jackivanov
commented
5 years ago Currently, the upgrade is possible by deploying a new server from scratch only.
Open roycewilliams opened 5 years ago
jackivanov
commented
5 years ago Currently, the upgrade is possible by deploying a new server from scratch only.
roycewilliams
commented
5 years ago To clarify, does this mean that there is no way to migrate existing clients?
TC1977
commented
5 years ago Upgrades to Algo only modify the software used to install a new VPN server, or at most, the script used to update the users. Existing VPN servers are unaffected and don't have to be changed at all. But you should keep the Algo build used to make them, as the update-users script may not be compatible.
roycewilliams
commented
5 years ago @TC1977, I think I follow the rationale. To clarify further, my goal is to deploy a new server (or more accurately, to replace my existing server with one based on the 1.1 release) - but to also import/merge the local config/keys/etc/ necessary to preserve existing clients.
To be clear, I'm OK with "You can't do that" as an answer. :) I'm just also trying to ensure that whatever the answer is, that it's more obvious and discoverable for others. It's pretty common for the release announcement to link to release notes, and for those release notes to refer to an upgrade section of the FAQ or operational guide.
TC1977
commented
5 years ago So, yeah, if you have an existing installation that's working well, it really isn't necessary to upgrade Algo itself. The key software on your Algo server - strongSwan for IPsec, Wireguard, dnscrypt-proxy, and dnsmasq if you enabled adblocking - will all update itself automatically, unless you turned off unattended upgrades. Most of the entries in the Changelog have to do with the actual deployment of the server - since you've already deployed one, they don't really apply to you, and won't help your server or your VPN users.
The only really significant changes from the VPN server/end user point of view are that dnscrypt-proxy now handles the DNS encryption AND adblocking functions (dropping dnsmasq, which turned out to be slower - #1480 ), and the dropping of IPsec support for Windows, which might be a downgrade from your existing installation. Meanwhile moving the elastic IP, installing a server using the new elastic IP, and securely copying over existing private keys and CA certificates isn't a trivial task, at least for me.
So I guess my answer isn't "You can't do that", but "You can do that, but you already sort of are, and it wouldn't be worth the hassle". 😄
Agree that release notes written in complete sentences would be more helpful than the current changelog.
roycewilliams
commented
5 years ago @TC1977, thanks for the summary. It would be great if what you just said could be converted into a FAQ item - on the assumption that it might be FA'd. :)
If the team agrees ... would it be OK for this issue to be a marker for that task? I'd generate a PR myself directly, but I don't think I have enough experience to turn what you've said into something accurate and FAQ-ready.
With release 1.1, I (and likely others) are looking for guidance/gotchas documentation for upgrading from 1.0, especially when working with an existing client base and wanting to preserve it.
I'm especially interested in any backwards-incompatibilities, guidance on which files might need to be copied over from a previous install, etc.
If such docs already exist, please consider making them easier to find - explicitly linking to them in the release announcement, in the release notes (not sure where those are, either?), making the upgrade docs more obvious if someone looks for them in the ./docs/ tree, etc. :)