Hi Erik,
As my OpenVPN setup uses the strongest encryption I am able to use (currently AES-GCM (256 bit)), I thought I should also test the IPFire OpenVPN-2.5.0 binary with weaker encryption clients and see how that worked with my setup.
I did this for both my laptop (using Network Manager with OpenVPN plugin) and my Android phone using the OpenVPN for Android App. Both the laptop and Android phone are using OpenVPN-2.5.0
I evaluated AES-CBC (128 bit), DES-EDE3-CBC (192 bit) and BF-CBC (128 bit).
The clients were created in IPFire with OpenVPN-2.4.9 binary. They were then imported into the laptop and phone with no modification.
In all three cases on both the laptop and mobile phone the OpenVPN connection was successfully made with the OpenVPN server running with 2.4.9 and 2.5.0.
With the weaker encryption options there was a lot of input in the client logs about using weak ciphers. This occurred whether the IPFire server was running with 2.4.9 or 2.5.0.
So at least with my clients there was no problem with even the very weak ciphers with running clients after changing IPFire to 2.5.0 binary.
Regards,
Adolf.
On 29/11/2020 13:42, Adolf Belka wrote:
Hi Erik and *,
I have installed the OpenVPN 2.5.0 binary on my system and can confirm that all my clients, mobile and laptop, were able to successfully connect.
Regards,
Adolf.
On 26/11/2020 20:19, ummeegge wrote:
Hi Michael,
Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
Hello,
I will leave this one then for the next core update where we hopefully have moved forward with some of the changes to the UI and more people have verified that this won’t break anything :)
OK. According to the work on the WUI, i have pushed all i currently have which can be found in here --> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d71...
Best,
Erik
Best, -Michael
On 25 Nov 2020, at 23:20, ummeegge ummeegge@ipfire.org wrote:
Hi Michael,
Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
Hello Erik,
Am I right to assume that this cannot be merged without breaking anything?
I think it can be merged without breaking something, two more already known warnings are presant with this update here but it broke nothing. Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x clients should be OK with this too. Testings might be important.
Best, -Michael
Best,
Erik
On 25 Nov 2020, at 22:26, ummeegge erik.kapfer@ipfire.org wrote:
Signed-off-by: ummeegge erik.kapfer@ipfire.org
config/rootfiles/common/openvpn | 1 - lfs/openvpn | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index 547842db3..41ccc885e 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -19,7 +19,6 @@ usr/sbin/openvpn #usr/share/doc/openvpn/README.down-root #usr/share/doc/openvpn/README.mbedtls #usr/share/doc/openvpn/management-notes.txt -#usr/share/man/man8/openvpn.8 var/ipfire/ovpn/ca var/ipfire/ovpn/caconfig var/ipfire/ovpn/ccd diff --git a/lfs/openvpn b/lfs/openvpn index 779bf5520..b026d515b 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -24,7 +24,7 @@
include Config
-VER = 2.4.9 +VER = 2.5.0
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8 +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
install : $(TARGET)
-- 2.20.1