Bjoern Voigt wrote:
Am 15.05.19 um 10:16 schrieb Per Jessen:
Just a heads-up, maybe we have some openvpn users here? In leap 15.1 we ship openvpn 2.4.5 - this version has a stricter set of checks on the server setup. I don't think there is a way around rebuilding the pki infrastructure - generate a new CA with sha256 signature, then re-issue all client certificates.
There is another issue with OpenVPN 2.4. The OpenVPN client refuses to connect if the specified CRL "crl-verify <crl-filename>" is outdated.
Ah, I haven't hit that one yet. I'm just trying to connect a new client (2.4.5), which seems to mean recreating the entire setup, including some other 50 clients. Bit of a nuisance.
To summarize, I would recommend to document the OpenVPN 2.4 changes which may break existing setups in the openSUSE 15.1 release notes.
I think that would be a good idea, yes. -- Per Jessen, Zürich (11.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org