[TriLUG] OpenVPN quick look

[Joseph Mack NA3T via TriLUG]

On Thu, 10 Nov 2022, Brian McCullough via TriLUG wrote:

> Folks,
>
> The last time that I think that I brought up the idea of OpenVPN, which 
> I have used for years, I was told to switch to Wireguard.

Hi Brian,

My Openvpn certificates expired after 10 years, so I was faced with 
recompiling and setting up the config files and certificates again, which 
I remembered as a nightmare or switch to Wireguard. It's easy they said - 
15mins.

I couldn't figure out the docs, there was some ambiguity which I couldn't 
resolve, and I needed to use a webpage which explained the docs, because 
he found the docs impenetrable too. In the end it wasn't working and I'd 
spent more time on it than I would have needed to setup openvpn from 
scratch.

For openvpn, I compiled the new code, used my original startup scripts, 
made new certificates (a lot easier this time - they have a script, but 
you had to read/understand-guess/edit the script to get it to work), and 
openvpn fired up first time. That's what I like - the code is compatible 
with 10 year old versions of itself.

> So, this time, I will ask two questions.
>
> 1. Can somebody take a few minutes to look over my current ( after
> upgrade ) OpenVPN configuration, and see where I need to touch it?
>
> In the past couple of days, I upgraded the server machine, and OpenVPN
> was upgraded at the same time.

what happens if you use the old openvpn code? (you don't know yet if the 
problem is with openvpn.)

Joe's rule of upgrades: don't upgrade a working machine - it won't work 
any better, it may work worse - it may not even work at all.

> None of the clients have changed, but things seem to be partially 
> broken.

sure contact me off-list

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) trilug (dot) org - azimuthal equidistant
map generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!