From nobody Mon May 4 04:58:21 2026 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g88YM0nPdz6cXYK for ; Mon, 04 May 2026 04:58:31 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (mailserver.netfence.it [78.134.96.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailserver.netfence.it", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4g88YL1R27z4JdN; Mon, 04 May 2026 04:58:30 +0000 (UTC) (envelope-from ml@netfence.it) Authentication-Results: mx1.freebsd.org; none Received: from [10.1.2.18] (alamar.local.netfence.it [10.1.2.18]) (authenticated bits=0) by soth.netfence.it (8.18.2/8.18.2) with ESMTPSA id 6444wLfb010063 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Mon, 4 May 2026 06:58:22 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host alamar.local.netfence.it [10.1.2.18] claimed to be [10.1.2.18] Message-ID: <78ee35b0-002e-488d-93a8-fc6307c583ee@netfence.it> Date: Mon, 4 May 2026 06:58:21 +0200 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports@freebsd.org Sender: owner-freebsd-ports@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: openvpn 2.6 -> 2.7 To: Gert Doering , Matthias Andree Cc: Miroslav Lachman <000.fbsd@quip.cz>, freebsd-ports@freebsd.org, arrowd@freebsd.org References: <538f8efc-5742-44ea-b231-2e6b20492c60@netfence.it> <8fd4e3d8-4402-4d22-a731-5e5a9f811fa5@quip.cz> <192b9183-9c49-48ee-9e16-7fd34d342506@FreeBSD.org> Content-Language: en-US From: Andrea Venturoli In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:35612, ipnet:78.134.0.0/17, country:IT] X-Rspamd-Queue-Id: 4g88YL1R27z4JdN X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated On 5/3/26 09:46, Gert Doering wrote: > Hi Miroslav, Andrea, Hello. > Matthias copied me into this thread as I'm one of the upstream OpenVPN > maintainers, and I also maintain the openvpn-devel port. Thanks for taking part in the discussion. I'll reply collectively here, also to Marek and Matthias. > Can you elaborate on this, please? Our ("upstream") plan was to make > 2.7 a mostly-plug-in replacement for 2.6, so it really should not break > "many" configs. I've possibly used wrong words: so far, in fact, I found *one* config (see later), but it's a config of which I have many instances. > It does break *some*, though - everything with static keys (--secret) This is it. > So we're really curious on what else we broke, and I'm all willing to > help move over to 2.7 - as this is, of course, what will see more focus. Actually you can't help me (but thanks a lot)... As Marek correctly stated, these configs can be easily fixed, provided: a) you are the admin of both ends; b) you can reach the "other" end easily. In my case I'll have to ask other people to modify their config and/or make a trip to the remote site (this can be a 200km trip in some cases). > This said, I do not object to having an openvpn26 port around - I hope > it is not necessary ("another thing to take care of"), but the overall > effort should not be very large. One thing important is communication > here - "why is there an openvpn26 port?", so the scenarios where it is > needed shoud be well understood. As I said, I'm not *asking* for it as I can easily do this myself locally; I just wanted to see if there was widespread interest. Answer seems to be no, so let's drop it. Since I use the quarterly branch, I still have a couple of months to fix everything that would break; I hope that's enough, but otherwise will cope. (BTW, I'm also evaluating moving some of these tunnels to WireGuard). bye & Thanks av. P.S. Thanks also for 2.6.20 in 2026Q2.