From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Core 120 openvpn
Date: Thu, 05 Jul 2018 13:51:33 +0200 [thread overview]
Message-ID: <3036b7899354be8400f6d0213ac6a6858756c252.camel@ipfire.org> (raw)
In-Reply-To: <b0d1aaf8-7655-5d1e-baa4-1375beb4ecb7@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2134 bytes --]
Hi Alex,
i can not confirm one of these problems here, have seen also nobody
with that kind of problems in the forum after the update to Core 120.
Problems which has been occured where
- Too old CAs with MD5 in it which the new OpenVPN to not accept
anymore.
- DH-Parameter with 1024 bit which are also not accepted by OpenVPN
anymore.
- Missing Valid til Days value which the new OpenSSL do not accept
anymore.
I use 2.4.5 (meanwhile also 2.4.6 next update) for N2N and RWs on
updated machines but also fresh installed oneĀ“s and have no problem at
all. There was also positive feedback in the forum and also a longer
testing period for this update whereby none of this problems occurs...
So am not sure where this comes from ??
Cheers,
Erik
Am Donnerstag, den 05.07.2018, 05:40 +0200 schrieb Alexander Marx:
> Dear list,
>
> after having trouble upgrading my IPFire 119 to 120 (all OpenVPN
> connections didn't work anymore)
> i downgraded again.
> Now i just upgraded my local linux os to Ubuntu 18.04 and my OpenVPN
> client was not able to connect anymore due to TLS/verification
> failure.
>
> Ok i thought, lets start a fresh install and test if the new core 120
> will do it. Now the hassle starts:
>
> Installed core 120, made a new CA and created an OpenVPN roadwarrior
> connection.
>
> I am NOT able to even import my OpenVPN connection into my OS because
> the config is not recognised as an OpenVPN connection?!
>
> More investigation showed up that there are MISSING parts in the
> client-config.
> The config showed:
>
> #OpenVPN Client conf
> tls-client
> client
> nobind
> dev tun
> proto udp
> tun-mtu
> pkcs12 marx.p12
> cipher
> verb 3
> ns-cert-type server
> verify-x509-name oabusv.dyndns.org name
>
> Missing parts:
> 1) comp-lzo was not added
> 2) tun-mtu has no value (should be 1400 here)
> 3) "remote <servername>"" was missing completely
> 4) "cipher" has no value (should be AES-256-CBC here)
>
> After adding these parts i was able to connect.
>
> Can somebody confirm this?
>
> I wonder if people are able to use IPFire with OpenVPN when using
> Core 120......
>
> Cheers,
>
> Alex
next parent reply other threads:[~2018-07-05 11:51 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <b0d1aaf8-7655-5d1e-baa4-1375beb4ecb7@ipfire.org>
2018-07-05 11:51 ` ummeegge [this message]
2018-07-05 12:09 ` Tom Rymes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3036b7899354be8400f6d0213ac6a6858756c252.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox