Todo #7055
closedUpdate OpenVPN Client Export package with OpenVPN 2.4
0%
Description
OpenVPN 2.4 has made a few changes to the Windows installer that may need accounting for. See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
Notably:- OpenVPN 2.4 requires Windows Vista or later
- There is no separate architecture installer or tap driver type installer, only one .exe
- tls-remote has been deprecated, along with a couple other directives that need checked
Given the large changes, it would best to still include the latest OpenVPN 2.3.x version for a while in case the 2.4 version causes problems.
Updated by Jim Pingle almost 8 years ago
A new version of OpenVPN client export for pfSense 2.4 with OpenVPN 2.4 is up now for testing.
Key changes:- OpenVPN 2.4 is available to download. There is only one OpenVPN 2.4 installer, but it works on both 64 and 32 bit versions of Windows. This installer requires Windows Vista or later and will not work on Windows XP
- The manager option for Windows has been removed from the export package and installer. The native OpenVPN-GUI uses the new service in OpenVPN 2.4 for managing connections, meaning unprivileged users can use OpenVPN and it will add routes properly. (Note that admin access is still required to install the OpenVPN client)
- OpenVPN 2.3.x client options remain in the export package for the time being, and they have been updated to 2.3.14
- The export package will handle many of the newly added OpenVPN 2.4 features from pfSense 2.4, such as the new compression options, TLS Encryption+Authentication, and the new protocol selection.
After some testing time here, it can be copied to 2.3.3 and eventually to 2.3.2 if it works there.
Updated by Jim Pingle almost 8 years ago
I just pushed this to 2.3.3 as well for more testing.
Updated by Jim Pingle almost 8 years ago
- Status changed from Assigned to Feedback
This is now live for 2.3.2_1 users as well. What little feedback I received was positive. We'll move forward from here if there are problems.
Updated by Jeff Wischkaemper almost 8 years ago
Jim - unknown if this is expected behavior, but the Client Export does not put compression settings in the client file when the "Push compression to the client" is enabled. In theory this should be redundant, but may not be if the client doesn't respect the pushed settings.
Updated by Jim Pingle almost 8 years ago
If you checked "push compression to the client" then the server will push the setting to the client and it shouldn't be in the client configuration. If you have clients that don't support that, then don't activate the option.