OpenVPN Beta Server (beta.vpn.sonic.net) Upgraded

Advanced feature discussion, beta programs and unsupported "Labs" features.
12 posts Page 1 of 2
by joemuller » Tue May 07, 2019 6:08 pm
We've just upgraded the OpenVPN Access Server software on beta.vpn.sonic.net to the latest 2.7.x release.

If you're using the beta.vpn server, please make sure your connection still works and report any issues in this thread. Pending any major issues, the main server (ovpn.sonic.net) will be upgraded next week.
I'm a proud employee of Sonic.net! :-)
by vpnuser » Thu May 09, 2019 2:13 pm
I hopped on using the openvpn-client version 2.4.6 include with pfSense with no issues so far (~1 day). Well, except for my own mistakes :).
by cmeisel » Fri May 24, 2019 8:04 am
joemuller wrote:
We've just upgraded the OpenVPN Access Server software on beta.vpn.sonic.net to the latest 2.7.x release.

If you're using the beta.vpn server, please make sure your connection still works and report any issues in this thread. Pending any major issues, the main server (ovpn.sonic.net) will be upgraded next week.


Did you guys upgrade ovpn.sonic.net to 2.7.x yet?
by kgc » Fri May 24, 2019 9:57 am
Not yet, this will happen as part of hardware migration that we plan to do in a week or two though.
Kelsey Cummings
System Architect, Sonic.net, Inc.
by billcour » Sat May 25, 2019 3:39 pm
Will the upgrade take care of the following warnings from Tunnelblick 3.7.9?

-----
Warning: This VPN may not connect in the future.

The OpenVPN configuration file for 'client' contains these OpenVPN options:

• 'ns-cert-type' was deprecated in OpenVPN 2.4 and removed in OpenVPN 2.5

• 'comp-lzo' was deprecated in OpenVPN 2.4 and has been or will be removed in a later version


You should update the configuration so it can be used with modern versions of OpenVPN.

Tunnelblick will use OpenVPN 2.4.7 - OpenSSL v1.0.2r to connect this configuration.

However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.
-----
by macmaxbh » Sat Jun 08, 2019 4:47 pm
Unfortunately looks like Tunnelblick gives the same message when importing a profile from the beta site, so it looks like the answer is no. :(

edit: Ah, see in the other thread:
As far as I know there is still no OpenVPN client/server 2.5 release within sight. As of now, 2.4.7 is the latest version and there's a lot of work to be done for 2.5. When it does come out our configs will likely change and clients should be updated with newer versions.

Since it will be significant enough of a release to require config changes, we'll keep the previous version running for a while and put the new version on beta and give sufficient warning since changing these options will prevent clients with older configurations from connecting.

TL;DR - totally safe to ignore these warnings for now.
by billcour » Sat Jun 08, 2019 5:11 pm
Thanks for checking it out and making an informative reply. I'll check the box to suppress the message.
by forest » Wed Jun 12, 2019 10:37 am
I hope you guys will remember to keep TLS 1.0 enabled when you do the upgrade, so those who depend on the beta server for openvpn 2.3 support will not have their connectivity broken.

(Relatedly, Ubiquiti now has an unstable EdgeOS update that includes openvpn 2.4. It's not reliable yet, but they have been making steady progress on the bugs, so I wouldn't be surprised if it became usable in the next few months.)
by mike.ely » Thu Jul 18, 2019 5:19 pm
forest wrote:
I hope you guys will remember to keep TLS 1.0 enabled when you do the upgrade, so those who depend on the beta server for openvpn 2.3 support will not have their connectivity broken.

(Relatedly, Ubiquiti now has an unstable EdgeOS update that includes openvpn 2.4. It's not reliable yet, but they have been making steady progress on the bugs, so I wouldn't be surprised if it became usable in the next few months.)


We really need to turn off TLS 1.0. Happily, if I read this announcement right, EdgeOS has had openvpn 2.4 support categorized as "Stable" for the past 4 months now.

The current release is a few days old and the folks at Ubuquity are going out of their way to stress the importance of getting this version installed, so you probably want to start there.

In any case, we will be disabling TLS 1.0 support in the very near future, so I strongly recommend you start testing as soon as you can.
Sonic Operations
by forest » Thu Jul 18, 2019 6:58 pm
mike.ely wrote:
Happily, if I read this announcement right, EdgeOS has had openvpn 2.4 support categorized as "Stable" for the past 4 months now.


Nope. That release and several since have crash and brick issues on the EdgeRouter X, which is probably the most likely device in their product line to be used for home OpenVPN. The very latest release *may* have fixed these issues, but it's new, so it will take some time to prove itself.

Lucky for me, I finally got fiber, so I am no longer dependent on the VPN to protect against the privacy issues that come with your (AT&T's) FTTN service. Other Sonic customers are not so lucky, though, and some might not have an OpenVPN upgrade path available just yet. I hope you won't pull the rug out from under them.
12 posts Page 1 of 2

Who is online

In total there is 1 user online :: 0 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 1 guest