Bug #324

OpenVPN upgrade code should put an allow all rule for migrations from 1.2.x

Added by Jim Pingle over 10 years ago. Updated about 10 years ago.

Very Low
Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


Since OpenVPN does not filter on 1.2.x, upgrades from 1.2.x -> 2.0 should place an "Allow All" style rule on the OpenVPN interface rules, to avoid a POLA violation.

This way, the non-filtered behavior is retained for those upgrading from 1.2.3, but new installs of 2.0 can be filtered by default.

Less clear is how we should handle upgrades where a tun was assigned as an opt for filtering. (Or is that already handled?)

Associated revisions

Revision c73bd8f0 (diff)
Added by Ermal Luçi over 10 years ago

Ticket #324. Add allow all rule during upgrade.


#1 Updated by Ermal Luçi over 10 years ago

  • Priority changed from Normal to Very Low

I do not much agree with this.
Since we do not do this for IPsec and 2.0 is going to be a new release and on the release notes this can be mentioned.

#2 Updated by Jim Pingle over 10 years ago

The difference is that IPsec had rules in 1.2.x, so people expect it to work that way already.

If someone does a remote upgrade via their OpenVPN connection, they could end up locked out because OpenVPN now requires rules where it did not do so previously, and there is no way to prevent that scenario.

I do agree that it should not have rules on a fresh install, but upgrades are a different matter.

#3 Updated by Chris Buechler over 10 years ago

Yeah, this needs to be done. For 1.2.x upgraded configs auto-adding an allow all rule for OpenVPN is the sensible course of action, as we always want to retain the previous behavior. Nothing should work differently after upgrade than it did before the upgrade.

#4 Updated by Ermal Luçi over 10 years ago

  • Status changed from New to Feedback

#5 Updated by Chris Buechler about 10 years ago

  • Status changed from Feedback to Resolved

confirmed fixed

Also available in: Atom PDF