Project

General

Profile

Actions

Todo #13917

closed

OpenVPN Client Export: Integrate OpenVPN 2.6.0

Added by Jim Pingle almost 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN Client Export
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:

Description

We need to add OpenVPN 2.6.0 to the export package but doing so has a few caveats:

  • OpenSSL 3.0 which is used in the OpenVPN 2.6.0 client won't read the current .p12 format -- See #13255 -- so we need a choice in the export package for that, similar to #13257. We need the choice because not all platforms can use the best encryption there. Notably, macOS won't import unless the .p12 is using 3DES/SHA1.
  • OpenSSL 3.0 also deprecates SHA1 signed certs so we should warn/fail to export if someone tries to make a bundle using a CA or Cert hashed with SHA1
  • Given the big differences in OpenVPN 2.6.0, we should keep around installers for 2.5.x as well as 2.4.x for the time being if possible.
  • OpenVPN 2.6.0 has other quirks we may need to account for in the configuration so we probably need to change legacy export to have an option for compatibility level (e.g. "2.6.0, 2.5.x, <= 2.4.x")

All that said, for inline exported configurations, OpenVPN 2.6.0 works fine in most cases as-is. For the time being, users can export an inline configuration, install OpenVPN 2.6.0 on their own, then import the inline configuration as needed.


Related issues

Related to Todo #13255: Set PKCS#12 algorithm when exporting OpenVPN ZIP or Windows bundlesResolvedJim Pingle

Actions
Actions

Also available in: Atom PDF