Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Openvpn 2.4 pfsense update to it?

    OpenVPN
    5
    12
    7174
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpoz
      johnpoz LAYER 8 Global Moderator last edited by

      So just curious is there going to be a _p2 release for 2.3.2 or will 2.3.3 or 2.4 move to openvpn 2.4 now that is released and no longer RC..

      OpenVPN 2.4.0 – released on 2016.12.27
      https://openvpn.net/index.php/download/community-downloads.html

      Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

      OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

      1 Reply Last reply Reply Quote 0
      • Pippin
        Pippin last edited by

        I did see this:
        https://forum.pfsense.org/index.php?topic=123468.0

        I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
        Halton Arp

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          Thanks I had missed that.. I take it from that if there playing with using the 2.4 in the export for 2.4 pfsense that it will also update the server to to 2.4 when it releases.. Kewl!

          I don't really ever use the installer bundle, just the export of the config file.. And that is currently working with 2.4 as the client.. Then again I have not tried doing anything fancy or from new stuff that is in 2.4..

          2.4 pfs prob a bit away.. Be nice if they backported to 2.3.x support for openvpn 2.4..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

          1 Reply Last reply Reply Quote 0
          • Pippin
            Pippin last edited by

            Be nice if they backported to 2.3.x support for openvpn 2.4

            Indeed but that would take some time as the new functions need integration, who am I telling ;)

            I`ve been using OpenVPN 2.4 client since alpha, works good with server 2.3.x.

            I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
            Halton Arp

            1 Reply Last reply Reply Quote 0
            • C
              chrcoluk last edited by

              I have noticed a fair amount of openvpn commits lately in the github.  Looks like its been updated to support more modern openvpn code like GCM ciphers.

              pfSense 2.6.0 - ISP AAISP UK

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                "I`ve been using OpenVPN 2.4 client since alpha, works good with server 2.3.x."

                Yeah I have been using it as well.. Not saying it doesn't work with pfsense current 2.3.x version of openvpn server.  Kind of funny how the version numbering matches up ;) My question was more to can we expect 2.4 of openvpn in the 2.3.x line or will we need to wait for 2.4 of pfsense?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  OpenVPN 2.4 is staying in pfSense 2.4, it won't be coming to pfSense 2.3.x. It would require backporting too much of the supporting code. We can't just drop it in, because without also pulling things like NCP support for the GUI, it could result in unintended/unpredictable behavior.

                  I did just push the OpenVPN client export package out for 2.3.2_1 users which includes OpenVPN 2.4 for windows clients.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • K
                    kirezafirov last edited by

                    What about this:

                    https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

                    Does openvpn in pfsense is affected by this Vulnerability.

                    1 Reply Last reply Reply Quote 0
                    • jimp
                      jimp Rebel Alliance Developer Netgate last edited by

                      @kirezafirov:

                      What about this:

                      https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

                      Does openvpn in pfsense is affected by this Vulnerability.

                      http://www.netgate.com/blog/important-update-for-openvpn.html

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • johnpoz
                        johnpoz LAYER 8 Global Moderator last edited by

                        looks like www-dev.netgate.com has a dnssec problem, well all of netgate.com it seems.  This is going to cause problems for people trying to get there most likely ;)


                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                        1 Reply Last reply Reply Quote 0
                        • jimp
                          jimp Rebel Alliance Developer Netgate last edited by

                          That shouldn't have been a link to -dev, copy/paste error. I fixed the link.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator last edited by

                            That fixed it… But looks like there is some IPv6 issues along with dnssec for netgate.com.. Might want to look into that ;)

                            Looks like you have IPv6 glue - but no AAAA records to match up.

                            ns1.netgate.com (2610:160:11:3:0:0:0:6)
                            ns2.netgate.com (2610:1c1:3:0:0:0:0:108)

                            I am showing these IPv6 glue entries..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post