From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4c2vhM1Wqjz2xRj for ; Thu, 14 Aug 2025 19:00:35 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4c2vhH4ctSz2xHN for ; Thu, 14 Aug 2025 19:00:31 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4c2vh92N8Zz81 for ; Thu, 14 Aug 2025 19:00:25 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1755198025; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6rgc7LlcGy2FWl4b01kKTLyk0VR7AK5cUo5YNOw7Gao=; b=qY9rJ324PP8CibPt7M1RYfro8YnR1JIzfjzlG+/Tx24RAa2JvzwYu2UWUh2QnQhdWGY0ld drj08mTPg1CXcMBQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1755198025; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6rgc7LlcGy2FWl4b01kKTLyk0VR7AK5cUo5YNOw7Gao=; b=BLeRlKIVeAT5qPYvdA1Ver21jeDNvEGeqt93ty3zSpVG5THHAlPm16OGRmLhOphF7+7na5 lmioUBPlZnM7odGf9xpNqOG4V57i/UVgYQENO/CjClyLu7VZXt3RCXKFn7cjTBTnPqgx2Y Bqxbi6ZqW7kPBAHo2pN0OygiVzc0AfrEC3Tr5RW7XfNcbYSE5lgR/+dTCYT6hmy2CQwm0a oPpxIP0rOZG1U4b7coINHcIIsIakoIIHLMRR7/T8QnGaXQo8WaUf4IfecnQuTmLsfk1RIv j398+TpkEh2UyzLV+KNnX6BAZ32wDNWyLG1vxki6jwPrshDly2naSlrtOh8y5g== Message-ID: <2dab97ce-9ac8-4661-bed6-db20bd4dc42f@ipfire.org> Date: Thu, 14 Aug 2025 21:00:21 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: IPFire 2.29 - Core Update 197 is available for testing From: Adolf Belka To: "IPFire: Development-List" References: <175490371612.107547.14288613781884197415.ipfire@ipfire.org> <8c5b754f-002b-4a80-b757-9a74aeb57f7e@ipfire.org> <29a112a2-0ada-43a1-b0c6-43f336745d43@ipfire.org> Content-Language: en-GB In-Reply-To: <29a112a2-0ada-43a1-b0c6-43f336745d43@ipfire.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi All, On 11/08/2025 16:51, Adolf Belka wrote: > Hi All, > > Further testing feedback of OpenVPN-2.6 > > I tested out the existing client connections to my android phone and my linux laptop. > > Both connections connected. Ping worked on the laptop but not on the android. Accessing the IPFire WUI via the openvpn rw tunnel worked for both android and laptop. > > I then created new client connections. > > The linux laptop connection worked without any issues. > > The android client did not want to work with the .ovpn file with the certificates built in. It said that it had obtained the required info from inline but the connection failed within a couple of lines in the log, so some problem. > > I then removed the inline certificate lines from the .ovpn file and used the .p12 and ta.key files, adding the appropriate lines into the .ovpn file to reference them. > > The connection worked without any problem. In addition the ping now worked with this android connection. > > Regards, > > Adolf. > > > On 11/08/2025 16:01, Adolf Belka wrote: >> Hi All, >> >> Have found a little issue. Not sure if it is critical or not. >> >> My existing connections on OpenVPN are working fine and the network topology has been changed in most places but not in the ccd files. >> >> I have a connection called ipfiretesting which before the upgrade had 10.110.30.5 and 10.110.30.6. >> >> After the upgrade to 197 if I edit the entry it shows that it is using 10.110.30.6 >> >> However if I look in /var/ipfire/ovpn/ccd/ipfiretesting it still has the line >> >> ifconfig-push 10.110.26.6 10.110.26.5 >> >> If I then create a new client connection then all the ccd files get updated and ipfiretesting now contains >> >> ifconfig-push 10.110.30.6 255.255.255.0 >> >> So if a user upgrades but doesn't create a new client connection all the ccd files will stay with the old format. Not sure what this would or wouldn't do for the connection but I think after the upgrade it would be good to update all the ccd files but not sure how to make that happen. I can confirm that the recent commits on ovpnmain.cgi have resolved the issue of the ccd files not being updated during the update. I also noted that backup.pl was modified to do the same thing. I had not thought about testing an old backup yet. It seems obvious but it just hadn't come to my mind. However with this backup.pl commit it triggered me to test out doing a restore from CU106 into CU197 and I can confirm that the ccd settings are updated as are the client connection .ovpn contents. I can also confirm that my CU196 client connection that was restored and updated to the CU197 openvpn-2.6 settings connected successfully. So this issue that I reported can be considered fixed. Regards, Adolf. >> >> Regards, >> >> Adolf. >> >> On 11/08/2025 11:28, IPFire Project wrote: >>> **IPFire 2.29 – Core Update 197** is now available for testing. This release introduces a significant overhaul of OpenVPN, upgrading to version 2.6 with improved security, broader client compatibility, and a modernised codebase — all without requiring changes to existing configurations. System performance has also been optimised to allow the CPU to remain in power-saving states more often, reducing energy consumption. As with every release, this update includes a large number of package updates to ensure your system remains secure and reliable. >>> ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ >>> >>> >>>   IPFire_ >>> >>> >>>   IPFire 2.29 - Core Update 197 is available for testing >>> >>> **IPFire 2.29 – Core Update 197** is now available for testing. This release introduces a significant overhaul of OpenVPN, upgrading to version 2.6 with improved security, broader client compatibility, and a modernised codebase — all without requiring changes to existing configurations. System performance has also been optimised to allow the CPU to remain in power-saving states more often, reducing energy consumption. As with every release, this update includes a large number of package updates to ensure your system remains secure and reliable. >>> >>> Read The Full Post On Our Blog >>> >>> The IPFire Project, c/o Lightning Wire Labs GmbH, Gerhardstraße 8, 45711 Datteln, Germany >>> >>> Unsubscribe >>> >> >