Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Feedback request: Recent OpenVPN Changes

    2.5 Development Snapshots (Retired)
    3
    4
    160
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimp
      jimp Rebel Alliance Developer Netgate last edited by jimp

      Last week I made some backend structural changes to OpenVPN which reorganized the directory structure and file layout. I haven't noticed any problems in my testing (before or after committing the changes), but as always with components as flexible as OpenVPN there is no feasible way to test every combination of settings.

      There should be no noticeable functional difference to users, but if you noticed an undesirable change in OpenVPN behavior in snapshots from the last week, especially with regard to CRL processing, please provide the details of the problem. Preferably in a new thread here.

      New structure is much easier to follow and keeps everything together. It was changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to /var/etc/openvpn/<mode><id>/<x>. It also uses the new capath style CA/CRL structure.

      • https://redmine.pfsense.org/issues/9915
      • https://github.com/pfsense/pfsense/commit/348c2af1671d8f11c5d9ca67a32cbb28940ef19a
      • https://github.com/pfsense/pfsense/commit/475d712b910e197256c06634051e1ad75be4bdfe

      In addition to that, there are a number of other recent OpenVPN commits which need testing.

      1 Reply Last reply Reply Quote 3
      • kiokoman
        kiokoman LAYER 8 last edited by

        i didn't even know about this ..
        i have a simple openvpn peer to peer (shared key) from home (2.5.0) to work (2.4.4-p3). no trouble so far

        jimp 1 Reply Last reply Reply Quote 0
        • JeGr
          JeGr LAYER 8 Moderator last edited by

          @jimp as you mention CRL processing: not sure while reading the commits but would that make it possible to read CRLs from a remote system so it only has to be managed at one location without "syncing"?

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate @kiokoman last edited by

            @kiokoman said in Feedback request: Recent OpenVPN Changes:

            i didn't even know about this ..

            Then I did something right :-)

            Now wait until you hear about the massive IPsec changes I made last week that (hopefully) were also imperceptible to most people...

            @JeGr said in Feedback request: Recent OpenVPN Changes:

            would that make it possible to read CRLs from a remote system so it only has to be managed at one location without "syncing"

            No, it's only about how OpenVPN reads/processes them locally, using capath to setup a CA+CRL structure directory, rather than using separate ca and crl-verify directives.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy