Closed ibayer closed 7 years ago
I'm assuming that the Ubuntu 14.04 machine is a client machine, and the 16.04 is the server. Yes, the 14.04 OpenVPN's installation will need to be upgraded.
There are several ways that you can do this:
Compile and install OpenVPN from source.
wget https://swupdate.openvpn.org/community/releases/openvpn-2.3.14.tar.gz
tar -xzvf openvpn-2.3.14.tar.gz
then change directory, cd openvpn-2.3.14
./configure
then make
then sudo make install
openvpn --version
, you should be seeing the latest build numberAdd the OpenVPN deb repository to your client machine, purge OpenVPN and re-install from the repo.
$ echo "deb http://build.openvpn.net/debian/openvpn/stable trusty main" > /etc/apt/sources.list.d/openvpn-aptrepo.list
sudo apt-get remove openvpn
sudo apt update
sudo apt install openvpn
I hoe that helps answer your questions.
Good luck :)
I'm assuming that the Ubuntu 14.04 machine is a client machine, and the 16.04 is the server. Yes, the 14.04 OpenVPN's installation will need to be upgraded.
Yes
@alimakki Thanks for your fast and comprehensive answer. Maybe this should be added to the doc. It took me quite a while to understand why the openvpn connection failed on ubuntu 14.04. I first thought that the streisand deployment didn't work.
Would it be possible to make streisand compatible with older openvpn versions (like the one from 14.04)? The openvpn upgrade isn't difficult for me but will cause problems for the people I wanted to give access to my streisand deployment.
I can definitely work on adding some extra documentation to highlight OpenVPN version incompatibilities.
Would it be possible to make streisand compatible with older openvpn versions (like the one from 14.04)? The openvpn upgrade isn't difficult for me but will cause problems for the people I wanted to give access to my streisand deployment.
This might be a bit tricky. To make Streisand's OpenVPN compatible with older versions effectively means either configuring it with parameters older clients would accept or downgrading the server's (read Streisand's) version of OpenVPN, which in my opinion are both detrimental to security.
I can definitely work on adding some extra documentation to highlight OpenVPN version incompatibilities.
Great, I'm sure this will save quite a few people from trouble. I know many people who are still running ubuntu 14.04 (with an old openvpn version).
means either configuring it with parameters older clients would accept
Can this be done on the client side? This would allow to provide two configurations (one less secure).
or downgrading the server's (read Streisand's) version of OpenVPN, which in my opinion are both detrimental to security.
I completely agree with your position to force user to upgrade openvpn If the compatibility issues can only be fixed server side, and would therefore affect all user.
Can this be done on the client side? This would allow to provide two configurations (one less secure). If you haven't upgraded your client side openvpn installation yet, you could experiment; open the .ovpn fine, and comment out the line :
tls-version-min 1.2
as such #tls-version-min 1.2
and attempt to reconnect.
Doesn't help (you can see the resulting output in my opening comment). Well, it solves the first problem but also creates another.
I believe this issue is sufficiently stale as to be unactionable. Please open a new issue providing the information requested by the issue template if you still have this problem with a fresh Streisand server deployed using the latest code from master. Thanks!
The setup of streisand on DigitialOcean worked very well. Thanks for this great project!
The only issue I currently have is that I can't connect from a 14.04 ubuntu installation to streisand (reproducable on multiple machines) while connecting from a 16.04 ubuntu machine works just fine.
I suspect that is caused by a fairly old openvpn version on 14.04. Any idea how to fix this?
This is output from ubuntu 16.04 (everything works)
This is output from ubuntu 14.04 (vpn can't connect)
14.04
14.04 after commenting out tls-version-min (2.3.2)