OpenVPN on r2641 and up

stangri · December 24, 2016, 9:27am

So there's no more openvpn-polarssl but thankfully now there's openvpn-mbedtls. I haven't noticed when the openvpn got bumped to 2.4rc2, so I don't know if that's the actual culprit or switch to another encryption library, but...

I used to have uci config where both digest and cipher were in lowercase (sha1, aes-128-cbc), however now openvpn errors out on them complaining that there are no such cipher/digest. Switching digest/cipher to upper case works.

I didn't have time to test using ovpn file or linking to config from uci, so I don't know if it would work.

Is it possible to support digest/cipher in lower case for sake of backward compatibility?

mrgenie · January 1, 2017, 11:23am

Hi stangri

I noticed 2.4 final has been released and you write about 2.4RC2

How did you manage to install 2.4RC2, as I assume it's the same road to install 2.4 Final.

Because on LEDE packages all I see is 2.3.13 and that's all I can get to work.

Would love to use 2.4 now it's officially released. But how to install it if it's not in the packages feed?

hnyman · January 1, 2017, 11:57am

[quote="mrgenie, post:2, topic:670"]
Would love to use 2.4 now it's officially released. But how to install it if it's not in the packages feed?
[/quote]It will be after the next daily buildbot round. The version in LEDE was bumped up to 2.4 two days ago:
https://git.lede-project.org/?p=source.git;a=commitdiff;h=39d3a4117bde5565cc6c14b0e0f548e6679c8c2b

That 2.4rc2 (and later 2.4) is the culprit. https://git.lede-project.org/?p=source.git;a=commitdiff;h=13592c14541b6dbd9e572b68f30b38fe9788f23f

Polarssl is being phased out, as it is now EOL. mbedtls is already the new default in luci-ssl (as libustream-mbedtls). So please make sure that you switch all your SSL stuff (px5g, curl, libustream-XXX, etc.) away from polarssl in time)

mrgenie · January 1, 2017, 6:35pm

Great Hnyman. Thank you for your response. But I build my firmware always myself. And I noticed the git pull I used 2 days ago was with 2.3.13 and not the 2.4 RC2 which was added 10 days ago.

I'm not familiar how that works. I thought when I update my local git with the pull command, it automatically updates openvpn to the openvpn 2.4 RC2 (and now 2.4 final) and than when I use the make command to have the 2.4 running. But instead it's still 2.3.13

I'm sure I'm doing something wrong here. Still learning here.

hnyman · January 1, 2017, 6:41pm

Where are you pulling from? Might be that you are pulling from somebody's un-updated fork, or something like that.

(or if you have your own Github fork that you then have cloned locally, you need to define locally a new "upstream" remote, pull updates from that to local repo and then push them to your Github fork. Forks do not get updated automatically )

mrgenie · January 1, 2017, 6:47pm

I run git pull from
https://git.lede-project.org/source

and .scripts/feeds update -a and install -a from
https://git.lede-project.org/feed/packages.git

at least that's the output on the terminal

The initial was set by following command:
git clone https://git.lede-project.org/source.git

hnyman · January 1, 2017, 6:55pm

Those main repos should always show up-to-date source. Strange if that does not work for you.

mrgenie · January 1, 2017, 7:00pm

more since I don't get any errors but it does update all kind of packages. Just not openvpn.

will delete the whole dir and clone from scratch

stangri · January 1, 2017, 7:08pm

I don't compile myself, I use image builder. At least for ipq806x/ARM on revision 2709 I get:

root@EA8500:~# /usr/sbin/openvpn --version
OpenVPN 2.4_rc2 arm-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: mbed TLS 2.4.0, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2016 OpenVPN Technologies, Inc. sales@openvpn.net

mrgenie · January 1, 2017, 8:24pm

well I did a fresh clone now
added the feeds from scratch

and the openVPN when I click on the "Help" still shows Mirko Vogt mirko@openwrt.org and not:
author Magnus Kroken mkroken@gmail.com
Fri, 30 Dec 2016 01:33:16 +0100 (01:33 +0100)
committer Felix Fietkau nbd@nbd.name
Fri, 30 Dec 2016 13:07:41 +0100 (13:07 +0100)

So how do I know if I now have 2.4 (apart from compiling and waiting for it to finish)

anomeome · January 1, 2017, 8:35pm

Check the Makefile
package/network/services/openvpn

mrgenie · January 1, 2017, 8:35pm

nm.. lede/source/package/network/services/openvpn/makefile says PKG_VERSION=2.4.0 Release 1