From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4c59vR4td7z2yq9 for ; Mon, 18 Aug 2025 11:48:03 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4c59vN0fkgz2xM3 for ; Mon, 18 Aug 2025 11:48:00 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4c59vM3VFNz1CW; Mon, 18 Aug 2025 11:47:59 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1755517679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3IwA+QxWPx+GOpglliUK565UIKRJHAt6Jobm3XXgcRg=; b=X9xssMyk8DwqnYnZcyfZBxuKBotie3bPBLdRSuS2VAgwYuvG1N9MAsTkNOKT3k8W/ZzhMf ihu2k10offrDagCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1755517679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3IwA+QxWPx+GOpglliUK565UIKRJHAt6Jobm3XXgcRg=; b=mguay9h3d3lzzUmnW1BYZrKTVoY3y2tDcwm3IeJecjRwieg4gap3j+gF0vDwytUsgw4QuA r7ZuHAZ/fkcIkkSpOVpF4bBTJiL1J4rCd14pOv9bGN4mnmgs8xbPk/wn3DbCLNRMHPQKCb XuP0lzquCULsTbXtcskvy+P7LrRlsO1ckzbebG4cXRy9iQKbo8Xeve7Gekdr7Uf/L8YDul 70aU+0Ewmu0vwuKTkU1TveCbak0gHYH4Tbd+/eeYheaWc5LXX4UwI/ewjK1qAU/LNWSxv7 vvZ9a/+eRb3/ho8U6YkswHdFq5eUa1YPM9KJBimiGRfeaz5WsMJ2GRiSmBgbDw== Content-Type: text/plain; charset=utf-8 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Testing out CU198 with OpenVPN-2.7_alpha3 From: Michael Tremer In-Reply-To: <63886579-ceeb-44a6-b24c-0bb72632a0b5@ipfire.org> Date: Mon, 18 Aug 2025 12:47:58 +0100 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: <2347C9DE-BFB2-4C0A-8715-4E501FAE70DF@ipfire.org> References: <63886579-ceeb-44a6-b24c-0bb72632a0b5@ipfire.org> To: Adolf Belka Hello Adolf, This is really valuable work because we might have to start = transitioning OpenVPN changes a lot sooner than the final release is = coming out because of all this bad, static configuration stuff on both = sides of the connection. But this actually proves the opposite. The =E2=80=94-persist-key option = can be easily dropped then. We use it everywhere and it will then become = the default. Very good. Regarding the status, there have been many changes over the years and it = usually should be easy to fix it. Normally more information is being = added and we just need to account for it. Hopefully that is a 5 minute = job. So with this information, I am very relaxed and hopeful that the new 2.7 = release will be an easy update for us and everyone using OpenVPN. Best, -Michael > On 17 Aug 2025, at 14:43, Adolf Belka wrote: >=20 > Hi All, >=20 > I have built and done initial testing of CU198 with = OpenVPN-2.7_alpha3. Here is my initial feedback. >=20 > My N2N connection connected and I could ping between both ends. The = status on the OpenVPN WUI page showed as Connected. >=20 > Only item was that when rebooting the following message shows up in = the boot log when the N2N connection is started >=20 > DEPRECATED: --persist-key option ignored. Keys are now always = persisted across restarts. >=20 >=20 > I the tested out the old existing Android and Linux Laptop client = connections. >=20 > In both cases at the client ends they said they were connected. >=20 > On the Linux Laptop I could ping to a PC on the green network. For = both the Linux Laptop and Android phone I could access the WUI page of = the IPFire system. The logs showed that the clients were connected. >=20 > However in both cases the OpenVPN WUI page stayed showing the RW = connections as disconnected. Accessing the OpenVPN Connection Statistics = never showed any connection existing. >=20 > So the status methodology for the RW's does not seem to be working = with OpenVPN-2.7, even though the connections were successfully = connected and the standard openvpn logs show the rw clients as = connected. >=20 > I will have another go with new client connections and see if that = shows anything different with regard to the status. >=20 > Also need to remember this is the alpha3 release so there might be = bugs still and maybe that is what I am experiencing. >=20 > So RW connections get made but stay showing as disconnected when they = are actually connected. > N2N connections show as connected and are connected. >=20 > Regards >=20 > Adolf >=20 >=20