From: Adolf Belka <ahb.ipfire@gmail.com>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Update to version 2.5.0
Date: Wed, 02 Dec 2020 22:31:05 +0100 [thread overview]
Message-ID: <795a39be-2ae9-3c76-ea5f-aebbb4008a32@gmail.com> (raw)
In-Reply-To: <c42dbc7a-496f-6c2c-e900-be3e68d9589e@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4246 bytes --]
Hi Erik,
As my OpenVPN setup uses the strongest encryption I am able to use (currently AES-GCM (256 bit)), I thought I should also test the IPFire OpenVPN-2.5.0 binary with weaker encryption clients and see how that worked with my setup.
I did this for both my laptop (using Network Manager with OpenVPN plugin) and my Android phone using the OpenVPN for Android App. Both the laptop and Android phone are using OpenVPN-2.5.0
I evaluated AES-CBC (128 bit), DES-EDE3-CBC (192 bit) and BF-CBC (128 bit).
The clients were created in IPFire with OpenVPN-2.4.9 binary. They were then imported into the laptop and phone with no modification.
In all three cases on both the laptop and mobile phone the OpenVPN connection was successfully made with the OpenVPN server running with 2.4.9 and 2.5.0.
With the weaker encryption options there was a lot of input in the client logs about using weak ciphers. This occurred whether the IPFire server was running with 2.4.9 or 2.5.0.
So at least with my clients there was no problem with even the very weak ciphers with running clients after changing IPFire to 2.5.0 binary.
Regards,
Adolf.
On 29/11/2020 13:42, Adolf Belka wrote:
> Hi Erik and *,
>
> I have installed the OpenVPN 2.5.0 binary on my system and can confirm that all my clients, mobile and laptop, were able to successfully connect.
>
> Regards,
>
> Adolf.
>
>
> On 26/11/2020 20:19, ummeegge wrote:
>> Hi Michael,
>>
>> Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
>>> Hello,
>>>
>>> I will leave this one then for the next core update where we
>>> hopefully have moved forward with some of the changes to the UI and
>>> more people have verified that this won’t break anything :)
>> OK. According to the work on the WUI, i have pushed all i currently
>> have which can be found in here -->
>> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116
>>
>> Best,
>>
>> Erik
>>
>>
>> Best,
>> -Michael
>>
>>> On 25 Nov 2020, at 23:20, ummeegge <ummeegge(a)ipfire.org> wrote:
>>>
>>> Hi Michael,
>>>
>>> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
>>>> Hello Erik,
>>>>
>>>> Am I right to assume that this cannot be merged without breaking
>>>> anything?
>>> I think it can be merged without breaking something, two more already
>>> known warnings are presant with this update here but it broke
>>> nothing.
>>> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
>>> clients should be OK with this too. Testings might be important.
>>>
>>>>
>>>> Best,
>>>> -Michael
>>>
>>> Best,
>>>
>>> Erik
>>>
>>>>
>>>>> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer(a)ipfire.org>
>>>>> wrote:
>>>>>
>>>>> Signed-off-by: ummeegge <erik.kapfer(a)ipfire.org>
>>>>> ---
>>>>> config/rootfiles/common/openvpn | 1 -
>>>>> lfs/openvpn | 4 ++--
>>>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>>>>
>>>>> diff --git a/config/rootfiles/common/openvpn
>>>>> b/config/rootfiles/common/openvpn
>>>>> index 547842db3..41ccc885e 100644
>>>>> --- a/config/rootfiles/common/openvpn
>>>>> +++ b/config/rootfiles/common/openvpn
>>>>> @@ -19,7 +19,6 @@ usr/sbin/openvpn
>>>>> #usr/share/doc/openvpn/README.down-root
>>>>> #usr/share/doc/openvpn/README.mbedtls
>>>>> #usr/share/doc/openvpn/management-notes.txt
>>>>> -#usr/share/man/man8/openvpn.8
>>>>> var/ipfire/ovpn/ca
>>>>> var/ipfire/ovpn/caconfig
>>>>> var/ipfire/ovpn/ccd
>>>>> diff --git a/lfs/openvpn b/lfs/openvpn
>>>>> index 779bf5520..b026d515b 100644
>>>>> --- a/lfs/openvpn
>>>>> +++ b/lfs/openvpn
>>>>> @@ -24,7 +24,7 @@
>>>>>
>>>>> include Config
>>>>>
>>>>> -VER = 2.4.9
>>>>> +VER = 2.5.0
>>>>>
>>>>> THISAPP = openvpn-$(VER)
>>>>> DL_FILE = $(THISAPP).tar.xz
>>>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>>>>
>>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>>>
>>>>> -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>>>>> +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
>>>>>
>>>>> install : $(TARGET)
>>>>>
>>>>> --
>>>>> 2.20.1
>>>>>
>>>>
>>>
>>>
>>
>>
>>
next prev parent reply other threads:[~2020-12-02 21:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-25 22:26 ummeegge
2020-11-25 22:43 ` Michael Tremer
2020-11-25 23:20 ` ummeegge
2020-11-26 12:05 ` Michael Tremer
2020-11-26 19:19 ` ummeegge
2020-11-29 12:42 ` Adolf Belka
2020-12-01 16:13 ` Michael Tremer
2020-12-02 21:31 ` Adolf Belka [this message]
2020-12-03 11:27 ` ummeegge
2020-12-01 16:14 ` Michael Tremer
2020-12-02 9:18 ` ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=795a39be-2ae9-3c76-ea5f-aebbb4008a32@gmail.com \
--to=ahb.ipfire@gmail.com \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox