Actions
Regression #16825
open
Shared Key OpenVPN tunnels need directive to bypass deprecation error
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
26.07
Release Notes:
Force Exclusion
Affected Version:
Affected Architecture:
Description
Starting with OpenVPN 2.7, OpenVPN has further moved to deprecate shared key tunnels. OpenVPN will fail to start with a shared key setup without a new directive acknowledging the deprecation:
allow-deprecated-insecure-static-crypto
Recent development snapshot builds now include OpenVPN 2.7.x, so existing shared key tunnels are failing to start.
This small change works around it and allows it to continue functioning.
diff --git a/src/etc/inc/openvpn.inc b/src/etc/inc/openvpn.inc
index 23fce38576..7d52119566 100644
--- a/src/etc/inc/openvpn.inc
+++ b/src/etc/inc/openvpn.inc
@@ -1319,6 +1319,7 @@ function openvpn_reconfigure($mode, $settings) {
// Write the settings for the keys
switch ($settings['mode']) {
case 'p2p_shared_key':
+ $conf .= "allow-deprecated-insecure-static-crypto\n";
openvpn_add_keyfile($settings['shared_key'], $conf, $mode_id, "secret");
break;
case 'p2p_tls':
Shared Key mode will be completely removed from OpenVPN 2.8, so users should migrate to TLS configurations ASAP.
Updated by Jim Pingle about 4 hours ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Fixed by commit 7a1ab55cdecbdc969a167ad41f1fe2762c3872de
Actions