Require clients to update?



  • We use the export client tool to deliver install packages to our users. Occasionally OpenVPN is updated :)

    Is it possible to require clients to be on a certain version in order to connect? I've scanned the docs, this site, and Google and I'm feeling all alone in the world! The only thing I can think of is to change the cert or user passwords...

    Thanks
    Brian



  • It's the admin that decides what version is used, and he decides when it is time to upgrade.
    Old VPN client configs might not work with newer OPENVPN servers, up to the admin to prepare newer 'client' versions for them.
    Correct, changing a cert or password on server and client side will enforce the fact that everybody is in sync.



  • OpenVPN itself has no framework for such feature and I doubt PfSense's developers would want to hack something together on their own.



  • Thanks for validating my thoughts on this!


  • Rebel Alliance Developer Netgate

    You could enable a feature on the server side that requires OpenVPN 2.4 and then older clients would fail to connect. Harsh, but that's about the only way you could require a minimum version from the client end.