* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
@ 2020-07-07 0:29 ` travankor
2020-07-07 8:35 ` mobinmob
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-07 0:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 195 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-654530176
Comment:
@jkoderu-git This should fix the issue with openvpn.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
2020-07-07 0:29 ` travankor
@ 2020-07-07 8:35 ` mobinmob
2020-07-07 13:57 ` jkoderu-git
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mobinmob @ 2020-07-07 8:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 184 bytes --]
New comment by mobinmob on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-654691501
Comment:
That is nice - mbedtls has LTS releases ;)
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
2020-07-07 0:29 ` travankor
2020-07-07 8:35 ` mobinmob
@ 2020-07-07 13:57 ` jkoderu-git
2020-07-10 16:11 ` Johnnynator
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jkoderu-git @ 2020-07-07 13:57 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 188 bytes --]
New comment by jkoderu-git on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-654881215
Comment:
Thank you so much @travankor for your help!
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (2 preceding siblings ...)
2020-07-07 13:57 ` jkoderu-git
@ 2020-07-10 16:11 ` Johnnynator
2020-07-10 16:54 ` ericonr
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Johnnynator @ 2020-07-10 16:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 237 bytes --]
New comment by Johnnynator on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656757855
Comment:
Did you check if this fixes the problematic servers? (only aware of ProtonVPN confis so far)
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (3 preceding siblings ...)
2020-07-10 16:11 ` Johnnynator
@ 2020-07-10 16:54 ` ericonr
2020-07-10 21:46 ` travankor
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-10 16:54 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 205 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656778087
Comment:
Can we be sure this doesn't break other uses of OpenVPN as well?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (4 preceding siblings ...)
2020-07-10 16:54 ` ericonr
@ 2020-07-10 21:46 ` travankor
2020-07-11 0:48 ` travankor
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-10 21:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 908 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656906045
Comment:
`mbedtls` is officially supported by openvpn. This should be 100% interoperable with other openvpn instances. (Some trivia: This version of openvpn was sponsored by the Dutch government for their restricted communication channels.)
The features that don't work compared to the openssl build:
```
* PKCS#12 file support
* --capath support - Loading certificate authorities from a directory
* Windows CryptoAPI support
* X.509 alternative username fields (must be "CN")
```
This is why the `mbedtls` and `pkcs12` options conflict since the build fails with both turned on.
---
Admittedly, I don't know the reason why libressl is causing problems and to what extent things are broken with openvpn. And yes, I tested protonovpn, which seems to work.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (5 preceding siblings ...)
2020-07-10 21:46 ` travankor
@ 2020-07-11 0:48 ` travankor
2020-07-11 1:29 ` ericonr
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-11 0:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 481 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656952817
Comment:
>Can we be sure this doesn't break other uses of OpenVPN as well?
Can you suggest some to test? Keep in mind that I can't really test every use case (like the ones involving corporate networks).
So far, I think the main difference is that the mbedtls version is a little slower and less responsive than the openssl/libressl version.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (6 preceding siblings ...)
2020-07-11 0:48 ` travankor
@ 2020-07-11 1:29 ` ericonr
2020-07-11 1:56 ` travankor
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-11 1:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 329 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656960389
Comment:
> Can you suggest some to test?
I have no idea, because I don't use it myself. Just want to avoid a regression for OpenVPN users whose setup is working with the latest LibreSSL version.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (7 preceding siblings ...)
2020-07-11 1:29 ` ericonr
@ 2020-07-11 1:56 ` travankor
2020-07-12 11:44 ` [PR PATCH] [Merged]: " Johnnynator
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-11 1:56 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 264 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656965893
Comment:
The best solution is to use Openssl. The other options are either 1) mbedtls or 2) patch libressl and/or openvpn to work.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PR PATCH] [Merged]: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (8 preceding siblings ...)
2020-07-11 1:56 ` travankor
@ 2020-07-12 11:44 ` Johnnynator
2020-07-14 10:47 ` Redcroft
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Johnnynator @ 2020-07-12 11:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 226 bytes --]
There's a merged pull request on the void-packages repository
openvpn: add mbedtls build option.
https://github.com/void-linux/void-packages/pull/23429
Description:
Default to it since openvpn is broken with libressl-3.1.X.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (9 preceding siblings ...)
2020-07-12 11:44 ` [PR PATCH] [Merged]: " Johnnynator
@ 2020-07-14 10:47 ` Redcroft
2020-07-14 11:39 ` ericonr
2020-07-14 11:39 ` ericonr
12 siblings, 0 replies; 14+ messages in thread
From: Redcroft @ 2020-07-14 10:47 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 235 bytes --]
New comment by Redcroft on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-658110857
Comment:
Hi,
This has broken pcks12 for me, is there anyway we can re-enable this option?
Thanks
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (10 preceding siblings ...)
2020-07-14 10:47 ` Redcroft
@ 2020-07-14 11:39 ` ericonr
2020-07-14 11:39 ` ericonr
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-14 11:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 222 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-658131558
Comment:
@Redcroft could you open a separate issue, please? That way it's easier to track.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (11 preceding siblings ...)
2020-07-14 11:39 ` ericonr
@ 2020-07-14 11:39 ` ericonr
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-14 11:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 318 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-658131558
Comment:
@Redcroft could you open a separate issue, please? That way it's easier to track. If you know how to build the package yourself, you can build it with the `pcks11` build option.
^ permalink raw reply [flat|nested] 14+ messages in thread