On Thu, 2018-02-15 at 07:18 +0100, ummeegge wrote:
Hello,
Am Mittwoch, den 14.02.2018, 20:27 +0000 schrieb Michael Tremer:
Hi,
On Wed, 2018-02-14 at 14:24 +0100, ummeegge wrote:
Hi Michael,
Am Mittwoch, den 14.02.2018, 12:22 +0000 schrieb Michael Tremer:
What other steps are urgently necessary that we can roll out OpenVPN 2.4? Are the CGI changes necessary or new features?
there is the need to make the changes for '--script-security' and to add '--ncp-disable' in ovpnmain.cgi.
Okay. I will wait with merging OpenSSL until we have this sorted.
Have send the forgotten AES-GCM patch --> https://lists.ipfire.org/ pipe rmail/development/2018-February/004063.html would you merge it to openssl-11 if the review is OK, i would pull the chnages then and prepare/send the last ovpnmain.cgi patch ?
You can work on the other patches independently from this one.
If we leave the AES-GCM patch for the first behind there is not much more to do in ovpnmain.cgi . This directives https://lists.ipfire.org/pipermail/development/2018-February/0 04085.html should bring OpenVPN-2.4 to life again.
Also the integration of the directives via update.sh for the core update needs to be made since a server stop|start do not includes the changes into server.conf.
And this, too.
Since there is currently no config/rootfiles/core/config/rootfiles/core directory for openssl-11 should i make one for core 119 (or 120 ?) and add there the commands in update.sh ?
Please provide that in an extra script. I do not know when this will land in a Core Update.
OK, where is a good place for this until then ?
Just by email for now as you did.
This isn't too great for many of these things, but I cannot think of an easier way for this one time.
-Michael
Greetings,
Erik