Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Aug 2016
    Posts
    8

    Default Upgrading Untangle and OpenVPN

    I am trying to gather information about what headaches I have in store for me going forward when I decide to upgrade our Untangle box. We have around 125 remote computers/laptops that connect to our main office with OpenVPN. Our untangle installation has been around a very long time since about 11.0. Less than a year ago we removed OpenVPN completely and redistributed all the clients. It was a major undertaking. I have confirmed with support that we are indeed using SHA512 and "should" be ok.

    What got me looking into this was the removal of the client installation in the changelog. When I tested OpenVPN connect with my 14.2.2 installation, with a basically brand new OpenVPN install. The VPN does not work at all. I have to manually force compression in the settings and then It seemed to work.

    If I use the latest OpenVPN Client from community downloads it seems to work fine.

    Am I stuck at 14.2.2? I cannot redeploy 125 VPNs at this time.

    Edit: I see some more posts on here about compression. Untangle needs to be more clear on this. The download link from the untangle page takes you to a client that doesn't work with the default OpenVPN settings.
    Last edited by Aero; 08-04-2020 at 07:36 AM.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,388

    Default

    Your existing clients should work fine, and if they don't simply updating them to the most recent community client works fine.

    You're free to use either the Beta Connect client, or the updated Community client, they both use the same configuration files. The only catch is the MD5 certificates, you simply cannot use them with v15.1 anymore. You're past that, so you're set.

    The update to v15.0 doesn't change OpenVPN at all, so you can take that step first without worry. It's v15.1 that poses the risk, but again your certificate situation has been dealt with, so you're fine.

    Compression on or off is irrelevant to the full client, it's only a problem with mobile clients (and possibly the beta client... I don't use that one much)
    Aero likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Aug 2016
    Posts
    8

    Default

    That is nice to hear. All support would tell me was that if I was having compression issues with OpenVPN connect 3.2 that I should either redeploy or try 2.7.

    My preference would be to keep using the community client. But I believe that is no longer going to be supported. They way we install them is to run as a service and I haven't tested if that is possible with the connect client. We rely on that functionality because we need the connection to verify login credentials with Active Directory prior to logon. Do you think community client 2.4.9 will work with 15.2?

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,388

    Default

    I have OpenVPN v2.4.3, and OpenVPN v2.4.9 clients connecting to my v15.1 here just fine.

    Just deploy the MSI via GPO or whatever you use... it'll update the existing clients and use the same configurations.
    Last edited by sky-knight; 08-04-2020 at 09:14 AM.
    Aero likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Aug 2016
    Posts
    8

    Default

    Looking back into this now. I guess what I am wondering is if I should bother with making the changes you listed in another post. https://forums.untangle.com/openvpn/...directive.html

    As far as I can tell the community client 2.4.9 seems to work fine. There is a new version out 2.5 has anyone played with it at all?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,388

    Default

    2.4.9 will refuse to use the MD5 certificates, so if that's working you do not have the certificate problem.

    The VOracle issue is separate, and will impact some future release when OpenVPN deprecates the compress directives entirely. The post you referenced is how to migrate away from compress. Making it so that new clients aren't compressed, while old ones still work so you can redistribute all those old clients while things still spin.

    At some point in the future, compress will die and we'll be at yet another hard break and emergency redistribution.

    No, I haven't played with 2.5 yet, I have enough going on in my day to worry about a beta VPN client. I use release software only.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2