diff mbox series

OpenVPN: Update to version 2.5.0

Message ID 20201125222603.23695-1-erik.kapfer@ipfire.org
State Accepted
Commit 820edb2374ef3af02e8fa37a4b1acebefcc6317c
Headers
Series OpenVPN: Update to version 2.5.0 |

Commit Message

Erik Kapfer Nov. 25, 2020, 10:26 p.m. UTC 
  Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
---
 config/rootfiles/common/openvpn | 1 -
 lfs/openvpn                     | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

Comments

Michael Tremer Nov. 25, 2020, 10:43 p.m. UTC | #1 
Hello Erik,

Am I right to assume that this cannot be merged without breaking anything?

Best,
-Michael

> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org> wrote:
> 
> Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
> ---
> config/rootfiles/common/openvpn | 1 -
> lfs/openvpn                     | 4 ++--
> 2 files changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
> index 547842db3..41ccc885e 100644
> --- a/config/rootfiles/common/openvpn
> +++ b/config/rootfiles/common/openvpn
> @@ -19,7 +19,6 @@ usr/sbin/openvpn
> #usr/share/doc/openvpn/README.down-root
> #usr/share/doc/openvpn/README.mbedtls
> #usr/share/doc/openvpn/management-notes.txt
> -#usr/share/man/man8/openvpn.8
> var/ipfire/ovpn/ca
> var/ipfire/ovpn/caconfig
> var/ipfire/ovpn/ccd
> diff --git a/lfs/openvpn b/lfs/openvpn
> index 779bf5520..b026d515b 100644
> --- a/lfs/openvpn
> +++ b/lfs/openvpn
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 2.4.9
> +VER        = 2.5.0
> 
> THISAPP    = openvpn-$(VER)
> DL_FILE    = $(THISAPP).tar.xz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
> +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
> 
> install : $(TARGET)
> 
> -- 
> 2.20.1
>
ummeegge Nov. 25, 2020, 11:20 p.m. UTC | #2 
Hi Michael,

Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
> Hello Erik,
> 
> Am I right to assume that this cannot be merged without breaking
> anything?
I think it can be merged without breaking something, two more already
known warnings are presant with this update here but it broke nothing.
Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
clients should be OK with this too. Testings might be important.

> 
> Best,
> -Michael

Best,

Erik

> 
> > On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org> wrote:
> > 
> > Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
> > ---
> > config/rootfiles/common/openvpn | 1 -
> > lfs/openvpn                     | 4 ++--
> > 2 files changed, 2 insertions(+), 3 deletions(-)
> > 
> > diff --git a/config/rootfiles/common/openvpn
> > b/config/rootfiles/common/openvpn
> > index 547842db3..41ccc885e 100644
> > --- a/config/rootfiles/common/openvpn
> > +++ b/config/rootfiles/common/openvpn
> > @@ -19,7 +19,6 @@ usr/sbin/openvpn
> > #usr/share/doc/openvpn/README.down-root
> > #usr/share/doc/openvpn/README.mbedtls
> > #usr/share/doc/openvpn/management-notes.txt
> > -#usr/share/man/man8/openvpn.8
> > var/ipfire/ovpn/ca
> > var/ipfire/ovpn/caconfig
> > var/ipfire/ovpn/ccd
> > diff --git a/lfs/openvpn b/lfs/openvpn
> > index 779bf5520..b026d515b 100644
> > --- a/lfs/openvpn
> > +++ b/lfs/openvpn
> > @@ -24,7 +24,7 @@
> > 
> > include Config
> > 
> > -VER        = 2.4.9
> > +VER        = 2.5.0
> > 
> > THISAPP    = openvpn-$(VER)
> > DL_FILE    = $(THISAPP).tar.xz
> > @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> > 
> > $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> > 
> > -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
> > +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
> > 
> > install : $(TARGET)
> > 
> > -- 
> > 2.20.1
> > 
>
Michael Tremer Nov. 26, 2020, 12:05 p.m. UTC | #3 
Hello,

I will leave this one then for the next core update where we hopefully have moved forward with some of the changes to the UI and more people have verified that this won’t break anything :)

Best,
-Michael

> On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
> 
> Hi Michael,
> 
> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
>> Hello Erik,
>> 
>> Am I right to assume that this cannot be merged without breaking
>> anything?
> I think it can be merged without breaking something, two more already
> known warnings are presant with this update here but it broke nothing.
> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
> clients should be OK with this too. Testings might be important.
> 
>> 
>> Best,
>> -Michael
> 
> Best,
> 
> Erik
> 
>> 
>>> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org> wrote:
>>> 
>>> Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
>>> ---
>>> config/rootfiles/common/openvpn | 1 -
>>> lfs/openvpn                     | 4 ++--
>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>> 
>>> diff --git a/config/rootfiles/common/openvpn
>>> b/config/rootfiles/common/openvpn
>>> index 547842db3..41ccc885e 100644
>>> --- a/config/rootfiles/common/openvpn
>>> +++ b/config/rootfiles/common/openvpn
>>> @@ -19,7 +19,6 @@ usr/sbin/openvpn
>>> #usr/share/doc/openvpn/README.down-root
>>> #usr/share/doc/openvpn/README.mbedtls
>>> #usr/share/doc/openvpn/management-notes.txt
>>> -#usr/share/man/man8/openvpn.8
>>> var/ipfire/ovpn/ca
>>> var/ipfire/ovpn/caconfig
>>> var/ipfire/ovpn/ccd
>>> diff --git a/lfs/openvpn b/lfs/openvpn
>>> index 779bf5520..b026d515b 100644
>>> --- a/lfs/openvpn
>>> +++ b/lfs/openvpn
>>> @@ -24,7 +24,7 @@
>>> 
>>> include Config
>>> 
>>> -VER        = 2.4.9
>>> +VER        = 2.5.0
>>> 
>>> THISAPP    = openvpn-$(VER)
>>> DL_FILE    = $(THISAPP).tar.xz
>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>> 
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>> 
>>> -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>>> +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
>>> 
>>> install : $(TARGET)
>>> 
>>> -- 
>>> 2.20.1
>>> 
>> 
> 
>
ummeegge Nov. 26, 2020, 7:19 p.m. UTC | #4 
Hi Michael,

Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
> Hello,
> 
> I will leave this one then for the next core update where we
> hopefully have moved forward with some of the changes to the UI and
> more people have verified that this won’t break anything :)
OK. According to the work on the WUI, i have pushed all i currently
have which can be found in here -->
https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116

Best,

Erik


Best,
-Michael

> On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
> 
> Hi Michael,
> 
> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
> > Hello Erik,
> > 
> > Am I right to assume that this cannot be merged without breaking
> > anything?
> I think it can be merged without breaking something, two more already
> known warnings are presant with this update here but it broke
> nothing.
> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
> clients should be OK with this too. Testings might be important.
> 
> > 
> > Best,
> > -Michael
> 
> Best,
> 
> Erik
> 
> > 
> > > On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org>
> > > wrote:
> > > 
> > > Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
> > > ---
> > > config/rootfiles/common/openvpn | 1 -
> > > lfs/openvpn                     | 4 ++--
> > > 2 files changed, 2 insertions(+), 3 deletions(-)
> > > 
> > > diff --git a/config/rootfiles/common/openvpn
> > > b/config/rootfiles/common/openvpn
> > > index 547842db3..41ccc885e 100644
> > > --- a/config/rootfiles/common/openvpn
> > > +++ b/config/rootfiles/common/openvpn
> > > @@ -19,7 +19,6 @@ usr/sbin/openvpn
> > > #usr/share/doc/openvpn/README.down-root
> > > #usr/share/doc/openvpn/README.mbedtls
> > > #usr/share/doc/openvpn/management-notes.txt
> > > -#usr/share/man/man8/openvpn.8
> > > var/ipfire/ovpn/ca
> > > var/ipfire/ovpn/caconfig
> > > var/ipfire/ovpn/ccd
> > > diff --git a/lfs/openvpn b/lfs/openvpn
> > > index 779bf5520..b026d515b 100644
> > > --- a/lfs/openvpn
> > > +++ b/lfs/openvpn
> > > @@ -24,7 +24,7 @@
> > > 
> > > include Config
> > > 
> > > -VER        = 2.4.9
> > > +VER        = 2.5.0
> > > 
> > > THISAPP    = openvpn-$(VER)
> > > DL_FILE    = $(THISAPP).tar.xz
> > > @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> > > 
> > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> > > 
> > > -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
> > > +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
> > > 
> > > install : $(TARGET)
> > > 
> > > -- 
> > > 2.20.1
> > > 
> > 
> 
>
Adolf Belka Nov. 29, 2020, 12:42 p.m. UTC | #5 
Hi Erik and *,

I have installed the OpenVPN 2.5.0 binary on my system and can confirm that all my clients, mobile and laptop, were able to successfully connect.

Regards,

Adolf.


On 26/11/2020 20:19, ummeegge wrote:
> Hi Michael,
> 
> Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
>> Hello,
>>
>> I will leave this one then for the next core update where we
>> hopefully have moved forward with some of the changes to the UI and
>> more people have verified that this won’t break anything :)
> OK. According to the work on the WUI, i have pushed all i currently
> have which can be found in here -->
> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116
> 
> Best,
> 
> Erik
> 
> 
> Best,
> -Michael
> 
>> On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
>>
>> Hi Michael,
>>
>> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
>>> Hello Erik,
>>>
>>> Am I right to assume that this cannot be merged without breaking
>>> anything?
>> I think it can be merged without breaking something, two more already
>> known warnings are presant with this update here but it broke
>> nothing.
>> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
>> clients should be OK with this too. Testings might be important.
>>
>>>
>>> Best,
>>> -Michael
>>
>> Best,
>>
>> Erik
>>
>>>
>>>> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org>
>>>> wrote:
>>>>
>>>> Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
>>>> ---
>>>> config/rootfiles/common/openvpn | 1 -
>>>> lfs/openvpn                     | 4 ++--
>>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>>>
>>>> diff --git a/config/rootfiles/common/openvpn
>>>> b/config/rootfiles/common/openvpn
>>>> index 547842db3..41ccc885e 100644
>>>> --- a/config/rootfiles/common/openvpn
>>>> +++ b/config/rootfiles/common/openvpn
>>>> @@ -19,7 +19,6 @@ usr/sbin/openvpn
>>>> #usr/share/doc/openvpn/README.down-root
>>>> #usr/share/doc/openvpn/README.mbedtls
>>>> #usr/share/doc/openvpn/management-notes.txt
>>>> -#usr/share/man/man8/openvpn.8
>>>> var/ipfire/ovpn/ca
>>>> var/ipfire/ovpn/caconfig
>>>> var/ipfire/ovpn/ccd
>>>> diff --git a/lfs/openvpn b/lfs/openvpn
>>>> index 779bf5520..b026d515b 100644
>>>> --- a/lfs/openvpn
>>>> +++ b/lfs/openvpn
>>>> @@ -24,7 +24,7 @@
>>>>
>>>> include Config
>>>>
>>>> -VER        = 2.4.9
>>>> +VER        = 2.5.0
>>>>
>>>> THISAPP    = openvpn-$(VER)
>>>> DL_FILE    = $(THISAPP).tar.xz
>>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>>>
>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>>
>>>> -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>>>> +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
>>>>
>>>> install : $(TARGET)
>>>>
>>>> -- 
>>>> 2.20.1
>>>>
>>>
>>
>>
> 
> 
>
Michael Tremer Dec. 1, 2020, 4:13 p.m. UTC | #6 
Hello,

Well in that case I will change my mind and merge this patch.

This is enough of a second opinion to move things forward a step.

Best,
-Michael

> On 29 Nov 2020, at 12:42, Adolf Belka <ahb.ipfire@gmail.com> wrote:
> 
> Hi Erik and *,
> 
> I have installed the OpenVPN 2.5.0 binary on my system and can confirm that all my clients, mobile and laptop, were able to successfully connect.
> 
> Regards,
> 
> Adolf.
> 
> 
> On 26/11/2020 20:19, ummeegge wrote:
>> Hi Michael,
>> Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
>>> Hello,
>>> 
>>> I will leave this one then for the next core update where we
>>> hopefully have moved forward with some of the changes to the UI and
>>> more people have verified that this won’t break anything :)
>> OK. According to the work on the WUI, i have pushed all i currently
>> have which can be found in here -->
>> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116
>> Best,
>> Erik
>> Best,
>> -Michael
>>> On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
>>> 
>>> Hi Michael,
>>> 
>>> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
>>>> Hello Erik,
>>>> 
>>>> Am I right to assume that this cannot be merged without breaking
>>>> anything?
>>> I think it can be merged without breaking something, two more already
>>> known warnings are presant with this update here but it broke
>>> nothing.
>>> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
>>> clients should be OK with this too. Testings might be important.
>>> 
>>>> 
>>>> Best,
>>>> -Michael
>>> 
>>> Best,
>>> 
>>> Erik
>>> 
>>>> 
>>>>> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org>
>>>>> wrote:
>>>>> 
>>>>> Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
>>>>> ---
>>>>> config/rootfiles/common/openvpn | 1 -
>>>>> lfs/openvpn                     | 4 ++--
>>>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>>>> 
>>>>> diff --git a/config/rootfiles/common/openvpn
>>>>> b/config/rootfiles/common/openvpn
>>>>> index 547842db3..41ccc885e 100644
>>>>> --- a/config/rootfiles/common/openvpn
>>>>> +++ b/config/rootfiles/common/openvpn
>>>>> @@ -19,7 +19,6 @@ usr/sbin/openvpn
>>>>> #usr/share/doc/openvpn/README.down-root
>>>>> #usr/share/doc/openvpn/README.mbedtls
>>>>> #usr/share/doc/openvpn/management-notes.txt
>>>>> -#usr/share/man/man8/openvpn.8
>>>>> var/ipfire/ovpn/ca
>>>>> var/ipfire/ovpn/caconfig
>>>>> var/ipfire/ovpn/ccd
>>>>> diff --git a/lfs/openvpn b/lfs/openvpn
>>>>> index 779bf5520..b026d515b 100644
>>>>> --- a/lfs/openvpn
>>>>> +++ b/lfs/openvpn
>>>>> @@ -24,7 +24,7 @@
>>>>> 
>>>>> include Config
>>>>> 
>>>>> -VER        = 2.4.9
>>>>> +VER        = 2.5.0
>>>>> 
>>>>> THISAPP    = openvpn-$(VER)
>>>>> DL_FILE    = $(THISAPP).tar.xz
>>>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>>>> 
>>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>>> 
>>>>> -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>>>>> +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
>>>>> 
>>>>> install : $(TARGET)
>>>>> 
>>>>> -- 
>>>>> 2.20.1
>>>>> 
>>>> 
>>> 
>>>
Michael Tremer Dec. 1, 2020, 4:14 p.m. UTC | #7 
Hello Erik,

This is a massive commit again.

Do you have them broken down somewhere?

Best,
-Michael

> On 26 Nov 2020, at 19:19, ummeegge <ummeegge@ipfire.org> wrote:
> 
> Hi Michael,
> 
> Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
>> Hello,
>> 
>> I will leave this one then for the next core update where we
>> hopefully have moved forward with some of the changes to the UI and
>> more people have verified that this won’t break anything :)
> OK. According to the work on the WUI, i have pushed all i currently
> have which can be found in here -->
> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116
> 
> Best,
> 
> Erik
> 
> 
> Best,
> -Michael
> 
>> On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
>> 
>> Hi Michael,
>> 
>> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
>>> Hello Erik,
>>> 
>>> Am I right to assume that this cannot be merged without breaking
>>> anything?
>> I think it can be merged without breaking something, two more already
>> known warnings are presant with this update here but it broke
>> nothing.
>> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
>> clients should be OK with this too. Testings might be important.
>> 
>>> 
>>> Best,
>>> -Michael
>> 
>> Best,
>> 
>> Erik
>> 
>>> 
>>>> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org>
>>>> wrote:
>>>> 
>>>> Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
>>>> ---
>>>> config/rootfiles/common/openvpn | 1 -
>>>> lfs/openvpn                     | 4 ++--
>>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>>> 
>>>> diff --git a/config/rootfiles/common/openvpn
>>>> b/config/rootfiles/common/openvpn
>>>> index 547842db3..41ccc885e 100644
>>>> --- a/config/rootfiles/common/openvpn
>>>> +++ b/config/rootfiles/common/openvpn
>>>> @@ -19,7 +19,6 @@ usr/sbin/openvpn
>>>> #usr/share/doc/openvpn/README.down-root
>>>> #usr/share/doc/openvpn/README.mbedtls
>>>> #usr/share/doc/openvpn/management-notes.txt
>>>> -#usr/share/man/man8/openvpn.8
>>>> var/ipfire/ovpn/ca
>>>> var/ipfire/ovpn/caconfig
>>>> var/ipfire/ovpn/ccd
>>>> diff --git a/lfs/openvpn b/lfs/openvpn
>>>> index 779bf5520..b026d515b 100644
>>>> --- a/lfs/openvpn
>>>> +++ b/lfs/openvpn
>>>> @@ -24,7 +24,7 @@
>>>> 
>>>> include Config
>>>> 
>>>> -VER        = 2.4.9
>>>> +VER        = 2.5.0
>>>> 
>>>> THISAPP    = openvpn-$(VER)
>>>> DL_FILE    = $(THISAPP).tar.xz
>>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>>> 
>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>> 
>>>> -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>>>> +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
>>>> 
>>>> install : $(TARGET)
>>>> 
>>>> -- 
>>>> 2.20.1
>>>> 
>>> 
>> 
>> 
> 
> 
>
ummeegge Dec. 2, 2020, 9:18 a.m. UTC | #8 
Hi Michael,

Am Dienstag, den 01.12.2020, 16:14 +0000 schrieb Michael Tremer:
> Hello Erik,
> 
> This is a massive commit again.
Yes indeed.

> 
> Do you have them broken down somewhere?
Yes shure, i can send them e.g. like sorted in the CGI, e.g. first the
data-cipher{-fallback} selection, second tls-cipher selection and the
last one the authentication ? As an idea.

Have made also a little more progress in here, it is now also possible
to reconfigure the clients which are may updated via a checkbox on =
clients >=2.5.0 and off clients <2.5.0 . So from my side, i think this
very development should be ready.

What currently is missing is a check if 64bit block ciphers are in
usage to print a warning in the WUI that they will be deleted in a near
future but am on it too and this might also be an extra commit...


Best,

Erik

> 
> Best,
> -Michael
> 
> > On 26 Nov 2020, at 19:19, ummeegge <ummeegge@ipfire.org> wrote:
> > 
> > Hi Michael,
> > 
> > Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
> > > Hello,
> > > 
> > > I will leave this one then for the next core update where we
> > > hopefully have moved forward with some of the changes to the UI
> > > and
> > > more people have verified that this won’t break anything :)
> > OK. According to the work on the WUI, i have pushed all i currently
> > have which can be found in here -->
> >  
> > https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116
> > 
> > Best,
> > 
> > Erik
> > 
> > 
> > Best,
> > -Michael
> > 
> > > On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
> > > 
> > > Hi Michael,
> > > 
> > > Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
> > > > Hello Erik,
> > > > 
> > > > Am I right to assume that this cannot be merged without
> > > > breaking
> > > > anything?
> > > I think it can be merged without breaking something, two more
> > > already
> > > known warnings are presant with this update here but it broke
> > > nothing.
> > > Tests has been made with 2.4.x clients with a 2.5.0 server but
> > > 2.3.x
> > > clients should be OK with this too. Testings might be important.
> > > 
> > > > 
> > > > Best,
> > > > -Michael
> > > 
> > > Best,
> > > 
> > > Erik
> > > 
> > > > 
> > > > > On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org>
> > > > > wrote:
> > > > > 
> > > > > Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
> > > > > ---
> > > > > config/rootfiles/common/openvpn | 1 -
> > > > > lfs/openvpn                     | 4 ++--
> > > > > 2 files changed, 2 insertions(+), 3 deletions(-)
> > > > > 
> > > > > diff --git a/config/rootfiles/common/openvpn
> > > > > b/config/rootfiles/common/openvpn
> > > > > index 547842db3..41ccc885e 100644
> > > > > --- a/config/rootfiles/common/openvpn
> > > > > +++ b/config/rootfiles/common/openvpn
> > > > > @@ -19,7 +19,6 @@ usr/sbin/openvpn
> > > > > #usr/share/doc/openvpn/README.down-root
> > > > > #usr/share/doc/openvpn/README.mbedtls
> > > > > #usr/share/doc/openvpn/management-notes.txt
> > > > > -#usr/share/man/man8/openvpn.8
> > > > > var/ipfire/ovpn/ca
> > > > > var/ipfire/ovpn/caconfig
> > > > > var/ipfire/ovpn/ccd
> > > > > diff --git a/lfs/openvpn b/lfs/openvpn
> > > > > index 779bf5520..b026d515b 100644
> > > > > --- a/lfs/openvpn
> > > > > +++ b/lfs/openvpn
> > > > > @@ -24,7 +24,7 @@
> > > > > 
> > > > > include Config
> > > > > 
> > > > > -VER        = 2.4.9
> > > > > +VER        = 2.5.0
> > > > > 
> > > > > THISAPP    = openvpn-$(VER)
> > > > > DL_FILE    = $(THISAPP).tar.xz
> > > > > @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> > > > > 
> > > > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> > > > > 
> > > > > -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
> > > > > +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
> > > > > 
> > > > > install : $(TARGET)
> > > > > 
> > > > > -- 
> > > > > 2.20.1
> > > > > 
> > > > 
> > > 
> > > 
> > 
> > 
> > 
>
Adolf Belka Dec. 2, 2020, 9:31 p.m. UTC | #9 
Hi Erik,

As my OpenVPN setup uses the strongest encryption I am able to use (currently AES-GCM (256 bit)), I thought I should also test the IPFire OpenVPN-2.5.0 binary with weaker encryption clients and see how that worked with my setup.

I did this for both my laptop (using Network Manager with OpenVPN plugin) and my Android phone using the OpenVPN for Android App. Both the laptop and Android phone are using OpenVPN-2.5.0

I evaluated AES-CBC (128 bit), DES-EDE3-CBC (192 bit) and BF-CBC (128 bit).

The clients were created in IPFire with OpenVPN-2.4.9 binary. They were then imported into the laptop and phone with no modification.

In all three cases on both the laptop and mobile phone the OpenVPN connection was successfully made with the OpenVPN server running with 2.4.9 and 2.5.0.

With the weaker encryption options there was a lot of input in the client logs about using weak ciphers. This occurred whether the IPFire server was running with 2.4.9 or 2.5.0.


So at least with my clients there was no problem with even the very weak ciphers with running clients after changing IPFire to 2.5.0 binary.


Regards,


Adolf.


On 29/11/2020 13:42, Adolf Belka wrote:
> Hi Erik and *,
>
> I have installed the OpenVPN 2.5.0 binary on my system and can confirm that all my clients, mobile and laptop, were able to successfully connect.
>
> Regards,
>
> Adolf.
>
>
> On 26/11/2020 20:19, ummeegge wrote:
>> Hi Michael,
>>
>> Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael Tremer:
>>> Hello,
>>>
>>> I will leave this one then for the next core update where we
>>> hopefully have moved forward with some of the changes to the UI and
>>> more people have verified that this won’t break anything :)
>> OK. According to the work on the WUI, i have pushed all i currently
>> have which can be found in here -->
>> https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116
>>
>> Best,
>>
>> Erik
>>
>>
>> Best,
>> -Michael
>>
>>> On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
>>>
>>> Hi Michael,
>>>
>>> Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael Tremer:
>>>> Hello Erik,
>>>>
>>>> Am I right to assume that this cannot be merged without breaking
>>>> anything?
>>> I think it can be merged without breaking something, two more already
>>> known warnings are presant with this update here but it broke
>>> nothing.
>>> Tests has been made with 2.4.x clients with a 2.5.0 server but 2.3.x
>>> clients should be OK with this too. Testings might be important.
>>>
>>>>
>>>> Best,
>>>> -Michael
>>>
>>> Best,
>>>
>>> Erik
>>>
>>>>
>>>>> On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org>
>>>>> wrote:
>>>>>
>>>>> Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
>>>>> ---
>>>>> config/rootfiles/common/openvpn | 1 -
>>>>> lfs/openvpn                     | 4 ++--
>>>>> 2 files changed, 2 insertions(+), 3 deletions(-)
>>>>>
>>>>> diff --git a/config/rootfiles/common/openvpn
>>>>> b/config/rootfiles/common/openvpn
>>>>> index 547842db3..41ccc885e 100644
>>>>> --- a/config/rootfiles/common/openvpn
>>>>> +++ b/config/rootfiles/common/openvpn
>>>>> @@ -19,7 +19,6 @@ usr/sbin/openvpn
>>>>> #usr/share/doc/openvpn/README.down-root
>>>>> #usr/share/doc/openvpn/README.mbedtls
>>>>> #usr/share/doc/openvpn/management-notes.txt
>>>>> -#usr/share/man/man8/openvpn.8
>>>>> var/ipfire/ovpn/ca
>>>>> var/ipfire/ovpn/caconfig
>>>>> var/ipfire/ovpn/ccd
>>>>> diff --git a/lfs/openvpn b/lfs/openvpn
>>>>> index 779bf5520..b026d515b 100644
>>>>> --- a/lfs/openvpn
>>>>> +++ b/lfs/openvpn
>>>>> @@ -24,7 +24,7 @@
>>>>>
>>>>> include Config
>>>>>
>>>>> -VER        = 2.4.9
>>>>> +VER        = 2.5.0
>>>>>
>>>>> THISAPP    = openvpn-$(VER)
>>>>> DL_FILE    = $(THISAPP).tar.xz
>>>>> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>>>>>
>>>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>>>
>>>>> -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
>>>>> +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
>>>>>
>>>>> install : $(TARGET)
>>>>>
>>>>> -- 
>>>>> 2.20.1
>>>>>
>>>>
>>>
>>>
>>
>>
>>
ummeegge Dec. 3, 2020, 11:27 a.m. UTC | #10 
Hi Adolf,

Am Mittwoch, den 02.12.2020, 22:31 +0100 schrieb Adolf Belka:
> Hi Erik,
> 
> As my OpenVPN setup uses the strongest encryption I am able to use
> (currently AES-GCM (256 bit)), I thought I should also test the
> IPFire OpenVPN-2.5.0 binary with weaker encryption clients and see
> how that worked with my setup.
> 
> I did this for both my laptop (using Network Manager with OpenVPN
> plugin) and my Android phone using the OpenVPN for Android App. Both
> the laptop and Android phone are using OpenVPN-2.5.0
> 
> I evaluated AES-CBC (128 bit), DES-EDE3-CBC (192 bit) and BF-CBC (128
> bit).
Thats great that you go also into this. The backward compatibility is
very important but also the testing in the smart?phone segment is great
since i do not use one.

> 
> The clients were created in IPFire with OpenVPN-2.4.9 binary. They
> were then imported into the laptop and phone with no modification.
> 
> In all three cases on both the laptop and mobile phone the OpenVPN
> connection was successfully made with the OpenVPN server running with
> 2.4.9 and 2.5.0.
> 
> With the weaker encryption options there was a lot of input in the
> client logs about using weak ciphers. This occurred whether the
> IPFire server was running with 2.4.9 or 2.5.0.
Yes, also the session key should be renewed after 64MB data transfer
for BF and DES (CAST too) since those are 64bit block cipher and are
vunerable via Sweet32.
Am thinking about to integrate also reneg-sec, reneg-bytes and reneg-
pkts later on... but am not sure about this.

> 
> 
> So at least with my clients there was no problem with even the very
> weak ciphers with running clients after changing IPFire to 2.5.0
> binary.
Great testing thanks for that. Am also ready now to send the patchset,
have found some other things which needed to be fixed/enhanced but also
a new possibility while client creation or client editing to integrate
the new directive --data-ciphers which can now be done via a checkbox
so older clients can also be renewed by editing. --tls-cipher and tls-
ciphersuites are now also integrated in client.ovpn but in general no
default settings for those which might be better for the first, --tls-
ciphersuites will not be written if the client is <=2.5.0 and some
other smaller things has been done.

Best,

Erik


> 
> 
> Regards,
> 
> 
> Adolf.
> 
> 
> On 29/11/2020 13:42, Adolf Belka wrote:
> > Hi Erik and *,
> > 
> > I have installed the OpenVPN 2.5.0 binary on my system and can
> > confirm that all my clients, mobile and laptop, were able to
> > successfully connect.
> > 
> > Regards,
> > 
> > Adolf.
> > 
> > 
> > On 26/11/2020 20:19, ummeegge wrote:
> > > Hi Michael,
> > > 
> > > Am Donnerstag, den 26.11.2020, 12:05 +0000 schrieb Michael
> > > Tremer:
> > > > Hello,
> > > > 
> > > > I will leave this one then for the next core update where we
> > > > hopefully have moved forward with some of the changes to the UI
> > > > and
> > > > more people have verified that this won’t break anything :)
> > > OK. According to the work on the WUI, i have pushed all i
> > > currently
> > > have which can be found in here -->
> > >    
> > > https://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=commit;h=34af1d714178b2cd0c27e8c39052a8c7ce87d116
> > > 
> > > Best,
> > > 
> > > Erik
> > > 
> > > 
> > > Best,
> > > -Michael
> > > 
> > > > On 25 Nov 2020, at 23:20, ummeegge <ummeegge@ipfire.org> wrote:
> > > > 
> > > > Hi Michael,
> > > > 
> > > > Am Mittwoch, den 25.11.2020, 22:43 +0000 schrieb Michael
> > > > Tremer:
> > > > > Hello Erik,
> > > > > 
> > > > > Am I right to assume that this cannot be merged without
> > > > > breaking
> > > > > anything?
> > > > I think it can be merged without breaking something, two more
> > > > already
> > > > known warnings are presant with this update here but it broke
> > > > nothing.
> > > > Tests has been made with 2.4.x clients with a 2.5.0 server but
> > > > 2.3.x
> > > > clients should be OK with this too. Testings might be
> > > > important.
> > > > 
> > > > > 
> > > > > Best,
> > > > > -Michael
> > > > 
> > > > Best,
> > > > 
> > > > Erik
> > > > 
> > > > > 
> > > > > > On 25 Nov 2020, at 22:26, ummeegge <erik.kapfer@ipfire.org>
> > > > > > wrote:
> > > > > > 
> > > > > > Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
> > > > > > ---
> > > > > > config/rootfiles/common/openvpn | 1 -
> > > > > > lfs/openvpn                     | 4 ++--
> > > > > > 2 files changed, 2 insertions(+), 3 deletions(-)
> > > > > > 
> > > > > > diff --git a/config/rootfiles/common/openvpn
> > > > > > b/config/rootfiles/common/openvpn
> > > > > > index 547842db3..41ccc885e 100644
> > > > > > --- a/config/rootfiles/common/openvpn
> > > > > > +++ b/config/rootfiles/common/openvpn
> > > > > > @@ -19,7 +19,6 @@ usr/sbin/openvpn
> > > > > > #usr/share/doc/openvpn/README.down-root
> > > > > > #usr/share/doc/openvpn/README.mbedtls
> > > > > > #usr/share/doc/openvpn/management-notes.txt
> > > > > > -#usr/share/man/man8/openvpn.8
> > > > > > var/ipfire/ovpn/ca
> > > > > > var/ipfire/ovpn/caconfig
> > > > > > var/ipfire/ovpn/ccd
> > > > > > diff --git a/lfs/openvpn b/lfs/openvpn
> > > > > > index 779bf5520..b026d515b 100644
> > > > > > --- a/lfs/openvpn
> > > > > > +++ b/lfs/openvpn
> > > > > > @@ -24,7 +24,7 @@
> > > > > > 
> > > > > > include Config
> > > > > > 
> > > > > > -VER        = 2.4.9
> > > > > > +VER        = 2.5.0
> > > > > > 
> > > > > > THISAPP    = openvpn-$(VER)
> > > > > > DL_FILE    = $(THISAPP).tar.xz
> > > > > > @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> > > > > > 
> > > > > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> > > > > > 
> > > > > > -$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
> > > > > > +$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
> > > > > > 
> > > > > > install : $(TARGET)
> > > > > > 
> > > > > > -- 
> > > > > > 2.20.1
> > > > > > 
> > > > > 
> > > > 
> > > > 
> > > 
> > > 
> > >
diff mbox series

Patch

diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 547842db3..41ccc885e 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -19,7 +19,6 @@  usr/sbin/openvpn
 #usr/share/doc/openvpn/README.down-root
 #usr/share/doc/openvpn/README.mbedtls
 #usr/share/doc/openvpn/management-notes.txt
-#usr/share/man/man8/openvpn.8
 var/ipfire/ovpn/ca
 var/ipfire/ovpn/caconfig
 var/ipfire/ovpn/ccd
diff --git a/lfs/openvpn b/lfs/openvpn
index 779bf5520..b026d515b 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 2.4.9
+VER        = 2.5.0
 
 THISAPP    = openvpn-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 446df6dc29364d00929ea9c725412cb8
+$(DL_FILE)_MD5 = ba426e2217833b522810d6c06f7cc8f7
 
 install : $(TARGET)