Openvpn 2.4 pfsense update to it?
-
So just curious is there going to be a _p2 release for 2.3.2 or will 2.3.3 or 2.4 move to openvpn 2.4 now that is released and no longer RC..
OpenVPN 2.4.0 – released on 2016.12.27
https://openvpn.net/index.php/download/community-downloads.htmlCompared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.
OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.
-
I did see this:
https://forum.pfsense.org/index.php?topic=123468.0 -
Thanks I had missed that.. I take it from that if there playing with using the 2.4 in the export for 2.4 pfsense that it will also update the server to to 2.4 when it releases.. Kewl!
I don't really ever use the installer bundle, just the export of the config file.. And that is currently working with 2.4 as the client.. Then again I have not tried doing anything fancy or from new stuff that is in 2.4..
2.4 pfs prob a bit away.. Be nice if they backported to 2.3.x support for openvpn 2.4..
-
Be nice if they backported to 2.3.x support for openvpn 2.4
Indeed but that would take some time as the new functions need integration, who am I telling ;)
I`ve been using OpenVPN 2.4 client since alpha, works good with server 2.3.x.
-
I have noticed a fair amount of openvpn commits lately in the github. Looks like its been updated to support more modern openvpn code like GCM ciphers.
-
"I`ve been using OpenVPN 2.4 client since alpha, works good with server 2.3.x."
Yeah I have been using it as well.. Not saying it doesn't work with pfsense current 2.3.x version of openvpn server. Kind of funny how the version numbering matches up ;) My question was more to can we expect 2.4 of openvpn in the 2.3.x line or will we need to wait for 2.4 of pfsense?
-
OpenVPN 2.4 is staying in pfSense 2.4, it won't be coming to pfSense 2.3.x. It would require backporting too much of the supporting code. We can't just drop it in, because without also pulling things like NCP support for the GUI, it could result in unintended/unpredictable behavior.
I did just push the OpenVPN client export package out for 2.3.2_1 users which includes OpenVPN 2.4 for windows clients.
-
What about this:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
Does openvpn in pfsense is affected by this Vulnerability.
-
What about this:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
Does openvpn in pfsense is affected by this Vulnerability.
http://www.netgate.com/blog/important-update-for-openvpn.html
-
looks like www-dev.netgate.com has a dnssec problem, well all of netgate.com it seems. This is going to cause problems for people trying to get there most likely ;)
-
That shouldn't have been a link to -dev, copy/paste error. I fixed the link.
-
That fixed it… But looks like there is some IPv6 issues along with dnssec for netgate.com.. Might want to look into that ;)
Looks like you have IPv6 glue - but no AAAA records to match up.
ns1.netgate.com (2610:160:11:3:0:0:0:6)
ns2.netgate.com (2610:1c1:3:0:0:0:0:108)I am showing these IPv6 glue entries..