From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge <ummeegge@ipfire.org> To: development@lists.ipfire.org Subject: Re: Core 120 openvpn Date: Thu, 05 Jul 2018 13:51:33 +0200 Message-ID: <3036b7899354be8400f6d0213ac6a6858756c252.camel@ipfire.org> In-Reply-To: <b0d1aaf8-7655-5d1e-baa4-1375beb4ecb7@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2423571631148766534==" List-Id: <development.lists.ipfire.org> --===============2423571631148766534== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hi Alex, i can not confirm one of these problems here, have seen also nobody with that kind of problems in the forum after the update to Core 120. Problems which has been occured where - Too old CAs with MD5 in it which the new OpenVPN to not accept anymore. - DH-Parameter with 1024 bit which are also not accepted by OpenVPN anymore. - Missing Valid til Days value which the new OpenSSL do not accept anymore. I use 2.4.5 (meanwhile also 2.4.6 next update) for N2N and RWs on updated machines but also fresh installed oneĀ“s and have no problem at all. There was also positive feedback in the forum and also a longer testing period for this update whereby none of this problems occurs... So am not sure where this comes from ?? Cheers, Erik Am Donnerstag, den 05.07.2018, 05:40 +0200 schrieb Alexander Marx: > Dear list, > > after having trouble upgrading my IPFire 119 to 120 (all OpenVPN > connections didn't work anymore) > i downgraded again. > Now i just upgraded my local linux os to Ubuntu 18.04 and my OpenVPN > client was not able to connect anymore due to TLS/verification > failure. > > Ok i thought, lets start a fresh install and test if the new core 120 > will do it. Now the hassle starts: > > Installed core 120, made a new CA and created an OpenVPN roadwarrior > connection. > > I am NOT able to even import my OpenVPN connection into my OS because > the config is not recognised as an OpenVPN connection?! > > More investigation showed up that there are MISSING parts in the > client-config. > The config showed: > > #OpenVPN Client conf > tls-client > client > nobind > dev tun > proto udp > tun-mtu > pkcs12 marx.p12 > cipher > verb 3 > ns-cert-type server > verify-x509-name oabusv.dyndns.org name > > Missing parts: > 1) comp-lzo was not added > 2) tun-mtu has no value (should be 1400 here) > 3) "remote <servername>"" was missing completely > 4) "cipher" has no value (should be AES-256-CBC here) > > After adding these parts i was able to connect. > > Can somebody confirm this? > > I wonder if people are able to use IPFire with OpenVPN when using > Core 120...... > > Cheers, > > Alex --===============2423571631148766534==--