From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: OpenVPN-2.5.0 update procedure and idea collector
Date: Mon, 23 Nov 2020 15:52:08 +0100 [thread overview]
Message-ID: <47067ba1b027ad6683edf3490c6270768d31aee5.camel@ipfire.org> (raw)
In-Reply-To: <H000007e004d72fc.1606141706.mail.at4b.com@MHS>
[-- Attachment #1: Type: text/plain, Size: 2726 bytes --]
Am Montag, den 23.11.2020, 09:28 -0500 schrieb Kienker, Fred:
> Eric:
>
> The idea of putting all of the encryption settings on one page is a
> good
> one. There are now so many encryption settings and choices that they
> really need their own page.
Yes, and there are even more may also good directives ;-) .
>
> The settings changes, at first look, should work but sometimes these
> backwards compatibility settings don't always work as advertised..
> Testing with a variety of clients and both the current and reasonable
> legacy versions would be recommended, even if it is hard to get
> people
> to assist. With OpenVPN people have a tendency to set it up, get it
> working and leave it alone until it stops working so there are always
> a
> lot of old clients out there.
Exactly, the --data-cipher-fallback uses the index of the already
configured --cipher, in that case no interaction is needed from the
user to run the old system. To enable the new --data-ciphers option the
user would need to interact (at least press the save button in the
advanced section) which is not needed in that case... So was my
implementation idea...
>
> Best regards,
> Fred
Best,
Erik
>
> Please note: Although we may sometimes respond to email, text and
> phone
> calls instantly at all hours of the day, our regular business hours
> are
> 9:00 AM - 6:00 PM ET, Monday thru Friday.
>
> -----Original Message-----
> From: ummeegge <ummeegge(a)ipfire.org>
> Sent: Monday, November 23, 2020 4:15 AM
> To: development(a)lists.ipfire.org
> Subject: Re: OpenVPN-2.5.0 update procedure and idea collector
>
> Some additions and WUI restructure ideas after some more testings.
>
> '--cipher' is no longer needed if '--data-cipher-fallback' is in
> usage,
> there is also no need for '--data-ciphers' for the first if '--data-
> cipher-fallback' is active. The client can still uses the '--cipher
> alg'
> directive and the 2.5.0 server responds with '--data-ciphers-
> fallback
> alg' .
>
> The idea: Remove the cipher section from the global area from the
> WUI,
> rename simply '--cipher' to '--data-ciphers-fallback' in server.conf
> and
> keep the index, include the 'DCIPHER' (also 'DAUTH' and 'TLSAUTH')
> variable(s) to the advanced encryption section with the related
> indexes
> to keep the old configuration but set also new defaults for new
> configurations.
>
> If '--data-ciphers' is active, all old clients have the chance with
> e.g.
> an old CBC cipher to migrate also to newer clients step-by-step so we
> can get rid of the old broken algorithms like CAST, DES and BF since
> they won´t appear in the new advanced encryption section...
>
>
> As an idea !?
>
> Best,
>
> Erik
>
>
>
next prev parent reply other threads:[~2020-11-23 14:52 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-22 16:30 ummeegge
2020-11-23 9:14 ` ummeegge
2020-11-23 14:28 ` Kienker, Fred
2020-11-23 14:52 ` ummeegge [this message]
2020-11-23 18:06 ` Michael Tremer
2020-11-26 18:47 ` ummeegge
2020-11-26 22:33 ` Adolf Belka
2020-11-27 7:20 ` ummeegge
2020-11-27 12:19 ` Adolf Belka
2020-11-27 13:23 ` ummeegge
2020-11-27 16:43 ` ummeegge
2020-11-27 12:40 ` Adolf Belka
2020-11-27 13:24 ` ummeegge
2020-11-28 5:52 ` ummeegge
2020-11-28 14:12 ` Adolf Belka
2020-11-28 16:00 ` Adolf Belka
2020-11-29 11:15 ` ummeegge
2020-11-29 13:12 ` Adolf Belka
2020-11-29 18:36 ` ummeegge
2020-11-23 11:41 ` Adolf Belka
2020-11-23 14:44 ` ummeegge
2020-11-23 18:00 ` Michael Tremer
2020-11-23 22:29 ` Adolf Belka
2020-11-24 15:27 ` ummeegge
2020-12-14 14:13 ` Michael Tremer
2020-12-14 14:09 ` Michael Tremer
2020-11-23 17:58 ` Michael Tremer
2020-11-23 19:49 ` ummeegge
2020-11-23 22:38 ` Adolf Belka
2020-11-25 17:10 ` ummeegge
2020-12-14 14:05 ` Michael Tremer
[not found] <92ba003d-a1a9-4f7e-0608-35ff42f64bf8@gmail.com>
2020-12-01 4:26 ` ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47067ba1b027ad6683edf3490c6270768d31aee5.camel@ipfire.org \
--to=ummeegge@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox