Page 1 of 1

OpenVPN CA

Posted: January 13th, 2019, 1:05 am
by hlightstone
Can I just copy the OpenVPN CA and keys from IPCOP into IPFIRE?
Or do I need to regenerate all the old IPCOP accounts in IPFIRE

Re: OpenVPN CA

Posted: January 14th, 2019, 3:39 pm
by ummeegge
Hi hlightstone,
IPFire uses meanwhile OpenVPN-2.4.x whereby some restrictions will come in a closer future. Cue in there is ns-cert-type won´t be soon accepted anymore, 1024bit hostkey length might become also problematic, MD5 (SHA1 too) should not be used anymore.

But this only as a beside info. Since i never used IPCop i sadly can´t say some more substantial about this topic nor i can compare the CA´s with another but in some german topics e.g. --> viewtopic.php?t=21833 (you can find more via forum search) the voice was mostly to generate/distribute new ones (start all over again).

UE

Re: OpenVPN CA

Posted: January 14th, 2019, 4:17 pm
by fredym
Hello,

1. nothin to do... or may be if you have non supported features - so delete that lines will never work
(use test install before)

- if used complete CA-structure at /var/ipcop/ovpn
- if have readed the complete https://community.openvpn.net/openvpn/w ... nOpenvpn24 since openVPN 2.2 !
(deleted and depreciated features).

you can change step-by-step all old certs with new certs

It is a lot to do and I did not expect your question in that environment of "tricky changes" ;-) -> it is strongly recommended!
And NO it is not "fire and forget" ..
And - yes - it helps if you are using different (additionoal) openVPN-instances same time..better an independent "vpn backdoor solution" .

Fred