Todo #13917
Updated by Jim Pingle about 1 year ago
We need to add OpenVPN 2.6.0 to the export package but doing so has a few caveats: * OpenSSL 3.0 which is used in the OpenVPN 2.6.0 client won't read the current .p12 format -- See #13255 -- so we need a choice in the export package for that, similar to #13257. We need the choice because not all platforms can use the best encryption there. Notably, macOS won't import unless the .p12 is using 3DES/SHA1. * OpenSSL 3.0 also deprecates SHA1 signed certs so we should warn/fail to export if someone tries to make a bundle using a CA or Cert hashed with SHA1 * Given the big differences in OpenVPN 2.6.0, we should keep around installers for 2.5.x as well as 2.4.x for the time being if possible. * OpenVPN 2.6.0 has other quirks we may need to account for in the configuration so we probably need to change legacy export to have an option for compatibility level (e.g. "2.6.0, 2.5.x, <= 2.4.x") All that said, for inline exported configurations, OpenVPN 2.6.0 works fine in most cases as-is. For the time being, users can export an inline configuration, install OpenVPN 2.6.0 on their own, then import the inline configuration as needed.