Notice: OpenVPN 2.3 with integrated IPv6 released

msi

Hehe - the positive effect of having had those large IPv6 patches allows now to quickly switch to 2.3 and its IPv6 capability.

My ISP doesn't do v6 but I'll at least v4 since that's what I can test more readily.
If things go right, any worries about dumping openvpn-ipv6 used in pfSense 2.0 and also switch to 2.3?

P.S. Thanks for you testings jimp!

jimp

No reservations from me, but I'll ask around.

dhatz

@MatSim:

If things go right, any worries about dumping openvpn-ipv6 used in pfSense 2.0 and also switch to 2.3?

IMHO it'd be best to focus onto finally shipping out 2.1, which is based on a supported FreeBSD release (whereas 2.0.x's FreeBSD 8.1 is EoL since Jul-2012) …

jimp

@dhatz - 2.0.3 is already happening. Too many issues in 2.0.2 to leave it until 2.1 ships.

2.1 is getting closer, but the type of issues we can fix here take different people/resources than the things still broken on 2.1. It's not holding up anything on 2.1 to do this. The main question is if it could break something on 2.0.x in the process. If there's really any doubt, we tend to leave things alone, but openvpn tends to have really good releases that don't break much if anything at all.

phil.davis

2.1-BETA1 (i386)
built on Mon Jan 14 11:26:01 EST 2013
FreeBSD 8.3-RELEASE-p5
OpenVPN 2.3.0 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jan 14 2013
Alix 2D13 nanoBSD
Test system running a simple OpenVPN config fine - 2 IPV4-only site-to-site clients connecting out to 2 remote offices. (No IPv6 on this one)

cmb

@dhatz:

(whereas 2.0.x's FreeBSD 8.1 is EoL since Jul-2012) …

We're continuing to support 8.1, as we have since July. Most vendors use much older versions than 8.1 including a number of commercial firewall vendors.

msi

@dhatz: If you look at pfsense-tools, it's more about getting rid of different openvpn ports laying around there.
Actually 2.0.2 ships wih OpenVPN 2.2.0 with an IPv6 patch, so did 2.1 snapshots until today.

While 8.1 is EoL deemed by FreeBSD, last time a vulnerability was discovered against in 8.3/9.x and found present in pfSense has backported it to 2.0, so no worries in terms of security.
(https://github.com/bsdperimeter/pfsense-tools/blob/master/patches/RELENG_8_1/hostapd-8.diff)

xbipin

while ur at it, can u add a config for openvpn client connection to disable ipv6 if not required at all

jimp

@xbipin:

while ur at it, can u add a config for openvpn client connection to disable ipv6 if not required at all

Not relevant to this thread at all, please don't hijack threads.

xbipin

sorry