Actions
Todo #13917
closed
OpenVPN Client Export: Integrate OpenVPN 2.6.0
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Description
We need to add OpenVPN 2.6.0 to the export package but doing so has a few caveats:
- OpenSSL 3.0 which is used in the OpenVPN 2.6.0 client won't read the current .p12 format -- See #13255 -- so we need a choice in the export package for that, similar to #13257. We need the choice because not all platforms can use the best encryption there. Notably, macOS won't import unless the .p12 is using 3DES/SHA1.
- OpenSSL 3.0 also deprecates SHA1 signed certs so we should warn/fail to export if someone tries to make a bundle using a CA or Cert hashed with SHA1
- Given the big differences in OpenVPN 2.6.0, we should keep around installers for 2.5.x as well as 2.4.x for the time being if possible.
- OpenVPN 2.6.0 has other quirks we may need to account for in the configuration so we probably need to change legacy export to have an option for compatibility level (e.g. "2.6.0, 2.5.x, <= 2.4.x")
All that said, for inline exported configurations, OpenVPN 2.6.0 works fine in most cases as-is. For the time being, users can export an inline configuration, install OpenVPN 2.6.0 on their own, then import the inline configuration as needed.
Related issues
Updated by Jim Pingle about 1 year ago
- Related to Todo #13255: Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundles added
Updated by Jim Pingle 10 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Included in OpenVPN client export package 1.9. Will be in snapshots for testing, then release branches if it tests OK.
Updated by Jim Pingle 9 months ago
- Status changed from Feedback to Resolved
This has been available for Plus 23.05.1 and CE 2.7.0 for several days with no reports of trouble.
We can open new issues as needed should problems arise.
Actions