OPNsense 23.1.2 OpenVPN

[jp0469]

I just noticed the following in the changelog:

openvpn: replace authentication handler to prepare for upcoming OpenVPN 2.6 with deferred authentication

Does this have anything to do with the deprecation of shared keys (static key mode) in OpenVPN? I have a site-to-site VPN in place using shared keys and I'm wondering if this will break anything.

[franco]

We've replaced the way the authentication is passed to the GUI/auth framework, but nothing else. The OpenVPN version is still 2.5.x so I don't expect anything to change for shared keys.

I'm unsure about 2.6.x support for shared keys, but we will take a closer look once that is on the table for inclusion in 23.1.x.

What I can tell is we have used the new auth code on 2.6 in the office and it works fine, but that was user/TLS auth.


Cheers,
Franco

[chemlud]

I just noticed the following in the changelog:

openvpn: replace authentication handler to prepare for upcoming OpenVPN 2.6 with deferred authentication

Does this have anything to do with the deprecation of shared keys (static key mode) in OpenVPN? I have a site-to-site VPN in place using shared keys and I'm wondering if this will break anything.

Time to move to Wireguard, I guess... Or will it break/be broken on a regular base in the future, too? Just asking...

[jfponsi]

Ho veramente tante vpn openvpn opnsense (server) e mikrotik (client), con l' aggiornamento alla 23.1.2 hanno smesso di funzionare... ho provato varie combinazioni di autenticazione/cifratura (per ora) senza esito...

I have so many vpns openvpn opnsense (server) and mikrotik (client), with the update to 23.1.2 they stopped working... I tried various authentication/encryption combinations (for now) without success...

[jp0469]

We've replaced the way the authentication is passed to the GUI/auth framework, but nothing else. The OpenVPN version is still 2.5.x so I don't expect anything to change for shared keys.

Exactly what I was looking for, Thanks.

[jp0469]

Time to move to Wireguard, I guess... Or will it break/be broken on a regular base in the future, too? Just asking...

Yes, exactly what I've been considering for a while but OpenVPN has been super stable and speed is not a concern for my application.

[MoonbeamFrame]

My road-warrior VPNs are working again with 23.1.3

[giancarmine]

Buongiorno anche con gli aggiornamenti successivi 23.1.4_1 la questione resta invariata.
Avete trovato qualche soluzione?

Hello, even with the subsequent updates 23.1.4_1 the issue remains unchanged.
Have you found any solution?

[nmichael200]

Set  "Encryption algorithm (fallback)" to NONE
and set in  Advanced:
--cipher AES-256-CBC

[chrishh]

Set  "Encryption algorithm (fallback)" to NONE
and set in  Advanced:
--cipher AES-256-CBC

https://forum.opnsense.org/index.php?topic=27394.msg160740#msg160740

With Update 23.1.4 you can use again: "Encryption algorithm (deprecated)"
Restart openvpn server an it works