* James Knott [02-25-22 09:32]:

A recent update to pfsense has OpenVPN version 2.5.4, which breaks 2.4.3-5.7.1 that is in OpenSUSE.  Is a newer version available for OpenSUSE?

09:36 crash:~ > opi openvpn You have selected package name: openvpn 1. openSUSE:Factory + | 2.5.5 | x86_64 2. network:vpn ? | 2.5.5 | x86_64 3. network:vpn ? | 2.5.5 | x86_64 5. home:dirkmueller:Factory ! | 2.5.5 | x86_64 6. home:frispete:tools ! | 2.5.5 | x86_64 7. home:stroeder:network ! | 2.5.5 | x86_64 8. home:testhans ! | 2.5.5 | x86_64 9. home:testhans ! | 2.5.5 | x86_64 10. home:Ximi1970:OpenVPN ! | 2.5.4 | x86_64 11. home:dirkmueller:Factory:Staging ! | 2.5.3 | x86_64 12. home:Alexander_Naumov:SSLmigration ! | 2.4.8 | x86_64 13. home:jejb2:Engines ! | 2.4.8 | x86_64 14. home:-miska- ! | 2.4.7 | x86_64 15. home:Ledest:bashisms ! | 2.4.2 | x86_64 16. home:leviathanch:4nt1_c3ns0r ! | 2.4.0.1449765284.4baec3e | x86_64 17. home:floewe ! | 2.4.0 | x86_64 18. home:testhans:network:network:vpn ! | 2.3.11 | x86_64 19. home:testhans:network:network:vpn ! | 2.3.11 | x86_64 20. home:rawar ! | 2.5.2 | x86_64 21. home:rawar ! | 2.5.2 | x86_64 22. home:testhans:network:network:vpn ! | 2.3.5 | x86_64 23. home:testhans:network:network:vpn ! | 2.3.5 | x86_64 -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc What sort of day was it? A day like all days, filled with those events that alter and illuminate our times...

On 2022-02-25 9:41 a.m., Patrick Shanahan wrote:

09:36 crash:~ > opi openvpn You have selected package name: openvpn

Yes, I know about factory.  However, it would be nice if it wasn't necessary to go there.

On 2022-02-25 9:51 a.m., Patrick Shanahan wrote:

there are quite a few listed on https://software.opensuse.org/package/openvpn

they are rpm's and can easily be removed.

My point is, given that link provides an "official" version of 2.5.5, why isn't it in the repository?  If it's official enough to be available in one click, it's official enough for software update to find it without having to go elsewhere.

Am 25.02.2022 um 15:56 schrieb James Knott:

On 2022-02-25 9:51 a.m., Patrick Shanahan wrote:

...

there are quite a few listed on https://software.opensuse.org/package/openvpn

they are rpm's and can easily be removed.

My point is, given that link provides an "official" version of 2.5.5, why isn't it in the repository?  If it's official enough to be available in one click, it's official enough for software update to find it without having to go elsewhere.

How about first telling us which version of openSUSE you're running? Also, you're aware of the fact that SLED/SLES and Leap won't do "version jumps"? If you want the "always latest" you'll have to use Tumbleweed. cheers MH -- Mathias Homann Mathias.Homann@openSUSE.org Jabber (XMPP): lemmy@tuxonline.tech IRC: [Lemmy] on freenode and ircnet (bouncer active) keybase: https://keybase.io/lemmy gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102

On 2022-02-25 10:16 a.m., Mathias Homann wrote:

How about first telling us which version of openSUSE you're running?

Sorry, Leap 15.3.

Also, you're aware of the fact that SLED/SLES and Leap won't do "version jumps"? If you want the "always latest" you'll have to use Tumbleweed.

OpenVPN 2.5.0 has been out since Oct. 28, 2020.  That's well over a year ago.  I don't consider that the latest, which is 2.5.4, which was released Oct. 5, 2021.  If Leap doesn't do "version jumps" then it leaves users stuck with a broken VPN.  Not doing version jumps may be fine with standalone software, but not always with software such as this, where it has to connect to a server.  OpenVPN is commonly used on a variety of platforms.  Yet just updating a firewall, as is my case, breaks it with Leap 15.3.

On Fri, Feb 25, 2022 at 10:33:52AM -0500, James Knott wrote:

On 2022-02-25 10:16 a.m., Mathias Homann wrote:

...

How about first telling us which version of openSUSE you're running?

Sorry, Leap 15.3.

...

Also, you're aware of the fact that SLED/SLES and Leap won't do "version jumps"? If you want the "always latest" you'll have to use Tumbleweed.

OpenVPN 2.5.0 has been out since Oct. 28, 2020.  That's well over a year ago.  I don't consider that the latest, which is 2.5.4, which was released Oct. 5, 2021.  If Leap doesn't do "version jumps" then it leaves users stuck with a broken VPN.  Not doing version jumps may be fine with standalone software, but not always with software such as this, where it has to connect to a server.  OpenVPN is commonly used on a variety of platforms.  Yet just updating a firewall, as is my case, breaks it with Leap 15.3.

We are currently looking at a version update of openvpn for 15.3. / SLES 15 SP3. Ciao, marcus

* James Knott [02-25-22 10:29]:

On 2022-02-25 10:09 a.m., Patrick Shanahan wrote:

...

10:07 crash:~ > zypper se -sx openvpn Loading repository data... Reading installed packages...

That didn't work for me, even after a zypper update.  I'm currently looking at software management and it still shows the old version. Software update didn't reveal anything new, as it normally runs and I am notified of updates, which I then accept.  That did not happen with openvpn.  Also, I just clicked on the one click link and get "Installation not possible  The install link or file you opened does not contain instructions for openSUSE Leap 15.3".  That page also says "There is no official package available for openSUSE Leap 15.3".

odd, I really cannot understand why you cannot update tumbleweed to officially listed packages. WAIT-A-MINUTE: somehow you neglected to mention that you were on 15.3 and not 41.8, that might be a problem. ps: if you must use latest packages, you have chosen the wrong version of openSUSE. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet oftc What sort of day was it? A day like all days, filled with those events that alter and illuminate our times...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2022-02-25 at 16:34 +0100, Per Jessen wrote:

James Knott wrote:

...

On 2022-02-25 10:09 a.m., Patrick Shanahan wrote:

...

...

BTW, according to the OpenVPN site, v2.5.0 was available in Oct. 2020. That's well over a year ago, yet openSUSE is still on 2.4.3.

We are keeping up with SLES. At least, I believe that is the explanation. I would do what Patrick suggested, and just upgrade from network:vpn (which has 2.5.5).

https://download.opensuse.org/repositories/network:/vpn/openSUSE_Leap_15.3

Indeed, but it does not show on search: https://software.opensuse.org/package/openvpn Says: "There is no official package available for openSUSE Leap 15.3" There is also no "experimental package", but there are four home repos. cer@Telcontar:~> opi openvpn 1. NetworkManager-openvpn 2. NetworkManager-openvpn-lang 3. NetworkManager-openvpn-gnome 4. NetworkManager-openvpn-debuginfo 5. NetworkManager-openvpn-debugsource 6. NetworkManager-openvpn-gnome-debuginfo 7. openvpn ... Pick a number (0 to quit): 7 You have selected package name: openvpn 1. network:vpn ? | 2.5.5 | x86_64 2. home:Herbster0815:HTPC ! | 2.5.5 | x86_64 3. home:dliw ! | 2.5.5 | x86_64 4. home:jejb1:Tumbleweed ! | 2.5.5 | x86_64 5. home:lemmy04 ! | 2.5.5 | x86_64 6. home:zippy:jx:packages-ready ! | 2.5.5 | x86_64 7. home:Ximi1970:OpenVPN ! | 2.5.4 | x86_64 8. home:aevseev ! | 2.5.2 | x86_64 9. home:fee:platon ! | 2.4.9 | x86_64 10. home:cabelo:heroes ! | 2.4.7 | x86_64 11. home:rawar ! | 2.5.2 | x86_64 Pick a number (0 to quit): - -- Cheers, Carlos E. R. (from openSUSE 15.3 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYhkiCBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVVRsAniCSnxRr0RFzAy0FUO4d AIvdG+b3AJ9UPTMSnJAO6MS3FPf0Ai6xXVFtHg== =nb3H -----END PGP SIGNATURE-----

On 2022-02-25 20:03, James Knott wrote:

On 2022-02-25 1:30 p.m., Carlos E. R. wrote:

...

If it is broken, you have to report it in Bugzilla.

My understanding is not that it's broken, but the new server is incompatible with the old client.  This has happened to me before.

Same thing, a report would be in order. Not now, because they are aware and working on it. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)

On 2022-02-25 5:36 p.m., Dave Howorth wrote:

It's not incompatible IIUC. You simply need to reconfigure your pfsense instance to recognize the old protocol. I could post a link but given you're attitude I shan't. :P

Is that something a user can do?  Or the people who built pfsense?

Am Freitag, 25. Februar 2022, 23:49:35 CET schrieb Patrick Shanahan:

* James Knott [02-25-22 17:46]:

...

On 2022-02-25 5:36 p.m., Dave Howorth wrote:

...

It's not incompatible IIUC. You simply need to reconfigure your pfsense instance to recognize the old protocol. I could post a link but given you're attitude I shan't. :P

Is that something a user can do? Or the people who built pfsense?

surely not a question, but configure your pfsense to use the old protocol perhaps look at: rpm -ql pfsense |grep conf

and look at your older config files.

BTW - this is something many people run into, and neither operationg system nor openvpn can do anything about it. Ok, it's much worse when you have to deal with IPsec, but the wide spread usage of openvpn has also lead to many devices using / offering it, and not all have reasonable update/upgrade policies – and for good reason, mostly, some newer versions e.g. of OpenVPN drop downward compatibility over security concerns, leaving users (me included) with a broken VPN. Personaly I think that's a better choice than having a potentially insecure VPN running for months or whatever. In my case it helped me understand that I had totally forgotten an old raspberry Pi in my VPN and not included it in my upgrade strategies. What an idiot I was, no damage done, though. I only noticed it when the Pi fell out of the VPN because the OS (Raspian) did not support any of the server's (tumbleweed) SSL Crypto algorithms. And the ones the client offered were considered insecure by the server. For good reason, as I said. In a nutshell: Not OS (TW or pfsense or raspbian) are to blame, ususally. It's more user error due to lack of awareness in terms of versions, libraries and updates / upgrades and release notes. My fault, in my case, but your mileage may vary. Am I wrong? -- Best Regards - Mit freundlichen Grüßen, Markus Feilner, Feilner IT - 20 years of open services - ------------------------- Digital sovereignty in three words: "Exit Strategy First!" Digitale Souveränität in Drei Worten. ------------------------- Digitale Souveränität, Nachhaltigkeit, Dokumentation Linux, Security, Strategy, Politics, Journalism, Networking. https://www.feilner-it.net, 93059 Regensburg Wöhrdstr. 10, +49 170 302 7092 (+Signal) PGP: 40A3C306F96133067C11CFD9A958A906268C9F0A http://www.feilner-it.net/files/MFpub.asc Xing: http://www.xing.com/profile/Markus_Feilner LinkedIn: https://www.linkedin.com/in/markusfeilner @mfeilner: Matrix, Jabber, Skype, Twitter, Diaspora, ...