OpenVPN 2.4.0 was released on December 27, 2016.
Changes include AEAD (GCM) data channel cipher support and ECDH key exchange.
Will there be an update for Omnia?
OpenVPN 2.4.0 was released on December 27, 2016.
Changes include AEAD (GCM) data channel cipher support and ECDH key exchange.
Will there be an update for Omnia?
shameless bump.
Openwrt itself does not have 2.4, but lede does.
Since the default ciphers for openvpn now in turris are susceptible to sweet32, it would be nice to have 2.4.
you can just compile the lede openvpn 2.4 package for the turris omnia.
FROM fedora:25
ENV SDK OpenWrt-SDK-mvebu_gcc-4.8-linaro_musl-1.1.15_eabi.Linux-x86_64
RUN dnf upgrade -y &&
dnf install -y git wget bzip2 findutils ccache gcc which automake &&
wget --no-check-certificate https://api.turris.cz/openwrt-repo/omnia/$SDK.tar.bz2 --directory-prefix=/tmp &&
mkdir -p /turris/ipk &&
tar xvjf /tmp/$SDK.tar.bz2 --directory=/turris &&
rm -rf /tmp/$SDK.tar.bz2 &&
git clone git://git.lede-project.org/source.git /turris/lede-source/ &&
cp -r /turris/lede-source/package/network/services/openvpn/ /turris/$SDK/package/ &&
cp -r /turris/lede-source/package/libs/mbedtls/ /turris/$SDK/package/ &&
cp -r /turris/lede-source/package/libs/openssl/ /turris/$SDK/package/ &&
export PATH=$PATH:/turris/$SDK/staging_dir/toolchain-arm_cortex-a9+vfpv3_gcc-4.8-linaro_musl-1.1.15_eabi/bin &&
make CXX=arm-openwrt-linux-g++ LD=arm-openwrt-linux-ld V=s -C /turris/$SDK &&
cp /turris/$SDK/bin/mvebu-musl/packages/base/*.ipk /turris/ipk/
CMD [“cp”,"-r","/turris/ipk/","/tmp"]
put this is a file called “Dockerfile”
**indent every line between RUN and CMD by 3-4 spaces for better readability
docker build -t turris.openvpn .
docker run --rm -v /tmp:/tmp turris.openvpn
these files will now appear in /tmp/ipk/ on the host system
libmbedtls_2.4.2-1_mvebu.ipk
libopenssl_1.0.2k-1_mvebu.ipk
openssl-util_1.0.2k-1_mvebu.ipk
openvpn-mbedtls_2.4.0-4_mvebu.ipk
openvpn-nossl_2.4.0-4_mvebu.ipk
openvpn-openssl_2.4.0-4_mvebu.ipk
**delete docker image
docker rmi turris.openvpn
libopenssl and openssl-util match the current turris version, so you don’t need to install those.
you should just need to install one of the openvpn-{mbedtls, nossl, openssl} packages
**if you’re installing openvpn-mbedtls, you’ll also need to install the libmbedtls package as well.
mbedtls is the new name for polarssl
In fact, if you look at the Makefile for polarssl (openwrt), you’ll see it’s actually pulling in the mbedtls source package and naming it polarssl…bizarre
https://github.com/openwrt/openwrt/blob/master/package/libs/polarssl/Makefile
Turris team suppose OpenVPN 2.4 will be available in TurrisOS 3.6.2 https://forum.test.turris.cz/t/openvpn-server-easy-and-fast/3674/26 so I think it’s not so far.
Thanks for the tutorial. I’m doubting about doing it myself, if I can just wait a few weeks more.