search

TinCanTech / easy-tls

Manage and Inline OpenVPN TLS keys and Easy-RSA PKI credentials. Supports OpenVPN TLS-Crypt-V2 key system and OpenVPN Peer-Fingerprint mode.
GNU General Public License v2.0
89 stars 19 forks source link

How to upgrade from 2.1 to 2.5? #237

Closed houmie closed 2 years ago

houmie commented 2 years ago

Hey mate,

I hope all is well with you.

I had a chance to look into this project again. I can see a lot has changed. I'm still using release 2.1 and was hoping to start using 2.5 going forwards.

When I try to initialise it I get this message:

sudo ./easytls init-tls
Easy-TLS version: 2.5
Download the file from the URL above.
Note: URL: https://raw.githubusercontent.com/TinCanTech/easy-tls/master/easytls-openssl.cnf

But I have already downloaded that file and don't understand how to proceed from here.

In a nutshell we used to do this in 2.1:

sudo ./easytls init-tls
sudo ./easytls --openvpn=/usr/sbin/openvpn build-tls-crypt-v2-server $SERVER_CRT
sudo ./easytls --openvpn=/usr/sbin/openvpn build-tls-crypt-v2-client $SERVER_CRT client1

I wonder if it's still backwards compatible, once I bypassed the issue further above.

Thanks

TinCanTech commented 2 years ago

Upgrading should only pose a few problems, which I can help you with.

First, --openvpn has been removed, it was a developer necessary option prior to OpenVPN 2.5 release.

Second, you must have easytls-openssl.cnf in the easytls folder.

Third, you may encounter some hash issues, which we should be able to fix.