Page 1 of 1
Posted: January 13th, 2019, 1:05 am
Can I just copy the OpenVPN CA and keys from IPCOP into IPFIRE?
Or do I need to regenerate all the old IPCOP accounts in IPFIRE
Re: OpenVPN CA
Posted: January 14th, 2019, 3:39 pm
IPFire uses meanwhile OpenVPN-2.4.x whereby some restrictions will come in a closer future. Cue in there is ns-cert-type won´t be soon accepted anymore, 1024bit hostkey length might become also problematic, MD5 (SHA1 too) should not be used anymore.
But this only as a beside info. Since i never used IPCop i sadly can´t say some more substantial about this topic nor i can compare the CA´s with another but in some german topics e.g. --> viewtopic.php?t=21833
(you can find more via forum search) the voice was mostly to generate/distribute new ones (start all over again).
Re: OpenVPN CA
Posted: January 14th, 2019, 4:17 pm
1. nothin to do... or may be if you have non supported features - so delete that lines will never work
(use test install before)
- if used complete CA-structure at /var/ipcop/ovpn
- if have readed the complete https://community.openvpn.net/openvpn/w ... nOpenvpn24
since openVPN 2.2 !
(deleted and depreciated features).
you can change step-by-step all old certs with new certs
It is a lot to do and I did not expect your question in that environment of "tricky changes" ;-) -> it is strongly recommended!
And NO it is not "fire and forget" ..
And - yes - it helps if you are using different (additionoal) openVPN-instances same time..better an independent "vpn backdoor solution" .