Project

General

Profile

Feature #10651

Remove/replace deprecated OpenVPN options

Added by Viktor Gurov about 2 months ago. Updated about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
06/10/2020
Due date:
% Done:

0%

Estimated time:

Description

some changes from https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst:

--comp-lzo is deprecated in OpenVPN 2.4. Use --compress instead.

--proto udp6/tcp6 in server mode will now try to always listen to both IPv4 and IPv6 on platforms that allow it. Use --bind ipv6only to explicitly listen only on IPv6.

On Windows, when the --register-dns option is set, OpenVPN no longer restarts the dnscache service - this had unwanted side effects, and seems to be no longer necessary with currently supported Windows versions.

Need to check the full list

History

#1 Updated by Jim Pingle about 2 months ago

We already have options for the new compress style. The older options are still there as well, but they can stay until OpenVPN actually removes them. Some older clients like them better than the new style.

#2 Updated by Pippin MMD about 2 months ago

From today's meeting:
"(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"

https://community.openvpn.net/openvpn/wiki/DeprecatedOptions

Somewhat related to this:
https://redmine.pfsense.org/issues/10347

#3 Updated by Jim Pingle about 2 months ago

Pippin MMD wrote:

From today's meeting:
"(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"

Makes sense, given this quote on that page:

Contrary to prior statements --comp-lzo no is not compatible with the --compress counterpart. Therefore openvpn needs to keep supporting --comp-lzo no for backward compatibility.

That lines up with things we've seen. Though a lot of older clients have caught up, there are still some which aren't as easy to update, such as VoIP phones with OpenVPN built in that use really old versions.

Also available in: Atom PDF