issue, it comes to works perfectly with add options in the OpenVPN server configuration. I use here a Synology NAS and an OPNsense as a VPN server in this experience report.

allow-compression no
push "compress migrate"

This completely deactivates full and asymmetric compression, which is useful for functionality and secure communication with OpenVPN mobile clients. These finding can give valuable hints to make your users happy.

Note. The options are used to provision the OpenVPN clients, existing clients can continue to make VPN connections, the settings do not have to be changed manually.

How do I know that no compression is in use?

You will find the statistics of the OpenVPN connection in the log file. This way you can also see the state of the compression, like in the screenshots below.

OpenVPN Connection to Synology NAS

I have an OpenVPN server package installed on my Synology NAS, and the OpenVPN client on my iPhone 15 (iOS 17.3.1) is able to connect to it over a cellular connection. FileBrowserGO is then able to connect to the Synology using the OpenVPN Server’s LAN IP address.

We have tried this with both a UDP and TCP based OpenVPN connection (forwarding port 1194) to the Synology NAS. I would recommend trying an IP Address in FileBrowserGO’s “Name or URL” field, to avoid the DNS lookup stage of the connection.

To prevent compression on the OpenVPN server on a Synology NAS, you can open the VPN server in DSM under OpenVPN and disable the option Use compression on the VPN connection. If you enable ssh then you can log in with an ssh terminal to open the configuration file.

$ sudo vi /usr/syno/etc/packages/VPNCenter/openvpn/openvpn.conf

OpenVPN Connect from iOS, Android to OPNsense

I went through it with another environment with deploy a virtual OPNsense using the OpenVPN Server. To do this, go to VPN -> OpenVPN -> open the corresponding server, here under Compression select “No Preference”, next add the two lines in the box under Advanced configuration, then save changes.

OpenVPN Connection fails on iOS and Android
OPNsense GUI: VPN – OpenVPN – Servers

Restart the OpenVPN server again and launch a VPN connection with your iOS or Android mobile device.

Change Interface Static IP Address on Debian

This tutorial walks through the interface configuration to change the static IP address in the command line on Debian 12. In easy-to-implement steps show how to change a static IP address in the terminal, especially on a Debian server there is commonly no graphical user interface available. The following content provided the required commands for reference.

Change Interface Static IP Address on Debian

/etc/network/interfaces

By default, Debian creates the interface configuration using Dynamic Host Control Protocol to dynamically assigns an IP during deployment, with information such as IP address, netmask and gateway as well as the DNS server being obtained from a DHCP server.

Change Interface Static IP Address on Debian

Follow these steps to set up and configure a static interface IP address.

  1. Log in to remote server using ssh command.
  2. Backup the interfaces file with cp /etc/network/interfaces /root/
  3. Edit the /etc/network/interfaces file.
$ vi /etc/network/interfaces

This the static interfaces configuration file on Debian.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens192
iface ens192 inet static
  address 203.0.113.3
  netmask 255.255.255.0
  gateway 203.0.113.1
  dns-nameservers 1.1.1.1 1.0.0.1

The settings above is an example. Replace the IP addresses with your actual addresses. Make sure do not change the loopback network interface.

Add Second IP Address on Debian

If a second IP address is required on the network interface, an additional address can be assigned as follows, add to the end of the file.

auto ens192:1
allow-hotplug ens192:1
iface ens192:1 inet static
  address 10.0.0.3/24

Restart Networking Service

Restart the networking service so that the updated configuration can be applied with run these command.

$ systemctl restart networking

Change Interface Static IP Address using ip

For example, given the IP addresses used in the previous sections, if we want to change the IP address (to 203.0.113.3/24), we would run the following command.

$ ip addr add 203.0.113.3/24 dev ens192

Note. This command does not permanently change the configuration.

Change Static IP Address using ifconfig

On modern distributions, the “ifconfig” command has been completely deprecated and it is now advised to use the “ip” command.

However, you should still be able to use the “ifconfig” to change the interface IP address. First you must perform the next command.

$ apt install net-tools -y

For example, if you want to change the IP address (to 203.0.113.3/24), you would run the following command using ifconfig.

$ ifconfig ens192 203.0.113.3 netmask 255.255.255.0 up

Your second interface IP address will be added as follows.

$ ifconfig ens192:0 10.0.0.3 netmask 255.255.255.0 up

View interface IP Addresses

Use the “ip a” or “ip link” command to list your network interfaces. Note replace the interface name you want to configure, e.g. eth0 or wlp2s0 or ens192 or whatever it’s called.

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:ac:28:ac:76:d2 brd ff:ff:ff:ff:ff:ff
    inet 203.0.113.3/24 brd 203.0.113.255 scope global ens192
       valid_lft forever preferred_lft forever
    inet 10.0.0.3/24 scope global ens192:1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:feac:76d2/64 scope link
       valid_lft forever preferred_lft forever

Conclusion

In this tutorial, we have learned how to configure a static interface IP address on Debian 12 “Bookworm” server. Your server is now configured to use static IP address. In a typical network, there are two ways to assign IP addresses. One is using DHCP and another is static IP assignment. DHCP or Dynamic Host Control Protocol dynamically assigns an IP address to an interface. It requires a DHCP server running in the network. In the static IP assignment, we manually assign the IP address, routing gateway, and DNS resolvers. Static IP assignment gives to more control on assigning an IP address and setting the DNS resolvers.