Page MenuHomeVyOS Platform

Upgrade OpenVPN to latest version
Closed, ResolvedPublic

Description

OpenVPN is significantly out of date in the latest VyOS.

OpenVPN on VyOS 1.1.7 is on OpenVPN 2.1.3 where the latest OpenVPN is 2.3.11 and has many security patches. Please update.

Details

Difficulty level
Easy (less than an hour)
Version
1.2.0

Event Timeline

VyOS 1.1.7 is based on debian squeeze which reached EOL several months ago. My understanding is that there won't be any more updates to the 1.1.x line unless the VyOS team finds a significant reason to push out a patch. 1.2.x is currently in beta though.

syncer added subscribers: UnicronNL, dmbaturin, syncer.

@jdrews please check out 1.2 beta
this will definitely not happen in 1.1.7
@UnicronNL @dmbaturin what ovpn version now on beta?

OpenVPN 2.2.3 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Apr 2 2015 on 1.2.0-beta1.

The latest version in the jessie repos is openvpn 2.3.4-5+deb8u1

No problem with the updates for OpenVPN going into 1.2.0.

jdrews changed Version from 1.1.7 to 1.2.0.Jun 22 2016, 8:46 PM

OpenVPN released 2.4, a major update. Release notes here: https://github.com/OpenVPN/openvpn/blob/master/Changes.rst

Current VyOS 1.2.x uses OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017.
We now install latest Debian Jessie security Updates inside every ISO. Going for 2.4.x will cause a lot of headache in VyOS 1.2.x...

Debian Stretch (VyOS 1.3.x) will incorporate OpenVPN 2.4.x by default (https://packages.debian.org/stretch/openvpn).

maybe we just move it to 1.3 instead?

@syncer will be "automatically" fixed by 1.3 as it uses Debian Stretch. So we don't have to do anything :)

syncer claimed this task.