Cryptographic warning & error in Core 123

General questions.
ummeegge
Community Developer
Community Developer
Posts: 4993
Joined: October 9th, 2010, 10:00 am

Re: Cryptographic warning & error in Core 123

Post by ummeegge » September 12th, 2018, 7:35 pm

Have had no problems with my systems according the Core 120 update and the delivering of the updated ovpn.cnf (Core 120 serves it), also it is present in new installations since Core 120, as far as i can see in here and in other threads this specific problem do not exists either anymore.
Did you´ve used backups e.g. https://forum.ipfire.org/viewtopic.php? ... 50#p118637 ? The ovpn.cnf has been excluded from the backup not that long ago.

A check on your side might be useful.

UE
Image
Image

GrueMaster
Posts: 29
Joined: December 28th, 2017, 2:46 pm

Re: Cryptographic warning & error in Core 123

Post by GrueMaster » February 11th, 2019, 7:32 pm

edumax64 wrote:
September 11th, 2018, 3:20 pm
All OpenVPN clients needs then to be renewed!
How exactly do you do this? Is it possible to renew an expired certificate? I understand one would need to be recreated, but it seems like a major PITA to have to delete the entire user and re-add them.

Sorry to hijack the thread for a slight deviation.

Tobin

mangrove
Posts: 1
Joined: April 1st, 2019, 11:47 am

Re: Cryptographic warning & error in Core 123

Post by mangrove » April 1st, 2019, 11:49 am

I am also interested in this. Basically, if you see this error, you will have to reissue all certificates because they will not be supported in the future?

ummeegge
Community Developer
Community Developer
Posts: 4993
Joined: October 9th, 2010, 10:00 am

Re: Cryptographic warning & error in Core 123

Post by ummeegge » April 1st, 2019, 1:32 pm

Hi,
mangrove wrote:
April 1st, 2019, 11:49 am
if you see this error, you will have to reissue all certificates because they will not be supported in the future?
closely 100% correct but this is not a error, this is a warning which you can live with until OpenVPN-2.5.x will be release on IPFire since then you will need to regenerate your whole PKI if you get this warning otherwise an IPFire core update which includes OpenVPN-2.5.x will make your connections unusable.

You can remove your PKI while pressing the "Remove X509" button --> https://wiki.ipfire.org/configuration/s ... upload_gen (last paragraph) and regenerate your PKI --> https://wiki.ipfire.org/configuration/s ... onfig/cert . All clients needs then to be renewed, that´s all.

If you read again to this topic you should find this info too and may some more.

Best,

UE
Image
Image

vbonne
Posts: 5
Joined: June 7th, 2016, 10:02 pm

Re: Cryptographic warning & error in Core 123

Post by vbonne » September 24th, 2019, 1:57 am

Hi all !
I did all this (remove all CE, certs, and DH params) with the remove 509 button at the bottom of the page, when creating the first OpenVPN package the message appears again ! :(

vbonne
Posts: 5
Joined: June 7th, 2016, 10:02 pm

Re: Cryptographic warning & error in Core 123

Post by vbonne » September 24th, 2019, 2:57 am

found the answer myself.... had to update the /var/ipfire/ovpn/openssl/ovpn.cnf : see : viewtopic.php?f=16&p=118650#p118637

Post Reply