Page 2 of 2

Re: Cryptographic warning & error in Core 123

Posted: September 12th, 2018, 7:35 pm
by ummeegge
Have had no problems with my systems according the Core 120 update and the delivering of the updated ovpn.cnf (Core 120 serves it), also it is present in new installations since Core 120, as far as i can see in here and in other threads this specific problem do not exists either anymore.
Did you´ve used backups e.g. https://forum.ipfire.org/viewtopic.php? ... 50#p118637 ? The ovpn.cnf has been excluded from the backup not that long ago.

A check on your side might be useful.

UE

Re: Cryptographic warning & error in Core 123

Posted: February 11th, 2019, 7:32 pm
by GrueMaster
edumax64 wrote:
September 11th, 2018, 3:20 pm
All OpenVPN clients needs then to be renewed!
How exactly do you do this? Is it possible to renew an expired certificate? I understand one would need to be recreated, but it seems like a major PITA to have to delete the entire user and re-add them.

Sorry to hijack the thread for a slight deviation.

Tobin

Re: Cryptographic warning & error in Core 123

Posted: April 1st, 2019, 11:49 am
by mangrove
I am also interested in this. Basically, if you see this error, you will have to reissue all certificates because they will not be supported in the future?

Re: Cryptographic warning & error in Core 123

Posted: April 1st, 2019, 1:32 pm
by ummeegge
Hi,
mangrove wrote:
April 1st, 2019, 11:49 am
if you see this error, you will have to reissue all certificates because they will not be supported in the future?
closely 100% correct but this is not a error, this is a warning which you can live with until OpenVPN-2.5.x will be release on IPFire since then you will need to regenerate your whole PKI if you get this warning otherwise an IPFire core update which includes OpenVPN-2.5.x will make your connections unusable.

You can remove your PKI while pressing the "Remove X509" button --> https://wiki.ipfire.org/configuration/s ... upload_gen (last paragraph) and regenerate your PKI --> https://wiki.ipfire.org/configuration/s ... onfig/cert . All clients needs then to be renewed, that´s all.

If you read again to this topic you should find this info too and may some more.

Best,

UE

Re: Cryptographic warning & error in Core 123

Posted: September 24th, 2019, 1:57 am
by vbonne
Hi all !
I did all this (remove all CE, certs, and DH params) with the remove 509 button at the bottom of the page, when creating the first OpenVPN package the message appears again ! :(

Re: Cryptographic warning & error in Core 123

Posted: September 24th, 2019, 2:57 am
by vbonne
found the answer myself.... had to update the /var/ipfire/ovpn/openssl/ovpn.cnf : see : viewtopic.php?f=16&p=118650#p118637