From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <ahb.ipfire@gmail.com>
To: development@lists.ipfire.org
Subject: Re: [PATCH] OpenVPN: Update to version 2.5.0
Date: Wed, 02 Dec 2020 22:31:05 +0100
Message-ID: <795a39be-2ae9-3c76-ea5f-aebbb4008a32@gmail.com>
In-Reply-To: <c42dbc7a-496f-6c2c-e900-be3e68d9589e@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7308690210211152003=="
List-Id: <development.lists.ipfire.org>

--===============7308690210211152003==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Erik,

As my OpenVPN setup uses the strongest encryption I am able to use (currently=
 AES-GCM (256 bit)), I thought I should also test the IPFire OpenVPN-2.5.0 bi=
nary with weaker encryption clients and see how that worked with my setup.

I did this for both my laptop (using Network Manager with OpenVPN plugin) and=
 my Android phone using the OpenVPN for Android App. Both the laptop and Andr=
oid phone are using OpenVPN-2.5.0

I evaluated AES-CBC (128 bit), DES-EDE3-CBC (192 bit) and BF-CBC (128 bit).

The clients were created in IPFire with OpenVPN-2.4.9 binary. They were then =
imported into the laptop and phone with no modification.

In all three cases on both the laptop and mobile phone the OpenVPN connection=
 was successfully made with the OpenVPN server running with 2.4.9 and 2.5.0.

With the weaker encryption options there was a lot of input in the client log=
s about using weak ciphers. This occurred whether the IPFire server was runni=
ng with 2.4.9 or 2.5.0.


So at least with my clients there was no problem with even the very weak ciph=
ers with running clients after changing IPFire to 2.5.0 binary.


Regards,


Adolf.


On 29/11/2020 13:42, Adolf Belka wrote:
> Hi Erik and *,
>
> I have installed the OpenVPN 2.5.0 binary on my system and can confirm that=
 all my clients, mobile and laptop, were able to successfully connect.
>
> Regards,
>
> Adolf.
>
>
> On 26/11/2020 20:19, ummeegge wrote:
>> Hi Michael,
>>
>> Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
>>> Hello,
>>>
>>> I will leave this one then for the next core update where we
>>> hopefully have moved forward with some of the changes to the UI and
>>> more people have verified that this won=E2=80=99t break anything :)
>> OK. According to the work on the WUI, i have pushed all i currently
>> have which can be found in here -->
>> https://git.ipfire.org/?p=3Dpeople/ummeegge/ipfire-2.x.git;a=3Dcommit;h=3D=
34af1d714178b2cd0c27e8c39052a8c7ce87d116
>>
>> Best,
>>
>> Erik
>>
>>
>> Best,
>> -Michael
>>
>>> On 25 Nov 2020, at 23:20, ummeegge <ummeegge(a)ipfire.org> wrote:
>>>
>>> Hi Michael,
>>>
>>> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
>>>> Hello Erik,
>>>>
>>>> Am I right to assume that this cannot be merged without breaking
>>>> anything?
>>> I think it can be merged without breaking something, two more already
>>> known warnings are presant with this update here but it broke
>>> nothing.
>>> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
>>> clients should be OK with this too. Testings might be important.
>>>
>>>>
>>>> Best,
>>>> -Michael
>>>
>>> Best,
>>>
>>> Erik
>>>
>>>>
>>>>> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer(a)ipfire.org>
>>>>> wrote:
>>>>>
>>>>> Signed-off-by: ummeegge <erik.kapfer(a)ipfire.org>
>>>>> ---
>>>>> config/rootfiles/common/openvpn | 1 -
>>>>> lfs/openvpn=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | 4 ++--
>>>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>>>>
>>>>> diff --git a/config/rootfiles/common/openvpn
>>>>> b/config/rootfiles/common/openvpn
>>>>> index 547842db3..41ccc885e 100644
>>>>> --- a/config/rootfiles/common/openvpn
>>>>> +++ b/config/rootfiles/common/openvpn
>>>>> @@ -19,7 +19,6 @@ usr/sbin/openvpn
>>>>> #usr/share/doc/openvpn/README.down-root
>>>>> #usr/share/doc/openvpn/README.mbedtls
>>>>> #usr/share/doc/openvpn/management-notes.txt
>>>>> -#usr/share/man/man8/openvpn.8
>>>>> var/ipfire/ovpn/ca
>>>>> var/ipfire/ovpn/caconfig
>>>>> var/ipfire/ovpn/ccd
>>>>> diff --git a/lfs/openvpn b/lfs/openvpn
>>>>> index 779bf5520..b026d515b 100644
>>>>> --- a/lfs/openvpn
>>>>> +++ b/lfs/openvpn
>>>>> @@ -24,7 +24,7 @@
>>>>>
>>>>> include Config
>>>>>
>>>>> -VER=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D 2.4.9
>>>>> +VER=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =3D 2.5.0
>>>>>
>>>>> THISAPP=C2=A0=C2=A0=C2=A0 =3D openvpn-$(VER)
>>>>> DL_FILE=C2=A0=C2=A0=C2=A0 =3D $(THISAPP).tar.xz
>>>>> @@ -40,7 +40,7 @@ objects =3D $(DL_FILE)
>>>>>
>>>>> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
>>>>>
>>>>> -$(DL_FILE)_MD5 =3D 446df6dc29364d00929ea9c725412cb8
>>>>> +$(DL_FILE)_MD5 =3D ba426e2217833b522810d6c06f7cc8f7
>>>>>
>>>>> install : $(TARGET)
>>>>>
>>>>> --=20
>>>>> 2.20.1
>>>>>
>>>>
>>>
>>>
>>
>>
>>

--===============7308690210211152003==--