From: "Kienker, Fred" <fkienker@at4b.com>
To: development@lists.ipfire.org
Subject: RE: OpenVPN-2.5.0 update procedure and idea collector
Date: Mon, 23 Nov 2020 09:28:26 -0500 [thread overview]
Message-ID: <H000007e004d72fc.1606141706.mail.at4b.com@MHS> (raw)
In-Reply-To: <33ec9b952816a6fcb11111f289e95731f84600b7.camel@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 2092 bytes --]
Eric:
The idea of putting all of the encryption settings on one page is a good
one. There are now so many encryption settings and choices that they
really need their own page.
The settings changes, at first look, should work but sometimes these
backwards compatibility settings don't always work as advertised..
Testing with a variety of clients and both the current and reasonable
legacy versions would be recommended, even if it is hard to get people
to assist. With OpenVPN people have a tendency to set it up, get it
working and leave it alone until it stops working so there are always a
lot of old clients out there.
Best regards,
Fred
Please note: Although we may sometimes respond to email, text and phone
calls instantly at all hours of the day, our regular business hours are
9:00 AM - 6:00 PM ET, Monday thru Friday.
-----Original Message-----
From: ummeegge <ummeegge(a)ipfire.org>
Sent: Monday, November 23, 2020 4:15 AM
To: development(a)lists.ipfire.org
Subject: Re: OpenVPN-2.5.0 update procedure and idea collector
Some additions and WUI restructure ideas after some more testings.
'--cipher' is no longer needed if '--data-cipher-fallback' is in usage,
there is also no need for '--data-ciphers' for the first if '--data-
cipher-fallback' is active. The client can still uses the '--cipher alg'
directive and the 2.5.0 server responds with '--data-ciphers- fallback
alg' .
The idea: Remove the cipher section from the global area from the WUI,
rename simply '--cipher' to '--data-ciphers-fallback' in server.conf and
keep the index, include the 'DCIPHER' (also 'DAUTH' and 'TLSAUTH')
variable(s) to the advanced encryption section with the related indexes
to keep the old configuration but set also new defaults for new
configurations.
If '--data-ciphers' is active, all old clients have the chance with e.g.
an old CBC cipher to migrate also to newer clients step-by-step so we
can get rid of the old broken algorithms like CAST, DES and BF since
they won´t appear in the new advanced encryption section...
As an idea !?
Best,
Erik
next prev parent reply other threads:[~2020-11-23 14:28 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-22 16:30 ummeegge
2020-11-23 9:14 ` ummeegge
2020-11-23 14:28 ` Kienker, Fred [this message]
2020-11-23 14:52 ` ummeegge
2020-11-23 18:06 ` Michael Tremer
2020-11-26 18:47 ` ummeegge
2020-11-26 22:33 ` Adolf Belka
2020-11-27 7:20 ` ummeegge
2020-11-27 12:19 ` Adolf Belka
2020-11-27 13:23 ` ummeegge
2020-11-27 16:43 ` ummeegge
2020-11-27 12:40 ` Adolf Belka
2020-11-27 13:24 ` ummeegge
2020-11-28 5:52 ` ummeegge
2020-11-28 14:12 ` Adolf Belka
2020-11-28 16:00 ` Adolf Belka
2020-11-29 11:15 ` ummeegge
2020-11-29 13:12 ` Adolf Belka
2020-11-29 18:36 ` ummeegge
2020-11-23 11:41 ` Adolf Belka
2020-11-23 14:44 ` ummeegge
2020-11-23 18:00 ` Michael Tremer
2020-11-23 22:29 ` Adolf Belka
2020-11-24 15:27 ` ummeegge
2020-12-14 14:13 ` Michael Tremer
2020-12-14 14:09 ` Michael Tremer
2020-11-23 17:58 ` Michael Tremer
2020-11-23 19:49 ` ummeegge
2020-11-23 22:38 ` Adolf Belka
2020-11-25 17:10 ` ummeegge
2020-12-14 14:05 ` Michael Tremer
[not found] <92ba003d-a1a9-4f7e-0608-35ff42f64bf8@gmail.com>
2020-12-01 4:26 ` ummeegge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=H000007e004d72fc.1606141706.mail.at4b.com@MHS \
--to=fkienker@at4b.com \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox