OpenVPN on r2641 and up

So there's no more openvpn-polarssl but thankfully now there's openvpn-mbedtls. I haven't noticed when the openvpn got bumped to 2.4rc2, so I don't know if that's the actual culprit or switch to another encryption library, but...

I used to have uci config where both digest and cipher were in lowercase (sha1, aes-128-cbc), however now openvpn errors out on them complaining that there are no such cipher/digest. Switching digest/cipher to upper case works.

I didn't have time to test using ovpn file or linking to config from uci, so I don't know if it would work.

Is it possible to support digest/cipher in lower case for sake of backward compatibility?

Hi stangri

I noticed 2.4 final has been released and you write about 2.4RC2

How did you manage to install 2.4RC2, as I assume it's the same road to install 2.4 Final.

Because on LEDE packages all I see is 2.3.13 and that's all I can get to work.

Would love to use 2.4 now it's officially released. But how to install it if it's not in the packages feed?

[quote="mrgenie, post:2, topic:670"]
Would love to use 2.4 now it's officially released. But how to install it if it's not in the packages feed?
[/quote]It will be after the next daily buildbot round. The version in LEDE was bumped up to 2.4 two days ago:;a=commitdiff;h=39d3a4117bde5565cc6c14b0e0f548e6679c8c2b

That 2.4rc2 (and later 2.4) is the culprit.;a=commitdiff;h=13592c14541b6dbd9e572b68f30b38fe9788f23f

Polarssl is being phased out, as it is now EOL. mbedtls is already the new default in luci-ssl (as libustream-mbedtls). So please make sure that you switch all your SSL stuff (px5g, curl, libustream-XXX, etc.) away from polarssl in time)

1 Like

Great Hnyman. Thank you for your response. But I build my firmware always myself. And I noticed the git pull I used 2 days ago was with 2.3.13 and not the 2.4 RC2 which was added 10 days ago.

I'm not familiar how that works. I thought when I update my local git with the pull command, it automatically updates openvpn to the openvpn 2.4 RC2 (and now 2.4 final) and than when I use the make command to have the 2.4 running. But instead it's still 2.3.13

I'm sure I'm doing something wrong here. Still learning here.

Where are you pulling from? Might be that you are pulling from somebody's un-updated fork, or something like that.

(or if you have your own Github fork that you then have cloned locally, you need to define locally a new "upstream" remote, pull updates from that to local repo and then push them to your Github fork. Forks do not get updated automatically :frowning: )

I run git pull from

and .scripts/feeds update -a and install -a from

at least that's the output on the terminal

The initial was set by following command:
git clone

Those main repos should always show up-to-date source. Strange if that does not work for you.

more since I don't get any errors but it does update all kind of packages. Just not openvpn.

will delete the whole dir and clone from scratch

I don't compile myself, I use image builder. At least for ipq806x/ARM on revision 2709 I get:

root@EA8500:~# /usr/sbin/openvpn --version
OpenVPN 2.4_rc2 arm-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: mbed TLS 2.4.0, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2016 OpenVPN Technologies, Inc.

well I did a fresh clone now
added the feeds from scratch

and the openVPN when I click on the "Help" still shows Mirko Vogt and not:
author Magnus Kroken
Fri, 30 Dec 2016 01:33:16 +0100 (01:33 +0100)
committer Felix Fietkau
Fri, 30 Dec 2016 13:07:41 +0100 (13:07 +0100)

So how do I know if I now have 2.4 (apart from compiling and waiting for it to finish)

Check the Makefile

1 Like

nm.. lede/source/package/network/services/openvpn/makefile says PKG_VERSION=2.4.0 Release 1