Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feedback request: Recent OpenVPN Changes

    Scheduled Pinned Locked Moved 2.5 Development Snapshots (Retired)
    4 Posts 3 Posters 559 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by jimp

      Last week I made some backend structural changes to OpenVPN which reorganized the directory structure and file layout. I haven't noticed any problems in my testing (before or after committing the changes), but as always with components as flexible as OpenVPN there is no feasible way to test every combination of settings.

      There should be no noticeable functional difference to users, but if you noticed an undesirable change in OpenVPN behavior in snapshots from the last week, especially with regard to CRL processing, please provide the details of the problem. Preferably in a new thread here.

      New structure is much easier to follow and keeps everything together. It was changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to /var/etc/openvpn/<mode><id>/<x>. It also uses the new capath style CA/CRL structure.

      • https://redmine.pfsense.org/issues/9915
      • https://github.com/pfsense/pfsense/commit/348c2af1671d8f11c5d9ca67a32cbb28940ef19a
      • https://github.com/pfsense/pfsense/commit/475d712b910e197256c06634051e1ad75be4bdfe

      In addition to that, there are a number of other recent OpenVPN commits which need testing.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 3
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        i didn't even know about this ..
        i have a simple openvpn peer to peer (shared key) from home (2.5.0) to work (2.4.4-p3). no trouble so far

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        jimpJ 1 Reply Last reply Reply Quote 0
        • JeGrJ
          JeGr LAYER 8 Moderator
          last edited by

          @jimp as you mention CRL processing: not sure while reading the commits but would that make it possible to read CRLs from a remote system so it only has to be managed at one location without "syncing"?

          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate @kiokoman
            last edited by

            @kiokoman said in Feedback request: Recent OpenVPN Changes:

            i didn't even know about this ..

            Then I did something right :-)

            Now wait until you hear about the massive IPsec changes I made last week that (hopefully) were also imperceptible to most people...

            @JeGr said in Feedback request: Recent OpenVPN Changes:

            would that make it possible to read CRLs from a remote system so it only has to be managed at one location without "syncing"

            No, it's only about how OpenVPN reads/processes them locally, using capath to setup a CA+CRL structure directory, rather than using separate ca and crl-verify directives.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.