OpenVPN GUI in 1.2-RELEASE and 2.0BETA 06102010



  • While I am going against the recommendation to not put 2.0 in production, I am testing some of the features out which require it to be a production machine for a little bit.

    The replacement box is a 1.2 release, and so far everything except openVPN has worked natively.  Can any guide me through migrating my openVPN settings from the old 1.2 box to the new 2.0.  The GUI for openVPN is different and some of the certificates and settings are not appearing transparent to me. We have a VPN server and a Client-Server (site-to-site) setup

    Example:
    1.2RELEASE-VPN-OpenVPN-Client Bold represents fields we used
    The options you have are:
    Disable this tunnel
    **Protocol -UDP
    Server Address
    Server Port
    Interface IP
    Remote Network
    Proxy Host
    Proxy Port
    Cryptography AES
    AuthMethod -PKI
    Shared Key
    CA Certificate
    Client Certificate
    Client Key

    Limit Bandwidth
    Dynamic Sourceport
    Custom Options

    2.0BETA Has alot more options and some options reflect a different name. Color Change reflects new options, not sure what to do.
    Disabled
    ServerMode
    Protocol
    Device Mode
    Interface
    local port
    server host
    server port
    proxy host
    proxy port
    Proxy Authentication: AuthMode [basic/ntlm] - If this is the same authMode as in 1.2 why was PKI dropped off the list, what do i use?

    Cryptographic Settings
    ETC>
    No need to type the rest.

    Anyone who has an idea how to proceed whether its possible to just migrate the certs or if i have to create a whole new openVPN client server connection.**



  • Some additional questions

    Under 1.2 release site-site, my CA Cert is in x.509 format, my Client Certificate is in x.509 Format, my Client Key is in RSA format.

    However, in 2.0 under the Certificate manager, the Key and Certificate are requested to be in x.509 format.


  • Rebel Alliance Developer Netgate

    You can just migrate the certs.

    The server mode is just a different way to choose the setup which is more accurate than 1.2. The old PKI setup is "Peer to Peer (SSL/TLS)" with TLS disabled.

    Device mode of tun is default. Interface is usually WAN or WAN2/whatever if you have multi-wan and want to route it out a certain way.



  • Upon upgrading it will convert all those things over, so just restore your 1.2 config to the 2.0 install and it should just work. The couple production boxes I have upgraded did, with about 15 clients and servers on each.


Locked