Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection

    Scheduled Pinned Locked Moved
    OpenVPN
    11
    23
    18.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @Bambos
      last edited by

      @Bambos

      Something isn't / wasn't working ?
      "Shared keys" was already depreciated many moons ago.

      So : setup a server (create a second ?!), and when done, redeploy the client "opvn" files to the OpeVN clients / users.

      00eaf211-930f-4bf1-8515-c1149d055a8f-image.png

      I use "Remote Access (SSL/TLS)", you could also chose for "Remote Access (SSL/TLS + User Auth).

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      B 1 Reply Last reply Reply Quote 0
      • B
        Bambos @Gertjan
        last edited by

        @Gertjan thanks for the tips !

        for the remote access VPN, if is SSL/TLS + User auth, does this working with freeradius as well ?

        For site to site VPN with shared key, according this post: https://forum.netgate.com/topic/183644/site-to-site-with-shared-key-gateway-bug/3 there is no compatibility if server is V2.6 and client V2.7. Will the SSL/TLS tunnel will work between them ?? i have many 2.6 versions clients to upgrade.

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @Bambos
          last edited by Gertjan

          @Bambos said in HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection:

          for the remote access VPN, if is SSL/TLS + User auth, does this working with freeradius as well ?

          I'm using FreeRadius myself for the captive portal.
          Never tried to do this ... 😊

          You probably want also see this one also : FreeRadius on pfSense software for Two Factor Authentication although I presume that article was written for those who wanted to "why do things the easy way if much harder is so much better ?"

          @Bambos said in HEADS UP: OpenVPN deprecating shared key mode, requires TLS, deprecating cipher selection:

          i have many 2.6 versions clients to upgrade

          Keep in mind that 2.6.0 uses the "old" (now completly ditched because of security) OpenVPN (and now also old OpenSSL !!) libaries.
          The recent pfSense uses the more modern OpenVPN and OpenSSL.

          All this means that some options won't work anymore.
          Some more options will work, but will be depreciated soon (as usual).
          I Use OpenVPN myself, so I always have a look at the "source" : web pages like this and the classic openvpn support forum.

          The OpenVPN client also changed to support the newer OpenVPN server.

          And yes, I agree, syncing the entire openvpn user fleet can be a hassle.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • GertjanG Gertjan referenced this topic on
          • GertjanG Gertjan referenced this topic on
          • First post
            Last post