Dear list,
after having trouble upgrading my IPFire 119 to 120 (all OpenVPN connections didn't work anymore) i downgraded again. Now i just upgraded my local linux os to Ubuntu 18.04 and my OpenVPN client was not able to connect anymore due to TLS/verification failure.
Ok i thought, lets start a fresh install and test if the new core 120 will do it. Now the hassle starts:
Installed core 120, made a new CA and created an OpenVPN roadwarrior connection.
I am NOT able to even import my OpenVPN connection into my OS because the config is not recognised as an OpenVPN connection?!
More investigation showed up that there are MISSING parts in the client-config. The config showed:
#OpenVPN Client conf tls-client client nobind dev tun proto udp tun-mtu pkcs12 marx.p12 cipher verb 3 ns-cert-type server verify-x509-name oabusv.dyndns.org name
Missing parts: 1) comp-lzo was not added 2) tun-mtu has no value (should be 1400 here) 3) "remote <servername>"" was missing completely 4) "cipher" has no value (should be AES-256-CBC here)
After adding these parts i was able to connect.
Can somebody confirm this?
I wonder if people are able to use IPFire with OpenVPN when using Core 120......
Cheers,
Alex
Hi Alex, i can not confirm one of these problems here, have seen also nobody with that kind of problems in the forum after the update to Core 120. Problems which has been occured where - Too old CAs with MD5 in it which the new OpenVPN to not accept anymore. - DH-Parameter with 1024 bit which are also not accepted by OpenVPN anymore. - Missing Valid til Days value which the new OpenSSL do not accept anymore.
I use 2.4.5 (meanwhile also 2.4.6 next update) for N2N and RWs on updated machines but also fresh installed one´s and have no problem at all. There was also positive feedback in the forum and also a longer testing period for this update whereby none of this problems occurs...
So am not sure where this comes from ??
Cheers,
Erik
Am Donnerstag, den 05.07.2018, 05:40 +0200 schrieb Alexander Marx:
Dear list,
after having trouble upgrading my IPFire 119 to 120 (all OpenVPN connections didn't work anymore) i downgraded again. Now i just upgraded my local linux os to Ubuntu 18.04 and my OpenVPN client was not able to connect anymore due to TLS/verification failure.
Ok i thought, lets start a fresh install and test if the new core 120 will do it. Now the hassle starts:
Installed core 120, made a new CA and created an OpenVPN roadwarrior connection.
I am NOT able to even import my OpenVPN connection into my OS because the config is not recognised as an OpenVPN connection?!
More investigation showed up that there are MISSING parts in the client-config. The config showed:
#OpenVPN Client conf tls-client client nobind dev tun proto udp tun-mtu pkcs12 marx.p12 cipher verb 3 ns-cert-type server verify-x509-name oabusv.dyndns.org name
Missing parts:
- comp-lzo was not added
- tun-mtu has no value (should be 1400 here)
- "remote <servername>"" was missing completely
- "cipher" has no value (should be AES-256-CBC here)
After adding these parts i was able to connect.
Can somebody confirm this?
I wonder if people are able to use IPFire with OpenVPN when using Core 120......
Cheers,
Alex
Alex,
Did your problems appear after a pakfire upgrade to 120, or did you install 120 and apply a backup from 119?
Tom
On Jul 5, 2018, at 7:52 AM, ummeegge ummeegge@ipfire.org wrote:
Hi Alex, i can not confirm one of these problems here, have seen also nobody with that kind of problems in the forum after the update to Core 120. Problems which has been occured where
- Too old CAs with MD5 in it which the new OpenVPN to not accept
anymore.
- DH-Parameter with 1024 bit which are also not accepted by OpenVPN
anymore.
- Missing Valid til Days value which the new OpenSSL do not accept
anymore.
I use 2.4.5 (meanwhile also 2.4.6 next update) for N2N and RWs on updated machines but also fresh installed one´s and have no problem at all. There was also positive feedback in the forum and also a longer testing period for this update whereby none of this problems occurs...
So am not sure where this comes from ??
Cheers,
Erik
Am Donnerstag, den 05.07.2018, 05:40 +0200 schrieb Alexander Marx:
Dear list,
after having trouble upgrading my IPFire 119 to 120 (all OpenVPN connections didn't work anymore) i downgraded again. Now i just upgraded my local linux os to Ubuntu 18.04 and my OpenVPN client was not able to connect anymore due to TLS/verification failure.
Ok i thought, lets start a fresh install and test if the new core 120 will do it. Now the hassle starts:
Installed core 120, made a new CA and created an OpenVPN roadwarrior connection.
I am NOT able to even import my OpenVPN connection into my OS because the config is not recognised as an OpenVPN connection?!
More investigation showed up that there are MISSING parts in the client-config. The config showed:
#OpenVPN Client conf tls-client client nobind dev tun proto udp tun-mtu pkcs12 marx.p12 cipher verb 3 ns-cert-type server verify-x509-name oabusv.dyndns.org name
Missing parts:
- comp-lzo was not added
- tun-mtu has no value (should be 1400 here)
- "remote <servername>"" was missing completely
- "cipher" has no value (should be AES-256-CBC here)
After adding these parts i was able to connect.
Can somebody confirm this?
I wonder if people are able to use IPFire with OpenVPN when using Core 120......
Cheers,
Alex
-
Alexander Marx -
Tom Rymes -
ummeegge