Page MenuHomePhabricator

Upgrade OpenVPN to latest version
Closed, ResolvedPublic

Description

OpenVPN is significantly out of date in the latest VyOS.

OpenVPN on VyOS 1.1.7 is on OpenVPN 2.1.3 where the latest OpenVPN is 2.3.11 and has many security patches. Please update.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.0

Event Timeline

jdrews created this task.Jun 5 2016, 3:09 AM

VyOS 1.1.7 is based on debian squeeze which reached EOL several months ago. My understanding is that there won't be any more updates to the 1.1.x line unless the VyOS team finds a significant reason to push out a patch. 1.2.x is currently in beta though.

syncer added subscribers: UnicronNL, dmbaturin, syncer.

@jdrews please check out 1.2 beta
this will definitely not happen in 1.1.7
@UnicronNL @dmbaturin what ovpn version now on beta?

afics added a subscriber: afics.Jun 17 2016, 11:52 AM

OpenVPN 2.2.3 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 2 2015 on 1.2.0-beta1.

The latest version in the jessie repos is openvpn 2.3.4-5+deb8u1

No problem with the updates for OpenVPN going into 1.2.0.

jdrews changed Version from 1.1.7 to 1.2.0.Jun 22 2016, 8:46 PM
syncer added a subscriber: VyOS 1.2 Crux.
jdrews added a comment.EditedJan 10 2017, 2:41 AM

OpenVPN released 2.4, a major update. Release notes here: https://github.com/OpenVPN/openvpn/blob/master/Changes.rst

pasik added a subscriber: pasik.Feb 28 2017, 2:46 PM
c-po added a subscriber: c-po.Dec 26 2017, 9:16 PM

Current VyOS 1.2.x uses OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017.
We now install latest Debian Jessie security Updates inside every ISO. Going for 2.4.x will cause a lot of headache in VyOS 1.2.x...

Debian Stretch (VyOS 1.3.x) will incorporate OpenVPN 2.4.x by default (https://packages.debian.org/stretch/openvpn).

c-po added a comment.Dec 26 2017, 9:17 PM

@syncer looks like "Wontfix"

maybe we just move it to 1.3 instead?

c-po added a comment.Dec 26 2017, 9:27 PM

@syncer will be "automatically" fixed by 1.3 as it uses Debian Stretch. So we don't have to do anything :)

syncer closed this task as Resolved.Jun 10 2018, 4:51 AM
syncer claimed this task.