Feature #10651
open
Remove/replace deprecated OpenVPN options
0%
Description
some changes from https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst:
--comp-lzo is deprecated in OpenVPN 2.4. Use --compress instead. --proto udp6/tcp6 in server mode will now try to always listen to both IPv4 and IPv6 on platforms that allow it. Use --bind ipv6only to explicitly listen only on IPv6. On Windows, when the --register-dns option is set, OpenVPN no longer restarts the dnscache service - this had unwanted side effects, and seems to be no longer necessary with currently supported Windows versions.
Need to check the full list
Updated by Jim Pingle over 4 years ago
We already have options for the new compress style. The older options are still there as well, but they can stay until OpenVPN actually removes them. Some older clients like them better than the new style.
Updated by Pippin MMD over 4 years ago
From today's meeting:
"(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
Somewhat related to this:
https://redmine.pfsense.org/issues/10347
Updated by Jim Pingle over 4 years ago
Pippin MMD wrote:
From today's meeting:
"(13:45:40) dazo: We also need to un-deprecate comp-lzo in the wiki"
Makes sense, given this quote on that page:
Contrary to prior statements --comp-lzo no is not compatible with the --compress counterpart. Therefore openvpn needs to keep supporting --comp-lzo no for backward compatibility.
That lines up with things we've seen. Though a lot of older clients have caught up, there are still some which aren't as easy to update, such as VoIP phones with OpenVPN built in that use really old versions.