Date: Mon, 4 May 2026 06:58:21 +0200 From: Andrea Venturoli <ml@netfence.it> To: Gert Doering <gert@greenie.muc.de>, Matthias Andree <mandree@freebsd.org> Cc: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-ports@freebsd.org, arrowd@freebsd.org Subject: Re: openvpn 2.6 -> 2.7 Message-ID: <78ee35b0-002e-488d-93a8-fc6307c583ee@netfence.it> In-Reply-To: <afb9Og-fCCMvN21p@greenie.muc.de> References: <538f8efc-5742-44ea-b231-2e6b20492c60@netfence.it> <8fd4e3d8-4402-4d22-a731-5e5a9f811fa5@quip.cz> <192b9183-9c49-48ee-9e16-7fd34d342506@FreeBSD.org> <afb9Og-fCCMvN21p@greenie.muc.de>
index | next in thread | previous in thread | raw e-mail
On 5/3/26 09:46, Gert Doering wrote:
> Hi Miroslav, Andrea,
Hello.
> Matthias copied me into this thread as I'm one of the upstream OpenVPN
> maintainers, and I also maintain the openvpn-devel port.
Thanks for taking part in the discussion.
I'll reply collectively here, also to Marek and Matthias.
> Can you elaborate on this, please? Our ("upstream") plan was to make
> 2.7 a mostly-plug-in replacement for 2.6, so it really should not break
> "many" configs.
I've possibly used wrong words: so far, in fact, I found *one* config
(see later), but it's a config of which I have many instances.
> It does break *some*, though - everything with static keys (--secret)
This is it.
> So we're really curious on what else we broke, and I'm all willing to
> help move over to 2.7 - as this is, of course, what will see more focus.
Actually you can't help me (but thanks a lot)...
As Marek correctly stated, these configs can be easily fixed, provided:
a) you are the admin of both ends;
b) you can reach the "other" end easily.
In my case I'll have to ask other people to modify their config and/or
make a trip to the remote site (this can be a 200km trip in some cases).
> This said, I do not object to having an openvpn26 port around - I hope
> it is not necessary ("another thing to take care of"), but the overall
> effort should not be very large. One thing important is communication
> here - "why is there an openvpn26 port?", so the scenarios where it is
> needed shoud be well understood.
As I said, I'm not *asking* for it as I can easily do this myself
locally; I just wanted to see if there was widespread interest. Answer
seems to be no, so let's drop it.
Since I use the quarterly branch, I still have a couple of months to fix
everything that would break; I hope that's enough, but otherwise will cope.
(BTW, I'm also evaluating moving some of these tunnels to WireGuard).
bye & Thanks
av.
P.S.
Thanks also for 2.6.20 in 2026Q2.
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78ee35b0-002e-488d-93a8-fc6307c583ee>