Notice: OpenVPN 2.3 with integrated IPv6 released
-
Yes, OpenVPN 2.3 should be an easy swap. I see the FreeBSD ports tree has openvpn at 2.3_1 already, too.
-
Current snapshot build run will contain openvpn 2.3 when it finishes baking.
snapshots-8_3-amd64# pkg_info -Ix openvpn openvpn-2.3.0_1ย ย Secure IP/Ethernet tunnel daemon -
OK, good, I saw you catched the password file modification.
awaiting crashes ;-)
-
Yeah and I also disabled easyrsa since we do not want that to be installed by default.
-
as usual, the upgrade was a snoozefest.
I cheated and downloaded the update tgz directly from the builder so I wouldn't have to wait for the whole snapshot run to upload.
tablet connected right up to the vpn and it's like nothing really changed. Pulled an IPv4 and IPv6 IP over the VPN tunnel and things look happy. I'll wait for others to report success or failure but to me it looks like an all-around win. So far.
-
Hehe - the positive effect of having had those large IPv6 patches allows now to quickly switch to 2.3 and its IPv6 capability.
My ISP doesn't do v6 but I'll at least v4 since that's what I can test more readily.
If things go right, any worries about dumping openvpn-ipv6 used in pfSense 2.0 and also switch to 2.3?P.S. Thanks for you testings jimp!
-
No reservations from me, but I'll ask around.
-
@MatSim:
If things go right, any worries about dumping openvpn-ipv6 used in pfSense 2.0 and also switch to 2.3?
IMHO it'd be best to focus onto finally shipping out 2.1, which is based on a supported FreeBSD release (whereas 2.0.x's FreeBSD 8.1 is EoL since Jul-2012) โฆ
-
@dhatz - 2.0.3 is already happening. Too many issues in 2.0.2 to leave it until 2.1 ships.
2.1 is getting closer, but the type of issues we can fix here take different people/resources than the things still broken on 2.1. It's not holding up anything on 2.1 to do this. The main question is if it could break something on 2.0.x in the process. If there's really any doubt, we tend to leave things alone, but openvpn tends to have really good releases that don't break much if anything at all.
-
2.1-BETA1 (i386)
built on Mon Jan 14 11:26:01 EST 2013
FreeBSD 8.3-RELEASE-p5
OpenVPN 2.3.0 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jan 14 2013
Alix 2D13 nanoBSD
Test system running a simple OpenVPN config fine - 2 IPV4-only site-to-site clients connecting out to 2 remote offices. (No IPv6 on this one) -
(whereas 2.0.x's FreeBSD 8.1 is EoL since Jul-2012) โฆ
We're continuing to support 8.1, as we have since July. Most vendors use much older versions than 8.1 including a number of commercial firewall vendors.
-
@dhatz: If you look at pfsense-tools, it's more about getting rid of different openvpn ports laying around there.
Actually 2.0.2 ships wih OpenVPN 2.2.0 with an IPv6 patch, so did 2.1 snapshots until today.While 8.1 is EoL deemed by FreeBSD, last time a vulnerability was discovered against in 8.3/9.x and found present in pfSense has backported it to 2.0, so no worries in terms of security.
(https://github.com/bsdperimeter/pfsense-tools/blob/master/patches/RELENG_8_1/hostapd-8.diff) -
while ur at it, can u add a config for openvpn client connection to disable ipv6 if not required at all
-
while ur at it, can u add a config for openvpn client connection to disable ipv6 if not required at all
Not relevant to this thread at all, please don't hijack threads.
-
sorry
