OpenVPN CA

Post Reply
hlightstone
Posts: 1
Joined: January 13th, 2019, 1:02 am

OpenVPN CA

Post by hlightstone » January 13th, 2019, 1:05 am

Can I just copy the OpenVPN CA and keys from IPCOP into IPFIRE?
Or do I need to regenerate all the old IPCOP accounts in IPFIRE

ummeegge
Community Developer
Community Developer
Posts: 4761
Joined: October 9th, 2010, 10:00 am

Re: OpenVPN CA

Post by ummeegge » January 14th, 2019, 3:39 pm

Hi hlightstone,
IPFire uses meanwhile OpenVPN-2.4.x whereby some restrictions will come in a closer future. Cue in there is ns-cert-type won´t be soon accepted anymore, 1024bit hostkey length might become also problematic, MD5 (SHA1 too) should not be used anymore.

But this only as a beside info. Since i never used IPCop i sadly can´t say some more substantial about this topic nor i can compare the CA´s with another but in some german topics e.g. --> viewtopic.php?t=21833 (you can find more via forum search) the voice was mostly to generate/distribute new ones (start all over again).

UE
Image
Image

fredym
Posts: 447
Joined: November 14th, 2016, 2:45 pm

Re: OpenVPN CA

Post by fredym » January 14th, 2019, 4:17 pm

Hello,

1. nothin to do... or may be if you have non supported features - so delete that lines will never work
(use test install before)

- if used complete CA-structure at /var/ipcop/ovpn
- if have readed the complete https://community.openvpn.net/openvpn/w ... nOpenvpn24 since openVPN 2.2 !
(deleted and depreciated features).

you can change step-by-step all old certs with new certs

It is a lot to do and I did not expect your question in that environment of "tricky changes" ;-) -> it is strongly recommended!
And NO it is not "fire and forget" ..
And - yes - it helps if you are using different (additionoal) openVPN-instances same time..better an independent "vpn backdoor solution" .

Fred

Post Reply