Openvpn 2.4 update?

OpenVPN 2.4.0 was released on December 27, 2016.

Changes include AEAD (GCM) data channel cipher support and ECDH key exchange.

Will there be an update for Omnia?

1 Like

shameless bump.
Openwrt itself does not have 2.4, but lede does.
Since the default ciphers for openvpn now in turris are susceptible to sweet32, it would be nice to have 2.4.

1 Like

you can just compile the lede openvpn 2.4 package for the turris omnia.

FROM fedora:25

ENV SDK OpenWrt-SDK-mvebu_gcc-4.8-linaro_musl-1.1.15_eabi.Linux-x86_64

RUN dnf upgrade -y &&
dnf install -y git wget bzip2 findutils ccache gcc which automake &&
wget --no-check-certificate https://api.turris.cz/openwrt-repo/omnia/$SDK.tar.bz2 --directory-prefix=/tmp &&
mkdir -p /turris/ipk &&
tar xvjf /tmp/$SDK.tar.bz2 --directory=/turris &&
rm -rf /tmp/$SDK.tar.bz2 &&
git clone git://git.lede-project.org/source.git /turris/lede-source/ &&
cp -r /turris/lede-source/package/network/services/openvpn/ /turris/$SDK/package/ &&
cp -r /turris/lede-source/package/libs/mbedtls/ /turris/$SDK/package/ &&
cp -r /turris/lede-source/package/libs/openssl/ /turris/$SDK/package/ &&
export PATH=$PATH:/turris/$SDK/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-4.8-linaro_musl-1.1.15_eabi/bin &&
make CXX=arm-openwrt-linux-g++ LD=arm-openwrt-linux-ld V=s -C /turris/$SDK &&
cp /turris/$SDK/bin/mvebu-musl/packages/base/*.ipk /turris/ipk/

CMD [“cp”,"-r","/turris/ipk/","/tmp"]

put this is a file called “Dockerfile”
**indent every line between RUN and CMD by 3-4 spaces for better readability

docker build -t turris.openvpn .
docker run --rm -v /tmp:/tmp turris.openvpn

these files will now appear in /tmp/ipk/ on the host system
libmbedtls_2.4.2-1_mvebu.ipk
libopenssl_1.0.2k-1_mvebu.ipk
openssl-util_1.0.2k-1_mvebu.ipk
openvpn-mbedtls_2.4.0-4_mvebu.ipk
openvpn-nossl_2.4.0-4_mvebu.ipk
openvpn-openssl_2.4.0-4_mvebu.ipk

**delete docker image
docker rmi turris.openvpn

libopenssl and openssl-util match the current turris version, so you don’t need to install those.
you should just need to install one of the openvpn-{mbedtls, nossl, openssl} packages

**if you’re installing openvpn-mbedtls, you’ll also need to install the libmbedtls package as well.

mbedtls is the new name for polarssl
In fact, if you look at the Makefile for polarssl (openwrt), you’ll see it’s actually pulling in the mbedtls source package and naming it polarssl…bizarre

https://github.com/openwrt/openwrt/blob/master/package/libs/polarssl/Makefile

1 Like

Turris team suppose OpenVPN 2.4 will be available in TurrisOS 3.6.2 https://forum.turris.cz/t/openvpn-server-easy-and-fast/3674/26 so I think it’s not so far.

1 Like

Thanks for the tutorial. I’m doubting about doing it myself, if I can just wait a few weeks more.