From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cCFPT72sYz2y17 for ; Thu, 28 Aug 2025 08:46:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cCFPQ2Fhmz2xP7 for ; Thu, 28 Aug 2025 08:46:34 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cCFPP1dKCzCj; Thu, 28 Aug 2025 08:46:33 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1756370793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+bgheTozBX0UYS1wbdOH4DrOcyHBzZIGZRDagtnR1WY=; b=rI6trqbU7VCRsp/ZnNaGBcYO1aDvD1+PfZGxE19pcwnH6F6qihRACZl1JWIsbNpvThZjta XY6XViounhNqTADA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1756370793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+bgheTozBX0UYS1wbdOH4DrOcyHBzZIGZRDagtnR1WY=; b=revLvypGZ9hJQ1cALwmG08YoIyEgKaf4ebv3aBkCEuxy2/eX3sgDeMlK8kEE3hu24rSjtG Baw4fAgRbLJncnLxkq7FnvKuYpp9mdSHOI6BcsImLjFbrllEQSXZP/Qf1CcJUDzEnuBUGQ +17sPbd67pi4E64VW9EzkFT48hD54VAimANfqLMOc+LygxPtpZt400jGwXaPAxct9RiBT0 ryJ+pwm36B4Jrbarl1AOlHqZag+ADkvVWvsovlXPXtV0muG72qqRmXQeuogL0gf0ttdnXs qT2ilVmwopaOZheZaAFHNA00vhaE1FknFnsNFB0/jGQ/zkwRhtMyJi1YS+Vj9g== Content-Type: text/plain; charset=utf-8 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Testing out CU198 with OpenVPN-2.7_alpha3 From: Michael Tremer In-Reply-To: Date: Thu, 28 Aug 2025 09:46:32 +0100 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: References: <63886579-ceeb-44a6-b24c-0bb72632a0b5@ipfire.org> <2347C9DE-BFB2-4C0A-8715-4E501FAE70DF@ipfire.org> <7caee11c-7569-4ab4-bef1-4978433ad481@ipfire.org> To: Adolf Belka Hello Adolf, This is great. I would suggest to create a Git branch somewhere and push those changes = right now. That way, we will only have to merge them later and not even = think about what changes we need and why. Best, -Michael > On 27 Aug 2025, at 17:58, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 27/08/2025 15:24, Adolf Belka wrote: >> Hi Michael, >> On 18/08/2025 13:47, Michael Tremer wrote: >>> Hello Adolf, >>>=20 >>> This is really valuable work because we might have to start = transitioning OpenVPN changes a lot sooner than the final release is = coming out because of all this bad, static configuration stuff on both = sides of the connection. >>>=20 >>> But this actually proves the opposite. The =E2=80=94-persist-key = option can be easily dropped then. We use it everywhere and it will then = become the default. Very good. >>>=20 >>> Regarding the status, there have been many changes over the years = and it usually should be easy to fix it. Normally more information is = being added and we just need to account for it. Hopefully that is a 5 = minute job. >> Based on your input I had a look at the differences in the status log = from 2.6 and 2.7 >> With 2.6 the Real Address is IP:PORT >> With 2.7 it is UDP4:IP:PORT >> So that definitely looks like it should be easy to fix. >=20 > I have tested out some changes and have been able to get the OpenVPN = Connection statistics and the Status display for each of the connection = lines to work again. >=20 > So when we come to upgrade to OpenVPN-2.7.x then I know what changes = will be needed. >=20 > Regards, >=20 > Adolf. >=20 >=20 >>>=20 >>> So with this information, I am very relaxed and hopeful that the new = 2.7 release will be an easy update for us and everyone using OpenVPN. >> It does look like it should not be so stressful an update as we have = had from 2.5 to 2.6 >> Regards, >> Adolf. >>>=20 >>> Best, >>> -Michael >>>=20 >>>> On 17 Aug 2025, at 14:43, Adolf Belka = wrote: >>>>=20 >>>> Hi All, >>>>=20 >>>> I have built and done initial testing of CU198 with = OpenVPN-2.7_alpha3. Here is my initial feedback. >>>>=20 >>>> My N2N connection connected and I could ping between both ends. The = status on the OpenVPN WUI page showed as Connected. >>>>=20 >>>> Only item was that when rebooting the following message shows up in = the boot log when the N2N connection is started >>>>=20 >>>> DEPRECATED: --persist-key option ignored. Keys are now always = persisted across restarts. >>>>=20 >>>>=20 >>>> I the tested out the old existing Android and Linux Laptop client = connections. >>>>=20 >>>> In both cases at the client ends they said they were connected. >>>>=20 >>>> On the Linux Laptop I could ping to a PC on the green network. For = both the Linux Laptop and Android phone I could access the WUI page of = the IPFire system. The logs showed that the clients were connected. >>>>=20 >>>> However in both cases the OpenVPN WUI page stayed showing the RW = connections as disconnected. Accessing the OpenVPN Connection Statistics = never showed any connection existing. >>>>=20 >>>> So the status methodology for the RW's does not seem to be working = with OpenVPN-2.7, even though the connections were successfully = connected and the standard openvpn logs show the rw clients as = connected. >>>>=20 >>>> I will have another go with new client connections and see if that = shows anything different with regard to the status. >>>>=20 >>>> Also need to remember this is the alpha3 release so there might be = bugs still and maybe that is what I am experiencing. >>>>=20 >>>> So RW connections get made but stay showing as disconnected when = they are actually connected. >>>> N2N connections show as connected and are connected. >>>>=20 >>>> Regards >>>>=20 >>>> Adolf