Page MenuHomeVyOS Platform
Create Task
Maniphest T80

Upgrade OpenVPN to latest version
Closed, ResolvedPublic
Actions

Description

OpenVPN is significantly out of date in the latest VyOS.

OpenVPN on VyOS 1.1.7 is on OpenVPN 2.1.3 where the latest OpenVPN is 2.3.11 and has many security patches. Please update.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.0

Event Timeline

jdrews created this task.Jun 5 2016, 3:09 AM
unixninja92 added a subscriber: unixninja92.Jun 15 2016, 5:39 PM

VyOS 1.1.7 is based on debian squeeze which reached EOL several months ago. My understanding is that there won't be any more updates to the 1.1.x line unless the VyOS team finds a significant reason to push out a patch. 1.2.x is currently in beta though.

syncer added a project: VyOS 1.1.x (1.1.8).Jun 15 2016, 9:28 PM
syncer added subscribers: UnicronNL, dmbaturin, syncer.

@jdrews please check out 1.2 beta
this will definitely not happen in 1.1.7
@UnicronNL @dmbaturin what ovpn version now on beta?

Unknown Object (User) added a subscriber: Unknown Object (User).Jun 17 2016, 11:52 AM

OpenVPN 2.2.3 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 2 2015 on 1.2.0-beta1.

unixninja92 added a comment.Jun 17 2016, 1:44 PM

The latest version in the jessie repos is openvpn 2.3.4-5+deb8u1

jdrews added a comment.Jun 22 2016, 8:45 PM

No problem with the updates for OpenVPN going into 1.2.0.

jdrews changed Version from 1.1.7 to 1.2.0.Jun 22 2016, 8:46 PM
syncer edited projects, added VyOS 1.2 Crux; removed VyOS 1.1.x (1.1.8).Dec 14 2016, 1:30 PM
syncer added a subscriber: VyOS 1.2 Crux.
jdrews added a comment.EditedJan 10 2017, 2:41 AM

OpenVPN released 2.4, a major update. Release notes here: https://github.com/OpenVPN/openvpn/blob/master/Changes.rst

futurealecks added a subscriber: futurealecks.Jan 26 2017, 4:10 AM
pasik added a subscriber: pasik.Feb 28 2017, 2:46 PM
c-po added a subscriber: c-po.Dec 26 2017, 9:16 PM

Current VyOS 1.2.x uses OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017.
We now install latest Debian Jessie security Updates inside every ISO. Going for 2.4.x will cause a lot of headache in VyOS 1.2.x...

Debian Stretch (VyOS 1.3.x) will incorporate OpenVPN 2.4.x by default (https://packages.debian.org/stretch/openvpn).

c-po added a comment.Dec 26 2017, 9:17 PM

@syncer looks like "Wontfix"

syncer added a comment.Dec 26 2017, 9:18 PM

maybe we just move it to 1.3 instead?

c-po added a comment.Dec 26 2017, 9:27 PM

@syncer will be "automatically" fixed by 1.3 as it uses Debian Stretch. So we don't have to do anything :)

syncer closed this task as Resolved.Jun 10 2018, 4:51 AM
syncer claimed this task.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc1), VyOS-1.2.0-GA; removed VyOS 1.2 Crux.Oct 15 2018, 11:06 PM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc1) board.Oct 15 2018, 11:58 PM