Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Feedback request: Recent OpenVPN Changes

    2.5 Development Snapshots (Retired)
    3
    4
    179
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimp
      jimp Rebel Alliance Developer Netgate last edited by jimp

      Last week I made some backend structural changes to OpenVPN which reorganized the directory structure and file layout. I haven't noticed any problems in my testing (before or after committing the changes), but as always with components as flexible as OpenVPN there is no feasible way to test every combination of settings.

      There should be no noticeable functional difference to users, but if you noticed an undesirable change in OpenVPN behavior in snapshots from the last week, especially with regard to CRL processing, please provide the details of the problem. Preferably in a new thread here.

      New structure is much easier to follow and keeps everything together. It was changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to /var/etc/openvpn/<mode><id>/<x>. It also uses the new capath style CA/CRL structure.

      • https://redmine.pfsense.org/issues/9915
      • https://github.com/pfsense/pfsense/commit/348c2af1671d8f11c5d9ca67a32cbb28940ef19a
      • https://github.com/pfsense/pfsense/commit/475d712b910e197256c06634051e1ad75be4bdfe

      In addition to that, there are a number of other recent OpenVPN commits which need testing.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 3
      • kiokoman
        kiokoman LAYER 8 last edited by

        i didn't even know about this ..
        i have a simple openvpn peer to peer (shared key) from home (2.5.0) to work (2.4.4-p3). no trouble so far

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        jimp 1 Reply Last reply Reply Quote 0
        • JeGr
          JeGr LAYER 8 Moderator last edited by

          @jimp as you mention CRL processing: not sure while reading the commits but would that make it possible to read CRLs from a remote system so it only has to be managed at one location without "syncing"?

          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate @kiokoman last edited by

            @kiokoman said in Feedback request: Recent OpenVPN Changes:

            i didn't even know about this ..

            Then I did something right :-)

            Now wait until you hear about the massive IPsec changes I made last week that (hopefully) were also imperceptible to most people...

            @JeGr said in Feedback request: Recent OpenVPN Changes:

            would that make it possible to read CRLs from a remote system so it only has to be managed at one location without "syncing"

            No, it's only about how OpenVPN reads/processes them locally, using capath to setup a CA+CRL structure directory, rather than using separate ca and crl-verify directives.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post