OPNsense 23.1.2 OpenVPN

Started by jp0469, March 07, 2023, 08:42:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 07, 2023, 08:42:44 PM
I just noticed the following in the changelog:

openvpn: replace authentication handler to prepare for upcoming OpenVPN 2.6 with deferred authentication

Does this have anything to do with the deprecation of shared keys (static key mode) in OpenVPN? I have a site-to-site VPN in place using shared keys and I'm wondering if this will break anything.
March 08, 2023, 08:47:14 AM #1
We've replaced the way the authentication is passed to the GUI/auth framework, but nothing else. The OpenVPN version is still 2.5.x so I don't expect anything to change for shared keys.

I'm unsure about 2.6.x support for shared keys, but we will take a closer look once that is on the table for inclusion in 23.1.x.

What I can tell is we have used the new auth code on 2.6 in the office and it works fine, but that was user/TLS auth.


Cheers,
Franco
March 08, 2023, 09:25:05 AM #2
Quote from: jp0469 on March 07, 2023, 08:42:44 PM
I just noticed the following in the changelog:

openvpn: replace authentication handler to prepare for upcoming OpenVPN 2.6 with deferred authentication

Does this have anything to do with the deprecation of shared keys (static key mode) in OpenVPN? I have a site-to-site VPN in place using shared keys and I'm wondering if this will break anything.

Time to move to Wireguard, I guess... Or will it break/be broken on a regular base in the future, too? Just asking...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 08, 2023, 01:05:38 PM #3 Last Edit: March 08, 2023, 05:25:44 PM by jfponsi
Ho veramente tante vpn openvpn opnsense (server) e mikrotik (client), con l' aggiornamento alla 23.1.2 hanno smesso di funzionare... ho provato varie combinazioni di autenticazione/cifratura (per ora) senza esito...

I have so many vpns openvpn opnsense (server) and mikrotik (client), with the update to 23.1.2 they stopped working... I tried various authentication/encryption combinations (for now) without success...
March 08, 2023, 06:00:07 PM #4
Quote from: franco on March 08, 2023, 08:47:14 AM
We've replaced the way the authentication is passed to the GUI/auth framework, but nothing else. The OpenVPN version is still 2.5.x so I don't expect anything to change for shared keys.

Exactly what I was looking for, Thanks.
March 08, 2023, 06:19:12 PM #5
Quote from: chemlud
Time to move to Wireguard, I guess... Or will it break/be broken on a regular base in the future, too? Just asking...

Yes, exactly what I've been considering for a while but OpenVPN has been super stable and speed is not a concern for my application.
March 10, 2023, 11:11:46 AM #6
My road-warrior VPNs are working again with 23.1.3
March 25, 2023, 11:53:00 AM #7
Buongiorno anche con gli aggiornamenti successivi 23.1.4_1 la questione resta invariata.
Avete trovato qualche soluzione?

Hello, even with the subsequent updates 23.1.4_1 the issue remains unchanged.
Have you found any solution?
March 25, 2023, 02:52:46 PM #8
Set  "Encryption algorithm (fallback)" to NONE
and set in  Advanced:
--cipher AES-256-CBC
March 26, 2023, 01:04:46 PM #9
Quote from: nmichael200 on March 25, 2023, 02:52:46 PM
Set  "Encryption algorithm (fallback)" to NONE
and set in  Advanced:
--cipher AES-256-CBC

https://forum.opnsense.org/index.php?topic=27394.msg160740#msg160740

With Update 23.1.4 you can use again: "Encryption algorithm (deprecated)"
Restart openvpn server an it works
Print
Go Up Pages1
User actions